Versions Compared

Old Version 5

changes.mady.by.user Ivan Kanakarakis

Saved on

compared with

New Version 6

changes.mady.by.user Ivan Kanakarakis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
titleSP-metadata-example.xml
linenumberstrue
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor 
  xmlns:mdxs="urn:oasis:names:tc:SAML:2.0:metadatahttp://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  xmlns:mdattrsaml="urn:oasis:names:tc:SAML:metadata2.0:attributeassertion"
  xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:assertionmetadata"
  xmlns:xsimdattr="http://www.w3.org/2001/XMLSchema-instanceurn:oasis:names:tc:SAML:metadata:attribute"
  xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
  xmlns:dsremd="http://wwwrefeds.w3.org/2000/09/xmldsig#metadata"
  entityID="https://service.example.org/sp"
>
  <md:Extensions>
    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">EntityAttributes>
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <!-- Required for R&S services -->
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://refeds.org/category/research-and-scholarship</saml:AttributeValue>

        <!-- Required for Production services -->
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue>
      </saml:Attribute>

      <!-- Required for services supporting Sirtfi -->
      <saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xsi:type="xs:string">https://refeds.org/sirtfi</saml:AttributeValue>
      </saml:Attribute>

      <!-- Required to signal the requirement for the release of subject-id -->
      <saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id:req" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue>any</saml:AttributeValue>
      </saml:Attribute>
    </mdattr:EntityAttributes>
  </md:Extensions>

  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false">
    <md:Extensions>
      <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">UIInfo>
        <!-- Required: Change it for your service -->
        <mdui:DisplayName xml:lang="en">Example service</mdui:DisplayName>

        <!-- Required: Change it for your service -->
        <mdui:Description xml:lang="en">Example service used in development and test environments</mdui:Description>

        <!-- Required for Production services -->
        <mdui:PrivacyStatementURL xml:lang="en">https://geant.org/privacy-notice/</mdui:PrivacyStatementURL>

        <!-- Required: Change it for your service -->
        <mdui:Logo width="200" height="200">https://service.example.org/sp/logo.png</mdui:Logo>
        <mdui:Logo width="16" height="16">https://service.example.org/sp/logo_small.png</mdui:Logo>

        <!-- Optional: Change it for your service -->
        <mdui:InformationURL xml:lang="en">https://service.example.org</mdui:InformationURL>
      </mdui:UIInfo>
    </md:Extensions>

    <!-- Required: Change it for your service -->
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate>....</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>

    <!-- Required: Change it for your service -->
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate>....</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>

    <!-- Optional: Change it for your service -->
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://service.example.org/sp/logout"/>
   
    <!-- Required: Change it for your service -->
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://service.example.org/sp/acs" index="0"/>

      <<!--
    In the list below all the attributes are requested. If your SP 
    needs less attributes, the list has to be modified accordingly.
    Check the attributes supported by the AAI service you are using. 
    -->
    <md:AttributeConsumingService index="0">
      <!-- Required for all services; change to match the value of the mdui:DisplayName element -->
        <md:ServiceName xml:lang="en">Example Service</md:ServiceName>

      <!--
        Below, all the attributes that are needed for the service to be operational are listed.
        If your service needs less attributes, the list must be modified accordingly.
        Check the attributes supported by the AAI service you are connecting.
      -->
        <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.25178.4.1.6" FriendlyName="voPersonID" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.5.4.42" FriendlyName="givenName" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.5.4.4" FriendlyName="sn" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.16.840.1.113730.3.1.241" FriendlyName="displayName" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" FriendlyName="mail" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.25178.4.1.11" FriendlyName="voPersonExternalAffiliation" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" FriendlyName="eduPersonEntitlement" isRequired="true"/>
    </md:AttributeConsumingService>
  </md:SPSSODescriptor>

  <!-- Required: Change it for your service --> 
  <md:Organization>
    <md:OrganizationName xml:lang="en">Example</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">Example Org</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">https://www.example.org</md:OrganizationURL>
  </md:Organization>  

  <!-- Required: Change it for your service -->
  <md:ContactPerson contactType="administrative">
    <md:GivenName>John Doe</md:GivenName>
    <md:EmailAddress>mailto:admin@service.example.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required: Change it for your service -->
  <md:ContactPerson contactType="technical">
    <md:GivenName>Technical team</md:GivenName>
    <md:EmailAddress>mailto:tech@service.example.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required: Change it for your service -->
 
  <md<md:ContactPerson contactType="support">
    <md:GivenName>Helpdesk</md:GivenName>
    <md:EmailAddress>mailto:support@service.example.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required for SPs supporting Sirtfi: Change it for your service -->
  <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
    <md:GivenName>Security team</md:GivenName>
    <md:EmailAddress>mailto:security@service.example.org</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

...