Initial commit

2026-05-29 17:49:25 +09:00
commit 330105cb27
1081 changed files with 148694 additions and 0 deletions
@@ -0,0 +1,35 @@
+spring.profiles.active=dev
+spring.aop.proxy-target-class=false
+spring.mvc.pathmatch.matching-strategy=ant_path_matcher
+spring.mvc.throw-exception-if-no-handler-found=true
+server.error.whitelabel.enabled=false
+spring.h2.console.enabled=false
+jasypt.encryptor.bean=jasyptStringEncryptor
+jasypt.encryptor.password-property-name=JASYPT_KEY
+
+# Spring Quartz 설정
+spring.quartz.job-store-type=jdbc
+spring.quartz.jdbc.initialize-schema=always
+
+spring.quartz.datasource.driver-class-name=org.postgresql.Driver
+spring.quartz.datasource.jdbcUrl=jdbc:postgresql://10.40.87.189:5445/SDL
+spring.quartz.datasource.username=sdl5
+spring.quartz.datasource.password=dlatl#123
+
+spring.quartz.properties.org.quartz.jobStore.driverDelegateClass=org.quartz.impl.jdbcjobstore.PostgreSQLDelegate
+spring.quartz.properties.org.quartz.jobStore.isClustered=true
+spring.quartz.properties.org.quartz.jobStore.misfireThreshold=60000
+spring.quartz.properties.org.quartz.jobStore.clusterCheckinInterval=15000
+spring.quartz.properties.org.quartz.scheduler.instanceName=sdl-dev
+spring.quartz.properties.org.quartz.scheduler.instanceId=AUTO
+spring.quartz.properties.org.quartz.scheduler.rmi.export=false
+spring.quartz.properties.org.quartz.scheduler.rmi.proxy=false
+spring.quartz.properties.org.quartz.threadPool.class=org.quartz.simpl.SimpleThreadPool
+spring.quartz.properties.org.quartz.threadPool.threadCount=10
+spring.quartz.properties.org.quartz.threadPool.threadPriority=5
+spring.quartz.properties.org.quartz.threadPool.threadsInheritContextClassLoaderOfInitializingThread=true
+spring.quartz.properties.org.quartz.scheduler-name=QuartzScheduler
+
+#spring.cache.type=redis
+#spring.data.redis.host=localhost
+#spring.data.redis.port=6379
@@ -0,0 +1,131 @@
+# SystemConfig Configuration
+node-id=devNode
+ssl-port=443
+
+cors.domain=*
+# Context Path
+web-context-path=/
+web-resource-root=/
+
+# Datasource
+db.jndi=sdl_ds
+
+## URL ,package, Path Configuration
+web-content-root-path=http://sdldev.misdev.sdspaas.io/
+static-resource-path=http://sdldev.misdev.sdspaas.io/static
+
+# 시스템 기본 설정
+base.package=com.samsung
+# 결재 문서를 찾을 때 entity 패키지 아래의 클래스들만 찾음
+entity.package-name=entity
+
+# NewEpTray PrivateKey 경로
+## resource-dev 폴더에 위치 할 경우 /rsaprivkey8.pem
+## ClassPath 외에 있을 경우 file:c://knoxtray/rsaprivkey8.pem
+login.sso.knox-tray-private-key-path=/rsaprivkey8.pem
+
+## SSO 및 AD 자동 가입 허용, Allow SSO / AD auto sign up
+login.auto-sign-up=true
+
+## 시스템 자동 승인
+user.auto-permission=true
+## 사용자 권한 기본 부여(달)
+user.valid-default-period=24
+
+## 개인정보보호정책/약관동의
+# 약관동의 사용 여부
+privacy-policy.check.enabled=true
+# 약관동의 인터셉터 체크 제외 URI
+privacy-policy.check.exclude-path=/privacypolicy/terms/valid,/privacypolicy/terms-agree
+
+## Email
+email.limit-body=1048576
+email.limit-recipients=100
+
+## Batch Configuration
+# 사용자
+batch.user.sync.retire.enabled=false
+batch.user.sync.cron=0 10 23 * * ?
