config/service_providers.localdev.yml
test:
'saml_sp':
acs_url: 'http://example.com/test/saml/decode_assertion'
allow_prompt_login: true
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
'saml_sp_ial2':
acs_url: 'http://example.com/test/saml/decode_assertion'
allow_prompt_login: true
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
ial: 2
redirect_uris:
- 'http://example.com/'
- 'http://example.com/auth/result'
- 'http://example.com/logout'
- 'http://sub.example.com/'
'http://localhost:3000':
acs_url: 'http://localhost:3000/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://localhost:3000/test/saml/decode_slo_request'
sp_initiated_login_url: 'http://localhost:3000/test/saml'
block_encryption: 'none'
certs:
- 'saml_test_sp'
- 'saml_test_sp2'
agency: 'Test Government Agency'
agency_id: 1
friendly_name: 'Your friendly Government Agency'
logo: 'generic.svg'
return_to_sp_url: 'http://localhost:3000'
redirect_uris:
- 'x-example-app://idp_return'
attribute_bundle:
- email
- phone
allow_prompt_login: true
'https://rp1.serviceprovider.com/auth/saml/metadata':
agency_id: 2
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
sp_initiated_login_url: 'https://example.com/auth/saml/login'
failure_to_proof_url: 'https://example.com/'
redirect_uris:
- 'http://example.com/'
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 2
attribute_bundle:
- first_name
- last_name
- ssn
- zipcode
allow_prompt_login: true
'https://aal3.serviceprovider.com/auth/saml/metadata':
agency_id: 2
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
sp_initiated_login_url: 'https://example.com/auth/saml/login'
failure_to_proof_url: 'https://example.com/'
redirect_uris:
- 'http://example.com/'
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 2
default_aal: 3
attribute_bundle:
- first_name
- last_name
- ssn
- zipcode
allow_prompt_login: true
'test_saml_sp_not_requesting_signed_response_message':
agency_id: 2
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
sp_initiated_login_url: 'https://example.com/auth/saml/login'
failure_to_proof_url: 'https://example.com/'
redirect_uris:
- 'http://example.com/'
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP requesting signed response message'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 1
attribute_bundle:
- email
allow_prompt_login: true
block_encryption: 'none'
signed_response_message_requested: false
'test_saml_sp_requesting_signed_response_message':
agency_id: 2
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
sp_initiated_login_url: 'https://example.com/auth/saml/login'
failure_to_proof_url: 'https://example.com/'
redirect_uris:
- 'http://example.com/'
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP requesting signed response message'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 1
attribute_bundle:
- email
allow_prompt_login: true
block_encryption: 'none'
signed_response_message_requested: true
'https://rp2.serviceprovider.com/auth/saml/metadata':
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
allow_prompt_login: true
'https://rp3.serviceprovider.com/auth/saml/metadata':
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
certs:
- 'saml_test_sp'
ial: 2
friendly_name: 'Test SP'
allow_prompt_login: true
'http://test.host':
acs_url: 'http://test.host/test/saml/decode_assertion'
block_encryption: 'aes256-cbc'
metadata_url: 'http://test.host/test/saml/metadata'
sp_initiated_login_url: 'http://test.host/test/saml'
friendly_name: 'Test SP'
allow_prompt_login: true
launch_date: '2020-03-01'
iaa: 'ABC123-2020'
