You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 28 Next »
Every Identity Provider's metadata will contain an <IDPSSODescriptor> element, which contains multiple pieces of information about the IdP, including:
<IDPSSODescriptor>
errorURL
protocolSupportEnumeration
<Scope>
<UIInfo>
<KeyDescriptor>
<SingleSignOnService>
Note that errorURL and protocolSupportEnumeration are not elements in the metadata schema. they are, rather, XML attributes in the <IDPSSODescriptor> element. See below.
Example:
<IDPSSODescriptor errorURL="https://webauth.example.edu/support.html"
protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions> <shibmd:Scope regexp="false">example.edu</shibmd:Scope> <mdui:UIInfo> <mdui:DisplayName xml:lang="en">Example University</mdui:DisplayName> <mdui:InformationURL xml:lang="en">https://webauth.example.edu/info.html</mdui:InformationURL> <mdui:PrivacyStatementURL xml:lang="en">https://webauth.example.edu/disclosurepolicy.pdf</mdui:PrivacyStatementURL> <mdui:Logo height="83" width="83" xml:lang="en">https://webauth.example.edu/mdui.png</mdui:Logo> </mdui:UIInfo> </Extensions> <KeyDescriptor use="signing"> <ds:KeyInfo> <!-- A standard OASIS <KeyInfo> element, as defined in
XML Signature Syntax and Processing
-->
</ds:KeyInfo> </KeyDescriptor> <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.service.example.edu/idp/profile/Shibboleth/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://webauth.service.example.edu/idp/profile/SAML2/Redirect/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://webauth.service.example.edu/idp/profile/SAML2/POST/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://webauth.service.example.edu/idp/profile/SAML2/POST-SimpleSign/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://webauth.service.example.edu/idp/profile/SAML2/SOAP/ECP"/>
</IDPSSODescriptor>
For more information, see IdP SSO Settings (IDPSSODescriptor).
Can't find what you are looking for?
help Ask the community