+batch.user.long-term.month=3
+batch.user.long-term-check.cron=0 10 00 * * ?
+batch.user.auth-expired.alarm.before=1,7,14
+batch.user.auth-expired.cron=0 10 02 * * ?
+batch.user.auth-expired-mailing.cron=0 30 02 * * ?
+# 메뉴사용이력
+batch.sys-use-log.menu-use-history.cron=0 10 01 * * ?
+# 메뉴활용도
+batch.sys-use-log.menu-utilization.cron=0 30 01 * * ?
+
+# 보안 관련 설정
+# MyBatis Comparator 설정 영문대소문자 숫자 스페이스 콤마(,) 만 허용함.
+security.sql-injection.allowed-pattern=.*[^a-zA-Z0-9_\\s,].*
+security.authentication.exclude-path=/,/**/*.html,/**/*.ico,/resources/**,/static/**,/**/noauth/**,/public/**,/error,/assets/**,/swagger-ui/**,/v3/api-docs/**
+security.jwt.secret-key=ImportantMakeSecretKeyLongerThan256BitsPlease
+#단위 시간 4시간 이하 권장
+security.jwt.expiration-time=4
+security.eptray.expiration-time=24
+#Timeout 설정 (Session Timeout와 같은 기능) 단위 분, 30분 동안 사용하지 않으면 자동 로그아웃
+security.check.access.timeout=true
+security.access.limit.timeout=30
+security.check.duplicate.login=false
+security.login.error.limit=5
+
+# AccessLog db or file
+access-log.store-type=db
+access-log.exclude-path=/,/**/*.html,/**/*.ico,/resources/**,/static/**,/**/noauth/**,/public/**,/error,/assets/**,/swagger-ui/**,/v3/api-docs/**
+access-log.batch.enabled=true
+access-log.file-path=/logs/access
+
+# 메뉴활용도 보관 기간
+menu-utilization.retention-period=24
+
+## File Attach Configuration
+common.upload-path=/nas/sdl/upload
+common.upload.directory-name-len=2
+common.download.zipfilename=compressed
+common.upload.allowed-extensions=doc,docx,xls,xlsx,pdf,png,bmp,jpg,gif,ppt,pptx,txt,mht,zip,html,htm,vm
+common.excel-upload-path=/excel
+common.upload.max-request-size=-1
+common.upload.max-file-size=-1
+common.upload.default-encoding=UTF-8
+# custom upload path 설정
+custom.upload-path.enabled=false
+custom.upload-path=\
+notice=/nas/sdl/upload/notice,\
+faq=/nas/sdl/upload/faq
+
+## Excel Info
+excel.mapping.locations=classpath*:/excel/*.xml
+## File Path, etc
+#excel.mapping.locations=file:/C:/excel/*.xml,classpath:/excel/*.xml
+## 0 is no reloading, 10000 is 10 sec.
+excel.mapping.reloadInterval=10000
+
+## TimeZone Configuration (사용자 정보내 timezone 설정이 없을떄 기본으로 설정 되는 값, 시스템 기준 시간인 java vm 기준으로 설정하는것을 권장)
+common.server-time-zone-id=Asia/Seoul
+common.server-time-zone=GMT+9:00
+
+## Knox Approval Sync
+knox.approval.sync.cron=0 0/3 * * * ?
+
+## Language Set
+default-language=ko_KR
+language-set=ko_KR,en_US
+
+## Translation
+api.utrans.url=https://translate-stg.sec.samsung.net/utrans/apis/v1/translate
+api.utrans.type=s-stdlib
+api.utrans.key=cy1zdGRsaWI=
+
+## 관리자 IP 제한
+admin.address.check=false
+
+## 시스템 대표계정 이메일 주소 (프로젝트에 맞게 변경)
+system.email=abc_support@stage.samsung.com
+
+## Client IP Header
+client.ip.header=X-Forwarded-For,Proxy-Client-IP,WL-Proxy-Client-IP,HTTP_CLIENT_IP,HTTP_X_FORWARDED_FOR
+
+## Cache Evict 설정
+cache.evict.names=api-user,api-user-menu
+cache.evict.cron=0 0/5 * * * ?
