Description of SAML configuration options
Configuration option = Default value	Description
[saml]
= 3600	(IntOpt) Default TTL, in seconds, for any generated SAML assertion created by Keystone.
= /etc/keystone/ssl/certs/signing_cert.pem	(StrOpt) Path of the certfile for SAML signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates. Note, the path cannot contain a comma.
= None	(StrOpt) Company of contact person.
= None	(StrOpt) Email address of contact person.
= None	(StrOpt) Given name of contact person
= None	(StrOpt) Surname of contact person.
= None	(StrOpt) Telephone number of contact person.
= other	(StrOpt) The contact type describing the main point of contact for the identity provider.
= None	(StrOpt) Entity ID value for unique Identity Provider identification. Usually FQDN is set with a suffix. A value is required to generate IDP Metadata. For example: https://keystone.example.com/v3/OS-FEDERATION/saml2/idp
= en	(StrOpt) Language used by the organization.
= /etc/keystone/saml2_idp_metadata.xml	(StrOpt) Path to the Identity Provider Metadata file. This file should be generated with the keystone-manage saml_idp_metadata command.
= None	(StrOpt) Organization name to be displayed.
= None	(StrOpt) Organization name the installation belongs to.
= None	(StrOpt) URL of the organization.
= None	(StrOpt) Identity Provider Single-Sign-On service value, required in the Identity Provider's metadata. A value is required to generate IDP Metadata. For example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso
= /etc/keystone/ssl/private/signing_key.pem	(StrOpt) Path of the keyfile for SAML signing. Note, the path cannot contain a comma.
= ss:mem:	(StrOpt) The prefix to use for the RelayState SAML attribute, used when generating ECP wrapped assertions.
= xmlsec1	(StrOpt) Binary to be called for XML signing. Install the appropriate package, specify absolute path or adjust your PATH environment variable if the binary cannot be found.