All metadata elements for an entity (identity provider or service provider) are contained in an <EntityDescriptor> element, as defined in the urn:oasis:names:tc:SAML:2.0:metadata namespace. Each <EntityDescriptor> element must include an entityID XML attribute with a value that is globally unique. The entityID, therefore, must have the syntax of a URL that is rooted in the legally responsible organization's DNS domain. (Note that while the entityID must have the syntax of a URL, it is not required that it be the locator of an actual resource. If you do make your entity ID a resolvable web link, the link should point to a web page describing your service and mention that the location is the identifier for the service.)
Example:
<EntityDescriptor entityID="https://example.edu/idp">
<!-- All metadata elements for https://example.edu/idp -->
</EntityDescriptor> |
For more information about the use of entityID in InCommon metadata, see Entity ID.