@@ -0,0 +1,13 @@
+knox.default-protocol=https
+knox.default-locale=KR
+knox.system-id=KCC60REST00029
+knox.token=2fbee24b-ea55-3ecb-8267-72c340117b47
+knox.address.prefix=openapi.stage.samsung.net
+knox.emp-service=/employee/api/v2.0
+knox.mail-service=/mail/api/v2.0
+knox.approval-service=/approval/api/v2.0/approvals
+knox.pims-service=/pims/contacts/api/v2.0
+knox.messenger.token=b634a97383ad5e61f1429065cafcd504
+knox.messenger.contact-service=/messenger/contact/api/v1.0
+knox.messenger.msgctx-service=/messenger/msgctx/api/v1.0
+knox.messenger.message-service=/messenger/message/api/v1.0
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="INFO">
+    <Appenders>
+        <Console name="ConsoleAppender" target="SYSTEM_OUT">
+            <Filters>
+                <MarkerFilter marker="LOG4JDBC_SQL" onMatch="ACCEPT" onMismatch="NEUTRAL"/>
+                <MarkerFilter marker="LOG4JDBC_EXCEPTION" onMatch="ACCEPT" onMismatch="NEUTRAL"/>
+                <MarkerFilter marker="LOG4JDBC_RESULTSETTABLE" onMatch="ACCEPT" onMismatch="NEUTRAL"/>
+                <MarkerFilter marker="LOG4JDBC_NON_STATEMENT" onMatch="DENY" onMismatch="NEUTRAL"/>
+                <MarkerFilter marker="LOG4JDBC_OTHER" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+            <PatternLayout>
+                <Pattern>[%-5p] %d{yyyy-MM-dd HH:mm:ss} %c %n%m%n</Pattern>
+            </PatternLayout>
+        </Console>
+        <RollingFile name="FileAppender" fileName="/logs/sdl-${date:yyyy-MM-dd}-${hostName}.log" filePattern="/logs/sdl/sdl-%d{yyyy-MM-dd}-${hostName}.log">
+            <Filters>
+                <MarkerFilter marker="LOG4JDBC_SQL" onMatch="ACCEPT" onMismatch="NEUTRAL"/>
+                <MarkerFilter marker="LOG4JDBC_EXCEPTION" onMatch="ACCEPT" onMismatch="NEUTRAL"/>
+                <MarkerFilter marker="LOG4JDBC_NON_STATEMENT" onMatch="DENY" onMismatch="NEUTRAL"/>
+                <MarkerFilter marker="LOG4JDBC_OTHER" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+            <PatternLayout>
+                <Pattern>[%-5p] %d{yyyy-MM-dd HH:mm:ss} %c %n%m%n</Pattern>
+            </PatternLayout>
+            <Policies>
+                <TimeBasedTriggeringPolicy interval="1" modulate="true" />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="ApprovalAppender" fileName="/logs/approval/approval-${date:yyyy-MM-dd}-${hostName}.log" filePattern="/logs/approval/approval-%d{yyyy-MM-dd}-${hostName}.log">
+            <PatternLayout>
+                <Pattern>[%-5p] %d{yyyy-MM-dd HH:mm:ss} %c %n%m%n</Pattern>
+            </PatternLayout>
+            <Policies>
+                <TimeBasedTriggeringPolicy interval="1" modulate="true" />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="AccessLogAppender" fileName="/logs/access/access-${date:yyyy-MM-dd}-${hostName}.log" filePattern="/logs/access/access-%d{yyyy-MM-dd}-${hostName}.log">
+            <PatternLayout>
+                <Pattern>%d %-5p [%t] %-17c{2} \(%13F:%L\)     - %m%n</Pattern>
+            </PatternLayout>
+            <Policies>
+                <TimeBasedTriggeringPolicy interval="1" modulate="true" />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="UserHistoryAppender" fileName="/logs/history/user-history-${date:yyyy-MM-dd}-${hostName}.log" filePattern="/logs/history/user-history-%d{yyyy-MM-dd}-${hostName}.log">
+            <PatternLayout>
+                <Pattern>%d %-5p [%t] %-17c{2} \(%13F:%L\)     - %m%n</Pattern>
+            </PatternLayout>
+            <Policies>
