OTSSignsOrchestrator/templates/settings-custom.php.template

<?php
$authentication = new \Xibo\Middleware\SAMLAuthentication();
$samlSettings = [
    'workflow' => [
        'jit' => true,
        'field_to_identify' => 'UserName',
        'libraryQuota' => 1000,
        'homePage' => 'icondashboard.view',
        'slo' => true,
        'mapping' => [
            'UserID' => '',
            'usertypeid' => '',
            'UserName' => 'http://schemas.goauthentik.io/2021/02/saml/username',
            'email' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
        ],
        'group' => 'Users',
        'matchGroups' => [
            'enabled' => true,
            'attribute' => 'http://schemas.goauthentik.io/2021/02/saml/groups',
            'extractionRegEx' => null,
        ],
    ],
    'strict' => true,
    'debug' => true,
    'baseurl' => '{{SAML_BASE_URL}}',
    'idp' => [
        'entityId' => '{{AUTHENTIK_IDP_ENTITY_ID}}',
        'singleSignOnService' => [
            'url' => '{{AUTHENTIK_SSO_URL}}',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        ],
        'singleLogoutService' => [
            'url' => '{{AUTHENTIK_SLO_URL}}',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        ],
        'x509cert' => '{{AUTHENTIK_IDP_X509_CERT}}',
    ],
    'sp' => [
        'entityId' => '{{SAML_SP_ENTITY_ID}}',
        'assertionConsumerService' => [
            'url' => '{{SAML_BASE_URL}}/acs',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
        ],
        'singleLogoutService' => [
            'url' => '{{SAML_BASE_URL}}/sls',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        ],
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        'x509cert' => '',
        'privateKey' => '',
    ],
    'security' => [
        'nameIdEncrypted' => false,
        'authnRequestsSigned' => false,
        'logoutRequestSigned' => false,
        'logoutResponseSigned' => false,
        'signMetadata' => false,
        'wantMessagesSigned' => false,
        'wantAssertionsSigned' => false,
        'wantAssertionsEncrypted' => false,
        'wantNameIdEncrypted' => false,
    ],
];