projects / java-idp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update metadata and example key references
[java-idp.git] / src / conf / ExampleMetadata.xml
diff --git a/src/conf/ExampleMetadata.xml b/src/conf/ExampleMetadata.xml
index e673852..1851f3c 100644 (file)
--- a/src/conf/ExampleMetadata.xml
+++ b/src/conf/ExampleMetadata.xml
@@ -1,3 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- A single-entity "Federation". An IdP and SP in example.org.
+        Endpoints are hosted on a single server named shibboleth.example.org
+        and have a URL like: "http://shibboleth.example.org:8080/shibboleth/SSO"
+        
+        Notes:
+        This file must agree with IdP.xml and SP.xml.
+        The Endpoint URLs must agree with Servlet mappings in web.xml
+           [in the project source, web.xml is webAppConfig/IdP-SP.xml]
+-->
+
+<!--  A single Entity Federation (a Group with one member) -->
 <EntitiesDescriptor
     xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -5,48 +18,63 @@
     Name="urn:mace:inqueue"
     validUntil="2010-01-01T00:00:00Z">
 
-       <EntityDescriptor entityID="urn:mace:inqueue:example.edu">
+       <!-- Then Entity, an organization named example.org  -->
+       <EntityDescriptor entityID="urn:mace:inqueue:example.org">
+
+           <!-- The login function of the IdP, previously called the "Handle Server" 
+                Accepts a local logon and generates an Authentication Assertion.
+           -->
                <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
                        <Extensions>
-                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.edu</shib:Scope>
+                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.org</shib:Scope>
                        </Extensions>
                        <KeyDescriptor use="signing">
                            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-                               <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                               <ds:KeyName>shibboleth.example.org</ds:KeyName>
                            </ds:KeyInfo>
                        </KeyDescriptor>
                        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
                        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                           Location="https://shibboleth.example.edu:8080/shibboleth/HS"/>
+                           Location="http://shibboleth.example.org:8080/shibboleth/SSO"/>
                </IDPSSODescriptor>
+               
+               <!-- The Attribute Authority responds to an Attribute Request -->
                <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
                        <Extensions>
-                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.edu</shib:Scope>
+                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.org</shib:Scope>
                        </Extensions>
                        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                           Location="https://shibboleth.example.edu:8080/shibboleth/AA"/>
+                           Location="http://shibboleth.example.org:8080/shibboleth/AA"/>
                        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
                </AttributeAuthorityDescriptor>
+               
+               <!-- A recipient of Assertions in the SP.
+                        There may be many such recipients, as the Assertions can be
+                        configured to go to /shibboleth or to each Resource context directory.  
+               -->
                <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
                        <KeyDescriptor>
                            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-                               <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                               <ds:KeyName>shibboleth.example.org</ds:KeyName>
                            </ds:KeyInfo>
                        </KeyDescriptor>
                        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
                    <AssertionConsumerService index="0"
                        Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                       Location="https://shibboleth.example.edu:8080/shibboleth/Shibboleth.shire"/>
+                       Location="http://shibboleth.example.org:8080/shibboleth/Shibboleth.shire"/>
                </SPSSODescriptor>
+               
+               <!-- Oranization data. In this example it is meaningless. -->
                <Organization>
-                   <OrganizationName xml:lang="en">Example State University</OrganizationName>
-                   <OrganizationDisplayName xml:lang="en">Example State University</OrganizationDisplayName>
-                   <OrganizationURL xml:lang="en">http://shibboleth.internet2.edu/</OrganizationURL>
+                   <OrganizationName xml:lang="en">Example Entity</OrganizationName>
+                   <OrganizationDisplayName xml:lang="en">Example Entity</OrganizationDisplayName>
+                   <OrganizationURL xml:lang="en">http://www.example.org</OrganizationURL>
                </Organization>
                <ContactPerson contactType="technical">
-                   <SurName>InQueue Support</SurName>
-                   <EmailAddress>inqueue-support@internet2.edu</EmailAddress>
+                   <SurName>Example Support</SurName>
+                   <EmailAddress>supportguy@mail.example.org</EmailAddress>
                </ContactPerson>
+               
        </EntityDescriptor>
 
 </EntitiesDescriptor>
Shibboleth 2 Java IdP