+                <TimeBasedTriggeringPolicy interval="1" modulate="true" />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="RoleHistoryAppender" fileName="/logs/history/role-history-${date:yyyy-MM-dd}-${hostName}.log" filePattern="/logs/history/role-history-%d{yyyy-MM-dd}-${hostName}.log">
+            <PatternLayout>
+                <Pattern>%d %-5p [%t] %-17c{2} \(%13F:%L\)     - %m%n</Pattern>
+            </PatternLayout>
+            <Policies>
+                <TimeBasedTriggeringPolicy interval="1" modulate="true" />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="WorkgroupHistoryAppender" fileName="/logs/history/workgroup-history-${date:yyyy-MM-dd}-${hostName}.log" filePattern="/logs/history/workgroup-history-%d{yyyy-MM-dd}-${hostName}.log">
+            <PatternLayout>
+                <Pattern>%d %-5p [%t] %-17c{2} \(%13F:%L\)     - %m%n</Pattern>
+            </PatternLayout>
+            <Policies>
+                <TimeBasedTriggeringPolicy interval="1" modulate="true" />
+            </Policies>
+        </RollingFile>
+    </Appenders>
+
+    <Loggers>
+        <Logger name="UserHistoryLog" level="INFO" additivity="false">
+            <AppenderRef ref="UserHistoryAppender"/>
+        </Logger>
+        <Logger name="RoleHistoryLog" level="INFO" additivity="false">
+            <AppenderRef ref="RoleHistoryAppender"/>
+        </Logger>
+        <Logger name="WorkgroupHistoryLog" level="INFO" additivity="false">
+            <AppenderRef ref="WorkgroupHistoryAppender"/>
+        </Logger>
+        <Logger name="AccessLog" level="DEBUG" additivity="false">
+            <AppenderRef ref="AccessLogAppender"/>
+            <AppenderRef ref="ConsoleAppender"/>
+        </Logger>
+        <Logger name="org.springframework.context" level="INFO" additivity="false">
+            <AppenderRef ref="FileAppender"/>
+            <AppenderRef ref="ConsoleAppender"/>
+        </Logger>
+        <Logger name="com.samsung.approval" level="DEBUG" additivity="false">
+            <AppenderRef ref="ApprovalAppender"/>
+            <AppenderRef ref="ConsoleAppender"/>
+        </Logger>
+        <Logger name="com.samsung" level="DEBUG" additivity="false">
+            <AppenderRef ref="FileAppender"/>
+            <AppenderRef ref="ConsoleAppender"/>
+        </Logger>
+        <Logger name="com.samsung.excel" level="OFF" additivity="false">
+            <AppenderRef ref="FileAppender"/>
+            <AppenderRef ref="ConsoleAppender"/>
+        </Logger>
+        <!-- SQL  Logging Start -->
+        <Logger name="log4jdbc.log4j2" level="INFO" additivity="false">
+            <AppenderRef ref="FileAppender"/>
+            <AppenderRef ref="ConsoleAppender"/>
+        </Logger>
+
+        <!-- SQL  Logging End -->
+        <Root level="ERROR">
+            <AppenderRef ref="FileAppender" />
+            <AppenderRef ref="ConsoleAppender"/>
+        </Root>
+    </Loggers>
+</Configuration>
@@ -0,0 +1,159 @@
+#  If 'strict' is True, then the Java Toolkit will reject unsigned
+#  or unencrypted messages if it expects them signed or encrypted
+#  Also will reject the messages if not strictly follow the SAML
+onelogin.saml2.strict =  true
+
+# Enable debug mode (to print errors)
+onelogin.saml2.debug = false
+
+
+#  Service Provider Data that we are deploying
+#
+
+#  Identifier of the SP entity  (must be a URI)
+onelogin.saml2.sp.entityid = http://sdldev.misdev.sdspaas.io/
+
+# Specifies info about where and how the <AuthnResponse> message MUST be
+#  returned to the requester, in this case our SP.
