First part of mavenizing IdP
[java-idp.git] / src / installer / resources / metadata-tmpl / idp-metadata.xml
1 <EntityDescriptor entityID="$IDP_ENTITY_ID$"
2                   xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
3                   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
4                   xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
5                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
6
7     <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
8
9         <Extensions>
10             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
11         </Extensions>
12
13         <KeyDescriptor>
14             <ds:KeyInfo>
15                 <ds:X509Data>
16                     <ds:X509Certificate>
17 $IDP_CERTIFICATE$
18                     </ds:X509Certificate>
19                 </ds:X509Data>
20             </ds:KeyInfo>
21
22         </KeyDescriptor>
23         
24         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
25                                    Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution" 
26                                    index="1"/>
27
28         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
29                                    Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" 
30                                    index="2"/>
31                                    
32         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
33         <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
34         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
35
36         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" 
37                              Location="https://$IDP_HOSTNAME$/idp/profile/Shibboleth/SSO" />
38
39         
40         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
41                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SSO" />
42
43         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
44                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST-SimpleSign/SSO" />
45         
46         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
47                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SSO" />
48     </IDPSSODescriptor>
49
50     <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
51
52         <Extensions>
53             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
54         </Extensions>
55
56         <KeyDescriptor>
57             <ds:KeyInfo>
58                 <ds:X509Data>
59
60                     <ds:X509Certificate>
61 $IDP_CERTIFICATE$
62                     </ds:X509Certificate>
63                 </ds:X509Data>
64             </ds:KeyInfo>
65         </KeyDescriptor>
66
67         <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" 
68                           Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/AttributeQuery" />
69         
70         <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
71                           Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/AttributeQuery" />
72         
73         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
74         <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
75         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>    
76     </AttributeAuthorityDescriptor>
77     
78 </EntityDescriptor>