src/installer/resources/metadata-tmpl/idp-metadata.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="$IDP_ENTITY_ID$">
   3
   4     <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
   5
   6         <Extensions>
   7             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
   8         </Extensions>
   9
  10         <KeyDescriptor>
  11             <ds:KeyInfo>
  12                 <ds:X509Data>
  13                     <ds:X509Certificate>
  14 $IDP_CERTIFICATE$
  15                     </ds:X509Certificate>
  16                 </ds:X509Data>
  17             </ds:KeyInfo>
  18         </KeyDescriptor>
  19
  20         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
  21
  22         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
  23
  24         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
  25         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
  26
  27         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://$IDP_HOSTNAME$/idp/profile/Shibboleth/SSO"/>
  28
  29         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SSO"/>
  30
  31         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST-SimpleSign/SSO"/>
  32
  33         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SSO"/>
  34     </IDPSSODescriptor>
  35
  36     <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
  37
  38         <Extensions>
  39             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
  40         </Extensions>
  41
  42         <KeyDescriptor>
  43             <ds:KeyInfo>
  44                 <ds:X509Data>
  45                     <ds:X509Certificate>
  46 $IDP_CERTIFICATE$
  47                     </ds:X509Certificate>
  48                 </ds:X509Data>
  49             </ds:KeyInfo>
  50         </KeyDescriptor>
  51
  52         <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
  53
  54         <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
  55
  56         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
  57         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
  58
  59     </AttributeAuthorityDescriptor>
  60
  61 </EntityDescriptor>