...
This approach is supported by the SAML set of specifications. References are here for Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 <http://saml.xml.org/saml-specifications> and SAML V2.0 Metadata Interoperability Profile <http://wiki.oasis-open.org/security/SAML2MetadataIOP>.
...
Where Do I Get My Certificate?
For those using the Shibboleth SP, the self-signed certificate generated during installation of the software (or subsequently using the keygen shell/batch script) is generally suitable for use within the federation.
The self-signed certificate generated during the installation of the Shibboleth IdP MAY be suitable, but this depends on your need for a TLS/SSL certificate and whether the hostname it deduces matches the one you expect to publish in your metadata. This will often not be the case, so use caution.
If you need to generate your own, an example of doing so using OpenSSL follows:
| Code Block |
|---|
openssl req -new -x509 -days 1095 -keyout key.pem -out cert.pem -newkey rsa:2048 -subj "/CN=hostname.example.org" |