iaa_start_date: '2020-01-01'
iaa_end_date: '2020-12-31'
certs:
- 'saml_test_sp'
'urn:gov:gsa:openidconnect:test':
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/signout'
certs:
- 'saml_test_sp'
friendly_name: 'Example iOS App'
agency: '18F'
agency_id: 1
logo: 'generic.svg'
ial: 2
push_notification_url: http://localhost/push_notifications
allow_prompt_login: true
'urn:gov:gsa:openidconnect:test_prompt_login_banned':
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/signout'
certs:
- 'saml_test_sp'
friendly_name: 'Example app that disallows prompt=login'
agency: '18F'
agency_id: 1
logo: 'generic.svg'
ial: 1
allow_prompt_login: false
'urn:gov:gsa:openidconnect:test:loa1':
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/logout'
certs:
- 'saml_test_sp'
friendly_name: 'Example iOS App'
agency: '18F'
agency_id: 1
logo: 'generic.svg'
allow_prompt_login: true
'urn:gov:gsa:openidconnect:sp:server':
agency_id: 2
redirect_uris:
- 'http://localhost:7654/auth/result'
- 'https://example.com'
- 'http://www.example.com/test/oidc'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
return_to_sp_url: 'https://example.com/'
assertion_consumer_logout_service_url: ''
ial: 2
allow_prompt_login: true
'urn:gov:gsa:openidconnect:sp:server_ial1':
agency_id: 2
redirect_uris:
- 'http://localhost:7654/auth/result'
- 'https://example.com'
- 'http://www.example.com/test/oidc'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
return_to_sp_url: 'https://example.com/'
assertion_consumer_logout_service_url: ''
ial: 1
allow_prompt_login: true
'urn:gov:gsa:openidconnect:sp:server_two':
agency_id: 2
redirect_uris:
- 'http://localhost:7654/auth/result'
- 'https://example.com'
- 'http://www.example.com/test/oidc'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
assertion_consumer_logout_service_url: ''
ial: 2
allow_prompt_login: true
'urn:gov:gsa:openidconnect:sp:server_requiring_aal3':
agency_id: 2
redirect_uris:
- 'http://localhost:7654/auth/result'
- 'https://example.com'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
assertion_consumer_logout_service_url: ''
ial: 2
default_aal: 3
allow_prompt_login: true
'test_sp_with_default_help_text':
agency_id: 2
certs:
- 'saml_test_sp'
friendly_name: 'Test SP with default help text'
ial: 2
help_text:
sign_in:
en: <strong>First time here from %{sp_name}?</strong><p>Your old %{sp_name} username
and password won’t work. Please <a href=%{sp_create_link}>create a Login.gov account</a> using the same email address you use for %{sp_name}. <p><a href="https://login.gov/help/">Learn
more</a>
es: <strong>¿Ha venido de %{sp_name}?</strong><p>Si tiene un perfil de %{sp_name}
existente, favor de usar la dirección de correo electrónico primaria o secundaria
que usó para %{sp_name} para <a href=%{sp_create_link}>crear un nueva cuenta
de Login.gov</a> <p><a href="https://login.gov/help/">Obtenga más información.</a>
fr: <strong>Êtes-vous venu(e) de %{sp_name}?</strong><p> Si vous avez déjà un profil
%{sp_name}, veuillez utiliser l'adresse e-mail principale ou secondaire
que vous avez utilisée pour %{sp_name} pour <a href=%{sp_create_link}> créer
votre nouveau compte Login.gov</a> <p><a href="https://login.gov/help/">En
savoir plus.</a>
sign_up:
en: Please create a Login.gov account using the same email address you
use for %{sp_name} <p><a href="https://login.gov/help/">Learn more</a>
es: Por favor crea un Login.gov cuenta usando la misma dirección de correo
electrónico que utiliza para %{sp_name}. <p><a href="https://login.gov/help/">Obtenga
más información.</a>
