Configuration and metadata template added for SLO.
[java-idp.git] / src / installer / resources / metadata-tmpl / idp-metadata.xml
1 <EntityDescriptor entityID="$IDP_ENTITY_ID$"
2                   xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
3                   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
4                   xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
5                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
6
7     <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
8
9         <Extensions>
10             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
11         </Extensions>
12
13         <KeyDescriptor>
14             <ds:KeyInfo>
15                 <ds:X509Data>
16                     <ds:X509Certificate>
17 $IDP_CERTIFICATE$
18                     </ds:X509Certificate>
19                 </ds:X509Data>
20             </ds:KeyInfo>
21         </KeyDescriptor>
22         
23         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
24                                    Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution" 
25                                    index="1"/>
26
27         <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
28                                    Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" 
29                                    index="2"/>
30         
31         <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
32                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SLO" 
33                              ResponseLocation="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SLO"/>
34         
35         <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
36                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SLO" 
37                              ResponseLocation="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SLO"/>
38         
39         <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
40                              Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/SLO" />
41                                    
42         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
43         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
44
45         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" 
46                              Location="https://$IDP_HOSTNAME$/idp/profile/Shibboleth/SSO" />
47         
48         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
49                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SSO" />
50
51         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
52                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST-SimpleSign/SSO" />
53         
54         <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
55                              Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SSO" />
56     </IDPSSODescriptor>
57
58     <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
59
60         <Extensions>
61             <shibmd:Scope regexp="false">$IDP_SCOPE$</shibmd:Scope>
62         </Extensions>
63
64         <KeyDescriptor>
65             <ds:KeyInfo>
66                 <ds:X509Data>
67                     <ds:X509Certificate>
68 $IDP_CERTIFICATE$
69                     </ds:X509Certificate>
70                 </ds:X509Data>
71             </ds:KeyInfo>
72         </KeyDescriptor>
73
74         <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" 
75                           Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/AttributeQuery" />
76         
77         <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
78                           Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/AttributeQuery" />
79         
80         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
81         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
82         
83     </AttributeAuthorityDescriptor>
84     
85 </EntityDescriptor>