+# URL Location where the <Response> from the IdP will be returned
+onelogin.saml2.sp.assertion_consumer_service.url = http://sdldev.misdev.sdspaas.io/noauth/login/ad
+
+# SAML protocol binding to be used when returning the <Response>
+# message.  Onelogin Toolkit supports for this endpoint the
+# HTTP-POST binding only
+onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+
+# Specifies info about where and how the <Logout Response> message MUST be
+# returned to the requester, in this case our SP.
+onelogin.saml2.sp.single_logout_service.url = http://sdldev.misdev.sdspaas.io/auth/logout
+
+# SAML protocol binding to be used when returning the <LogoutResponse> or sending the <LogoutRequest>
+# message.  Onelogin Toolkit supports for this endpoint the
+# HTTP-Redirect binding only
+onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
+
+# Specifies constraints on the name identifier to be used to
+# represent the requested subject.
+# Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
+onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+
+# Usually x509cert and privateKey of the SP are provided by files placed at
+# the certs folder. But we can also provide them with the following parameters
+
+onelogin.saml2.sp.x509cert =
+
+# Requires Format PKCS#8   BEGIN PRIVATE KEY
+# If you have     PKCS#1   BEGIN RSA PRIVATE KEY  convert it by   openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem
+onelogin.saml2.sp.privatekey =
+
+# Identity Provider Data that we want connect with our SP
+#
+
+# Identifier of the IdP entity  (must be a URI)
+onelogin.saml2.idp.entityid = http://sts-dev.secsso.net/adfs/services/trust
+
+# SSO endpoint info of the IdP. (Authentication Request protocol)
+# URL Target of the IdP where the SP will send the Authentication Request Message
+onelogin.saml2.idp.single_sign_on_service.url = https://sts-dev.secsso.net/adfs/ls/
+
+# SAML protocol binding to be used to deliver the <AuthnRequest> message
+# to the IdP.  Onelogin Toolkit supports for this endpoint the
+# HTTP-Redirect binding only
+onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
+
+# SLO endpoint info of the IdP.
+# URL Location of the IdP where the SP will send the SLO Request
+onelogin.saml2.idp.single_logout_service.url = https://sts-dev.secsso.net/adfs/ls/?wa=wsignoutcleanup1.0
+
+# Optional SLO Response endpoint info of the IdP.
+# URL Location of the IdP where the SP will send the SLO Response. If left blank, same URL as onelogin.saml2.idp.single_logout_service.url will be used.
