Merge remote branch 'tags/2.3.4'
[java-idp.git] / src / installer / resources / metadata-tmpl / idp-metadata.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="$IDP_ENTITY_ID$">
3
4     <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
5
6         <Extensions>
7             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
8         </Extensions>
9
10         <KeyDescriptor>
11             <ds:KeyInfo>
12                 <ds:X509Data>
13                     <ds:X509Certificate>
14 $IDP_CERTIFICATE$
15                     </ds:X509Certificate>
16                 </ds:X509Data>
17             </ds:KeyInfo>
18         </KeyDescriptor>
19         
20         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
21
22         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
23                                    Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" 
24                                    index="2"/>
25         
26         <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
27                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SLO" 
28                              ResponseLocation="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SLO"/>
29         
30         <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
31                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SLO" 
32                              ResponseLocation="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SLO"/>
33         
34         <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
35                              Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/SLO" />
36                                    
37         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
38         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
39
40         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://$IDP_HOSTNAME$/idp/profile/Shibboleth/SSO"/>
41         
42         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SSO"/>
43
44         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST-SimpleSign/SSO"/>
45         
46         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SSO"/>
47     </IDPSSODescriptor>
48
49     <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
50
51         <Extensions>
52             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
53         </Extensions>
54
55         <KeyDescriptor>
56             <ds:KeyInfo>
57                 <ds:X509Data>
58                     <ds:X509Certificate>
59 $IDP_CERTIFICATE$
60                     </ds:X509Certificate>
61                 </ds:X509Data>
62             </ds:KeyInfo>
63         </KeyDescriptor>
64
65         <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
66         
67         <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
68         
69         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
70         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
71         
72     </AttributeAuthorityDescriptor>
73     
74 </EntityDescriptor>