Fixed inconsistent shib metadata prefix.
[java-idp.git] / src / conf / IQ-metadata.xml
index f50e90b..310d843 100644 (file)
@@ -2,14 +2,14 @@
     xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-    xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0"
+    xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
     xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# ../schemas/xmldsig-core-schema.xsd"
     Name="urn:mace:inqueue"
     validUntil="2010-01-01T00:00:00Z">
 
     <Extensions>
         <!-- This extension contains the list of CAs used by InQueue entities.  -->
-        <shibmeta:KeyAuthority VerifyDepth="1">
+        <shibmd:KeyAuthority VerifyDepth="1">
             <!-- Verisign -->
             <ds:KeyInfo>
                 <ds:X509Data>
@@ -75,15 +75,13 @@ M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
                     </ds:X509Certificate>
                  </ds:X509Data>
             </ds:KeyInfo>
-        </shibmeta:KeyAuthority>
+        </shibmd:KeyAuthority>
     </Extensions>
 
        <!--
        This is a starter set of metadata for the example system used within the
        InQueue test federation. The InQueue deployment guide describes how to use
        metadatatool or siterefresh to pick up the most current signed files.
-       Ordinarily a single EntityDescriptor would contain IdP/AA or SP information,
-       but not both. The sample site for InQueue just happens to contain both.
        -->
 
        <!-- Each IdP or SP is given an EntityDescriptor with its unique providerId/entityID. -->
@@ -93,7 +91,7 @@ M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
                <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
                        <Extensions>
                                <!-- This is a Shibboleth extension to express attribute scope rules. -->
-                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.edu</shib:Scope>
+                       <shibmd:Scope>example.edu</shibmd:Scope>
                        </Extensions>
                        
                        <!--
@@ -109,20 +107,25 @@ M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
                                <ds:KeyName>wayf.internet2.edu</ds:KeyName>
                            </ds:KeyInfo>
                        </KeyDescriptor>
+
+                       <!-- This tells SPs where/how to resolve SAML 1.x artifacts into SAML assertions. -->
+                       <ArtifactResolutionService index="1"
+                               Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+                               Location="https://wayf.internet2.edu:8443/shibboleth-idp/Artifact"/>
                        
                        <!-- This tells SPs that you support only the Shib handle format. -->
                        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
                        
                        <!-- This tells SPs how and where to request authentication. -->
                        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                           Location="https://wayf.internet2.edu/shibboleth-1.2/HS"/>
+                           Location="https://wayf.internet2.edu/shibboleth-idp/SSO"/>
                </IDPSSODescriptor>
                
                <!-- Most Shib IdPs also support SAML attribute queries, so this role is also included. -->
                <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
                        <Extensions>
                                <!-- This is a Shibboleth extension to express attribute scope rules. -->
-                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.edu</shib:Scope>
+                       <shibmd:Scope>example.edu</shibmd:Scope>
                        </Extensions>
                        
                        <!--
@@ -134,12 +137,12 @@ M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
                        
                        <!-- This tells SPs how and where to send queries. -->
                        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                           Location="https://wayf.internet2.edu/shibboleth-1.2/AA"/>
+                           Location="https://wayf.internet2.edu:8443/shibboleth-idp/AA"/>
                            
                        <!-- This tells SPs that you support only the Shib handle format. -->
                        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
                </AttributeAuthorityDescriptor>
-               
+
                <!-- A Shib SP contains this element with protocol support as shown. -->
                <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
                
@@ -166,22 +169,14 @@ M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
                        is how the IdP validates the location and also figures out which
                        SAML profile to use.
                        -->
-                   <AssertionConsumerService index="0"
-                       Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                       Location="https://wayf.internet2.edu/Shibboleth.shire"/>
+                       <AssertionConsumerService index="1"
+                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+                               Location="https://wayf.internet2.edu/Shibboleth.sso/SAML/POST"/>
+                       <AssertionConsumerService index="2"
+                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+                               Location="https://wayf.internet2.edu/Shibboleth.sso/SAML/Artifact"/>
                </SPSSODescriptor>
                
-               <!-- This is just information about the entity in human terms. -->
-               <Organization>
-                   <OrganizationName xml:lang="en">Example State University</OrganizationName>
-                   <OrganizationDisplayName xml:lang="en">Example State University</OrganizationDisplayName>
-                   <OrganizationURL xml:lang="en">http://shibboleth.internet2.edu/</OrganizationURL>
-               </Organization>
-               <ContactPerson contactType="technical">
-                   <SurName>InQueue Support</SurName>
-                   <EmailAddress>inqueue-support@internet2.edu</EmailAddress>
-               </ContactPerson>
-               
        </EntityDescriptor>
 
 </EntitiesDescriptor>