+# Some IdPs use a separate URL for sending a logout request and response, use this property to set the separate response url
+onelogin.saml2.idp.single_logout_service.response.url = 
+
+# SAML protocol binding to be used when returning the <Response>
+# message.  Onelogin Toolkit supports for this endpoint the
+# HTTP-Redirect binding only
+onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
+
+# Public x509 certificate of the IdP
+onelogin.saml2.idp.x509cert = MIIC4DCCAcigAwIBAgIQG40DR9OSaolO+JHldUbqdzANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFBREZTIFNpZ25pbmcgLSBzdHMtZGV2LnNlY3Nzby5uZXQwHhcNMTgwNzMwMDA0MDUyWhcNMzgwNzI1MDA0MDUyWjAsMSowKAYDVQQDEyFBREZTIFNpZ25pbmcgLSBzdHMtZGV2LnNlY3Nzby5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCAjlN1aipmUwA++3KpSgNDDe3JEwzUyc9qjZ22js5Tu/4L40x56H9lsWmwITq157RNTYa/cad67AnMII/Azo+6QArTsYNl1Cr6UWPxZFSOv8do5Hi3ymsdH2n9oNymvAL0mv0c0GHLu8OvB9lMzv2XL71d68Ql0gp+OlxOzwzfoM4Si98OEdbm9eZRLWq+SbadfpfOkKt5ncNOX3Y7Q2fnItTnpOJuw89Kac9jCf3zMT/6qjb4nX8M3glkOXDsISRG4BXegJXfBHk3wUyIGPOjuzKYWPo3NtbuyPak5xtcL21vNzRkztOsIEJmBEqrc7TMtfP75QYOoeJbHVCfRfxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAApqobdLJLXHnJy0EcLgdlJLAXpGOy8IM+RssaVJCdE9JWn/59BvFTsBMzuj8nGPERJFrsjsygyjpeE46XXJx21crcdOQEsWtnOfeFdhZSZyRLn4yF1xuX0CKltdRBfl+cgDGrEpiRR3ZzfJCKuUvxS8lrquvMJ9yXsnwiJsny+UGQ+QLMTvBR7kY7X4fJhoo/paB1vPBBD92HUPdni2tEpmQ0ID0IeBXFmOky/xmSjU2itS+HjNIWhtlE/ZBhLtmryeiXgt3SElOp3buYs/A0Vz2ycXx4nwldWSt5IQcpVFdBV4tkJxuPPm7dKMmBrQtp5hFEkjw6q6JUJHkT+lTnE=
+
+# Instead of use the whole x509cert you can use a fingerprint
+# (openssl x509 -noout -fingerprint -in "idp.crt" to generate it,
+# or add for example the -sha256 , -sha384 or -sha512 parameter)
+#
+# If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
+# let the toolkit know which Algorithm was used. Possible values: sha1, sha256, sha384 or sha512
+# 'sha1' is the default value.
+# onelogin.saml2.idp.certfingerprint = 
+# onelogin.saml2.idp.certfingerprint_algorithm = sha256
+
+
+# Security settings
+#
+
+# Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
+# will be encrypted.
+onelogin.saml2.security.nameid_encrypted = false
+
+# Indicates whether the <samlp:AuthnRequest> messages sent by this SP
+# will be signed.              [The Metadata of the SP will offer this info]
+onelogin.saml2.security.authnrequest_signed = false
+
+# Indicates whether the <samlp:logoutRequest> messages sent by this SP
+# will be signed.
+onelogin.saml2.security.logoutrequest_signed = false
+
+# Indicates whether the <samlp:logoutResponse> messages sent by this SP
+# will be signed.
+onelogin.saml2.security.logoutresponse_signed = false
+
+# Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and
+# <samlp:LogoutResponse> elements received by this SP to be signed.
+onelogin.saml2.security.want_messages_signed = false
+
+# Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed.
+onelogin.saml2.security.want_assertions_signed = false
+
+# Indicates a requirement for the Metadata of this SP to be signed.
+# Right now supported null (in order to not sign) or true (sign using SP private key) 
+onelogin.saml2.security.sign_metadata =
+
+# Indicates a requirement for the Assertions received by this SP to be encrypted
+onelogin.saml2.security.want_assertions_encrypted = false
+
+# Indicates a requirement for the NameID received by this SP to be encrypted
+onelogin.saml2.security.want_nameid_encrypted = false
+
+# Authentication context.
+# Set Empty and no AuthContext will be sent in the AuthNRequest
+# You can set multiple values (comma separated them)
+#onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:classes:Password
+
+# Allows the authn comparison parameter to be set, defaults to 'exact'
+#onelogin.saml2.security.onelogin.saml2.security.requested_authncontextcomparison = exact
+
+# Allows duplicated names in the attribute statement
+onelogin.saml2.security.allow_duplicated_attribute_name = false
+
+# Indicates if the SP will validate all received xmls.
+# (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
+onelogin.saml2.security.want_xml_validation = true
+
+# Algorithm that the toolkit will use on signing process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
+#  'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
+#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
+#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
+onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
+
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha256 
+
+# Reject Signatures with deprecated algorithms (sha1)
+onelogin.saml2.security.reject_deprecated_alg = true