# ===================================================================
# This was my first implementation of SAML2. Using standard application.yml
# This was a SUCCESS. Then, I change it to be more dynamic
# Keep this has a reference
# ===================================================================
    
spring:
  security:
    saml2:     # ADDED to support SAMLv2 authentication to IDP.
      relyingparty:
        registration:
          mock-idp:
            assertingparty:
              entity-id: http://localhost:3000/saml/metadata
              single-sign-on:
                url: http://localhost:3000/saml/sso
              single-logout:
                url: http://localhost:3000/saml/slo
              verification:
                credentials:
                  - certificate-location: classpath:saml/idp-public.cert
              want-authn-signed: false		# Validate signature in entire message response (true-validates/false-doesn't validate)
              want-assertion-signed: true	# Validate signature in assertions message response (true-validates/false-doesn't validate)
            signing:
              credentials:
                - private-key-location: classpath:saml/private.key
                  certificate-location: classpath:saml/public.cert
       
# ===================================================================
# This is the NEW WAY
# Custom Resilient configuration, that is loaded by saml2RelyingPartyRegistrationRepository.class
# and then, registered and configured in SecurityFilterChain
# ===================================================================
resilient:
  security:
    saml2:     # ADDED to support SAMLv2 authentication to IDP.
      enabled: true
      relyingparty:
        registration:
          mock-idp:
            assertingparty:
              entity-id: http://localhost:3000/saml/metadata
              single-sign-on:
                url: http://localhost:3000/saml/sso
              single-logout:
                url: http://localhost:3000/saml/slo
              verification:
                credentials:
                  - certificate-location: classpath:saml/idp-public.cert
              want-authn-signed: false		# Validate signature in entire message response (true-validates/false-doesn't validate)
              want-assertion-signed: true	# Validate signature in assertions message response (true-validates/false-doesn't validate)
            signing:
              credentials:
                - private-key-location: classpath:saml/private.key
                  certificate-location: classpath:saml/public.cert