Versions Compared

Old Version 3

changes.mady.by.user Ivan Kanakarakis

Saved on

compared with

New Version Current

changes.mady.by.user Ivan Kanakarakis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
titleSP-metadata-example.xml
linenumberstrue
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor 
  xmlns:mdxs="urn:oasis:names:tc:SAML:2.0:metadatahttp://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  xmlns:mdattrsaml="urn:oasis:names:tc:SAML:metadata2.0:attributeassertion"
  xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:assertionmetadata"
  xmlns:xsimdattr="http://www.w3.org/2001/XMLSchema-instanceurn:oasis:names:tc:SAML:metadata:attribute"
  xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
  xmlns:dsremd="http://wwwrefeds.w3.org/2000/09/xmldsig#metadata"
  entityID="https://service.example.org/sp"
>
  <md:Extensions>
    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">EntityAttributes>
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <!-- Required for R&Sall SPsservices -->
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://refeds.org/category/research-and-scholarship</saml:AttributeValue>

        <!-- Required for Productionproduction SPsservices -->
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue>
      </saml:Attribute>

      <!-- Required for SPsproduction supportingservices Sirtfi -->
      <saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xsi:type="xs:string">https://refeds.org/sirtfi</saml:AttributeValue>
      </saml:Attribute>

      <!-- Required; in order to signal the requirement for the release of the subject-id attribute -->
      <saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id:req" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue>any</saml:AttributeValue>
      </saml:Attribute>
    </mdattr:EntityAttributes>
  </md:Extensions>

  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false">
    <md:Extensions>
      <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">UIInfo>
        <!-- Required: Change it for your SPservice -->
        <mdui:DisplayName xml:lang="en">Example service</mdui:DisplayName>

        <!-- Required: Change it for your SPservice -->
        <mdui:Description xml:lang="en">Example service used in development and test environments</mdui:Description>

        <!-- Required for Production: Use the Geant privacy notice -->
        <mdui:PrivacyStatementURL xml:lang="en">https://geant.org/privacy-notice/</mdui:PrivacyStatementURL>

        <!-- Required: Change it for your SPservice -->
        <mdui:Logo width="200" height="200">https://service.example.org/sp/logo.png</mdui:Logo>
        <mdui:Logo width="16" height="16">https://service.example.org/sp/logo_small.png</mdui:Logo>

        <!-- Optional: Change it for your SPservice -->
        <mdui:InformationURL xml:lang="en">https://service.example.org</mdui:InformationURL>
      </mdui:UIInfo>
    </md:Extensions>

    <!-- Required: Change it for your SPservice -->
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate>....</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>

    <!-- Required: Change it for your SPservice -->
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate>....</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>

    <!-- Optional: Change it for your SPservice -->
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://service.example.org/sp/logout"/>
   
    <!-- Required -->
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://service.example.org/sp/acs" index="0"/>


    <    <md:AttributeConsumingService index="0">
      <!-- Required for all services; change to match the value of the mdui:DisplayName element -->
      <md:ServiceName xml:lang="en">Example service</md:ServiceName>

      <!--
    In  the list belowBelow, all the attributes that are needed for the service to be operational are requestedlisted.
 If  your SP 
   If your service needs less attributes, the list hasmust to be modified accordingly.
        Check the attributes supported by the AAI service you are usingconnecting.
  
    -->
    <md:AttributeConsumingService index="0">
      <md:ServiceName xml:lang="en">eduTEAMS Test Service Provider</md:ServiceName>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.25178.4.1.6" FriendlyName="voPersonID" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.1" FriendlyName="uid" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.5.4.42" FriendlyName="givenName" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.5.4.4" FriendlyName="sn" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.16.840.1.113730.3.1.241" FriendlyName="displayName" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" FriendlyName="mail" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.25178.4.1.11" FriendlyName="voPersonExternalAffiliation" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" FriendlyName="eduPersonEntitlement" isRequired="true"/>
    </md:AttributeConsumingService>
  </md:SPSSODescriptor>

  <!-- Required: Keep as is for the Geant Services --> 
  <md:Organization>
    <md:OrganizationName xml:lang="en">GEANT</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">GEANT</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">https://www.geant.org</md:OrganizationURL>
  </md:Organization>  

  <!-- Required: Change it for your SPservice -->
  <md:ContactPerson contactType="administrative">
    <md:GivenName>John Doe<GivenName>Administrator</md:GivenName>
    <md:EmailAddress>mailto:admin@service.example.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required: Change it for your SPservice -->
  <md:ContactPerson contactType="technical">
    <md:GivenName>SmithGivenName>Technical Brown<team</md:GivenName>
    <md:EmailAddress>mailto:tech@service.example.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required: Keep as is for the Geant Services -->
 
  <md<md:ContactPerson contactType="support">
    <md:GivenName>GeantGivenName>GEANT Helpdesk</md:GivenName>
    <md:EmailAddress>mailto:help@geant.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required: forMay SPsneed supportingto Sirtfi: Change it change for your SPservice -->
  <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
    <md:GivenName>KlaraGivenName>GEANT Security Novak<Team</md:GivenName>
    <md:EmailAddress>mailto:security@service.examplesecurity@geant.org</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

...