fr: Veuillez créer un compte Login.gov avec la même adresse e-mail que
vous avez utilisée pour %{sp_name}. <p><a href="https://login.gov/help/">En
savoir plus.</a>
forgot_password:
en: Your old %{sp_name} username and password won’t work. Please
<a href=%{sp_create_link}>create a Login.gov account</a> using the same
email address you use for %{sp_name}. <p><a href="https://login.gov/help/">Learn
more</a>
es: Si tiene un perfil de %{sp_name} existente, favor de usar
la dirección de correo electrónico primaria o secundaria que usó para %{sp_name}
para <a href=%{sp_create_link}>crear su nueva cuenta de Login.gov</a>. <p><a
href="https://login.gov/help/">Obtenga más información.</a>
fr: Si vous avez déjà un profil %{sp_name}, veuillez utiliser
l'adresse e-mail principale ou secondaire que vous avez utilisée pour %{sp_name}
pour <a href=%{sp_create_link}> créer votre nouveau compte Login.gov</a>
<p><a href="https://login.gov/help/">En savoir plus.</a>
allow_prompt_login: true
'test_sp_with_custom_help_text':
agency_id: 2
certs:
- 'saml_test_sp'
friendly_name: 'Test SP with custom help text'
ial: 2
help_text:
sign_in:
en: "custom sign in help text for %{sp_name}"
es: ""
fr: ""
sign_up:
en: ""
es: ""
fr: ""
forgot_password:
en: ""
es: ""
fr: ""
allow_prompt_login: true
'http://localhost:3000/inactive_sp':
acs_url: 'http://localhost:3000/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://localhost:3000/test/saml/decode_slo_request'
sp_initiated_login_url: 'http://localhost:3000/test/saml'
block_encryption: 'none'
certs:
- 'saml_test_sp'
agency: 'Test Government Agency'
agency_id: 1
friendly_name: 'Your friendly Government Agency (inactive)'
logo: 'generic.svg'
return_to_sp_url: 'http://localhost:3000'
redirect_uris:
- 'x-example-app://idp_return'
attribute_bundle:
- email
- phone
allow_prompt_login: true
active: false
'urn:gov:gsa:openidconnect:inactive:sp:test':
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/signout'
certs:
- 'saml_test_sp'
friendly_name: 'Example iOS App (inactive)'
agency: '18F'
agency_id: 1
logo: 'generic.svg'
ial: 2
push_notification_url: http://localhost/push_notifications
allow_prompt_login: true
active: false
development:
'https://rp1.serviceprovider.com/auth/saml/metadata':
agency_id: 2
metadata_url: 'http://localhost:3000/test/saml/metadata'
acs_url: 'http://localhost:3000/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://localhost:3000/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
sp_initiated_login_url: 'http://localhost:3000/test/saml'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
agency: 'GSA'
friendly_name: 'Awesome test SP'
'urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost':
agency_id: 1
friendly_name: 'Test SAML SP'
acs_url: 'http://localhost:4567/consume'
sp_initiated_login_url: 'http://localhost:4567/test/saml'
assertion_consumer_logout_service_url: 'http://localhost:4567/slo_logout'
block_encryption: 'aes256-cbc'
certs:
- 'sp_sinatra_demo'
ial: 2
attribute_bundle:
- email
'urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost-micropurchase':
acs_url: 'http://localhost:3000/auth/saml/callback'
assertion_consumer_logout_service_url: 'http://localhost:3000/auth/saml/logout'
sp_initiated_login_url: 'http://localhost:3000/admin/sign_in'
block_encryption: 'aes256-cbc'
certs:
- 'sp_micropurchase'
agency: 'TTS Acquisition'
logo: '18f.svg'
friendly_name: 'Micro-purchase Dev'
return_to_sp_url: 'http://localhost:3000'
attribute_bundle:
- email
'urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost-rails':
