General Description

uniAuth, as a SAML2 IDP, is based on pysaml2 and it supports:

• HTTP-REDIRECT and POST bindings (signed authn request must be in HTTP-POST binding);

• ForceAuthn;

• SLO, SAML Single Logout;

• Signed and Encrypted assertions in Response;

• AllowCreate, nameid is stored if nameid format is persistent.

Implementation specific Features

• no restart is needed when add a new metadata or Service Provider Definition;

• Full Internazionalization support (i18n);

• Interactive Metadata Store definitions through the Admin Backend UI;

• Interactive ServiceProvider definition through the Admin Backend UI;

• Customizable Template and style based on [AGID guidelines](https://www.agid.gov.it/it/argomenti/linee-guida-design-pa);

• MetadataStore and SP validations on save, to prevent faulty configurations in production environment;

• Configurable digest algorithm and salt for Computed NameID;

• Many configurable options, for every SP we can decide:

  • enable/disable explicitally;

  • signature and digest algorithms;

  • attributes release (force a set or release what requested by sp);

  • attribute rewrite and creation, fully configurable AttributeProcessors per SP, every aspect of attribute release can be customized from scratch;

  • agreement screen message, availability, data consent form.

• Configurable log rotation through uwsgi;

• Importable StoredPersistentID for each user, from migrations from another IDP;

• An optional LDAP web manager with a configurable app (ldap_peoples) through django-ldap-academia-ou-manager;

• Multiple LDAP sources through pyMultiLDAP;

• Detailed logs.