src/installer/resources/metadata-tmpl/idp-metadata.xml

   1 <EntityDescriptor entityID="$IDP_ENTITY_ID$"
   2                   xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
   3                   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   4                   xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
   5                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   6
   7     <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
   8
   9         <Extensions>
  10             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
  11         </Extensions>
  12
  13         <KeyDescriptor>
  14             <ds:KeyInfo>
  15                 <ds:X509Data>
  16                     <ds:X509Certificate>
  17 $IDP_CERTIFICATE$
  18                     </ds:X509Certificate>
  19                 </ds:X509Data>
  20             </ds:KeyInfo>
  21         </KeyDescriptor>
  22
  23         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
  24                                    Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution"
  25                                    index="1"/>
  26
  27         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
  28                                    Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution"
  29                                    index="2"/>
  30
  31         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
  32         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
  33
  34         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
  35                              Location="https://$IDP_HOSTNAME$/idp/profile/Shibboleth/SSO" />
  36
  37         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
  38                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SSO" />
  39
  40         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
  41                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST-SimpleSign/SSO" />
  42
  43         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
  44                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SSO" />
  45     </IDPSSODescriptor>
  46
  47     <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
  48
  49         <Extensions>
  50             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
  51         </Extensions>
  52
  53         <KeyDescriptor>
  54             <ds:KeyInfo>
  55                 <ds:X509Data>
  56                     <ds:X509Certificate>
  57 $IDP_CERTIFICATE$
  58                     </ds:X509Certificate>
  59                 </ds:X509Data>
  60             </ds:KeyInfo>
  61         </KeyDescriptor>
  62
  63         <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
  64                           Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/AttributeQuery" />
  65
  66         <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
  67                           Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/AttributeQuery" />
  68
  69         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
  70         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
  71
  72     </AttributeAuthorityDescriptor>
  73
  74 </EntityDescriptor>