acs_url: 'http://localhost:3003/auth/saml/callback'
assertion_consumer_logout_service_url: 'http://localhost:3003/auth/saml/logout'
sp_initiated_login_url: 'http://localhost:3003/login'
block_encryption: 'aes256-cbc'
certs:
- 'sp_rails_demo'
agency: '18F'
agency_id: 1
friendly_name: '18F Test Service Provider'
logo: 'generic.svg'
return_to_sp_url: 'http://localhost:3003'
attribute_bundle:
- email
ial: 2
'urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:dashboard':
friendly_name: 'Dashboard'
agency: 'GSA'
agency_id: 2
logo: '18f.svg'
certs:
- 'identity_dashboard_cert'
return_to_sp_url: 'http://localhost:3001'
redirect_uris:
- 'http://localhost:3001/auth/logindotgov/callback'
- 'http://localhost:3001'
push_notification_url: http://localhost:3001/api/security_events
'urn:gov:gsa:openidconnect:development':
redirect_uris:
- 'gov.gsa.openidconnect.development://result'
friendly_name: 'Example iOS App'
agency: '18F'
agency_id: 1
logo: 'generic.svg'
'urn:gov:gsa:openidconnect:sp:sinatra':
agency_id: 1
ial: 2
push_notification_url: http://localhost:9292/api/push_notifications
return_to_sp_url: 'http://localhost:9292'
redirect_uris:
- 'http://localhost:9292/'
- 'http://localhost:9292/auth/result'
- 'http://localhost:9292/logout'
certs:
- 'sp_sinatra_demo'
friendly_name: 'Example Sinatra App'
in_person_proofing_enabled: true
'urn:gov:gsa:openidconnect:sp:sinatra_pkce':
agency_id: 1
ial: 2
push_notification_url: http://localhost:9292/api/push_notifications
return_to_sp_url: 'http://localhost:9292'
redirect_uris:
- 'http://localhost:9292/'
- 'http://localhost:9292/auth/result'
- 'http://localhost:9292/logout'
certs:
- 'sp_sinatra_demo'
friendly_name: 'Example Sinatra App with PKCE'
in_person_proofing_enabled: true
pkce: true
'urn:gov:gsa:openidconnect:sp:expressjs':
agency: 'GSA'
certs:
- 'sp_expressjs_demo'
friendly_name: 'Example OIDC Client (Express.js)'
logo: '18f.svg'
redirect_uris:
- 'http://localhost:9393/'
- 'http://localhost:9393/auth/login-gov/callback'
'urn:gov:gsa:openidconnect:sp:gin':
agency: 'GSA'
certs:
- 'sp_gin_demo'
friendly_name: 'Example OIDC Client (Gin)'
logo: '18f.svg'
redirect_uris:
- 'http://localhost:8080/'
- 'http://localhost:8080/auth/login-gov/callback'
'urn:gov:gsa:openidconnect:sp:phoenix':
agency: 'GSA'
certs:
- 'sp_phoenix_demo'
friendly_name: 'Example OIDC Client (Phoenix)'
logo: '18f.svg'
redirect_uris:
- 'http://localhost:4000/'
- 'http://localhost:4000/auth/result'
'urn:gov:gsa:openidconnect:sp:test':
agency_id: 1
ial: 2
return_to_sp_url: 'http://localhost:3000'
redirect_uris:
- 'http://localhost:3000/'
- 'http://localhost:3000/test/oidc/auth_result'
certs:
- 'sp_sinatra_demo'
friendly_name: 'Example Test OIDC SP'
in_person_proofing_enabled: true
# These are fake production service providers needed for the
# ServiceProviderSeeder tests. They are not actually used in production.
#
# Production service providers come from identity-idp-config and shouldn't be
# added here.
#
production:
'urn:gov:login:test-providers:fake-prod-sp':
friendly_name: 'Fake/Test stub SP for prod'
restrict_to_deploy_env: 'prod'
'urn:gov:login:test-providers:fake-staging-sp':
friendly_name: 'Fake/Test stub SP for staging'
restrict_to_deploy_env: 'staging'
'urn:gov:login:test-providers:fake-unrestricted-sp':
friendly_name: 'Fake/Test stub SP, env unrestricted'
'urn:gov:login:test-providers:fake-sandbox-sp':
friendly_name: 'Fake/Test stub SP, sandbox SP with env-specific hostname'
redirect_uris:
- 'https://%{env}.example.com'
restrict_to_deploy_env: 'sandbox'