You are viewing an old version of this page. View the current version.
Compare with Current View Page History
Version 1 Next »
Every Identity Provider's metadata will contain an <IDPSSODescriptor> element, which contains multiple pieces of information about the IdP, including:
<IDPSSODescriptor>
errorURL
protocolSupportEnumeration
<Scope>
<UIInfo>
<KeyDescriptor>
<SingleSignOnService>
Note that errorURL and protocolSupportEnumeration are not elements in the metadata schema. they are, rather, XML attributes in the <IDPSSODescriptor> element. See below.
Example:
<IDPSSODescriptor errorURL="https://webauth.example.edu/support.html"
protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions> <shibmd:Scope regexp="false">example.edu</shibmd:Scope> <mdui:UIInfo> <mdui:DisplayName xml:lang="en">Example University</mdui:DisplayName> <mdui:InformationURL xml:lang="en">https://webauth.example.edu/info.html</mdui:InformationURL> <mdui:PrivacyStatementURL xml:lang="en">https://webauth.example.edu/disclosurepolicy.pdf</mdui:PrivacyStatementURL> <mdui:Logo height="83" width="83" xml:lang="en">https://webauth.example.edu/mdui.png</mdui:Logo> </mdui:UIInfo> </Extensions> <KeyDescriptor use="signing"> <ds:KeyInfo> <!-- A standard OASIS <KeyInfo> element, as defined in
XML Signature Syntax and Processing
-->
</ds:KeyInfo> </KeyDescriptor> <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.service.example.edu/idp/profile/Shibboleth/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://webauth.service.example.edu/idp/profile/SAML2/Redirect/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://webauth.service.example.edu/idp/profile/SAML2/POST/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://webauth.service.example.edu/idp/profile/SAML2/POST-SimpleSign/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://webauth.service.example.edu/idp/profile/SAML2/SOAP/ECP"/>
</IDPSSODescriptor>
For more information, see IdP SSO Settings (IDPSSODescriptor).
Can't find what you are looking for?
help Ask the community
This article is undergoing community review. Tell us how we can improve this article