<!-- This is a demo Service Provider metadata file -->
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="<Entity ID>"> <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate><Certificate information></ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="<Location ID>" index="0" isDefault="true"/> </md:SPSSODescriptor> </md:EntityDescriptor> |
metadata
|
Description
|
entityId
|
Specify the unique identity of the REST Web application (Service Provider).
|
AuthnRequestsSigned
|
Specify if the REST Web application (Service Provider) signs authentication requests.
|
WantAssertionsSigned
|
Specify if the REST Web application requires signed assertions.
|
Certificate
|
Specify the certificate that must be used by the IdP to register the Service Provider. This can either be a self-signed or a Certificate Authority (CA) signed certificate.
|
Binding
|
Specify the bindings to be included in the metadata for the WebSSO profile. Supported values are POST, Artifact, and PAOS. The order of bindings in the property determines the order of endpoints in the generated metadata.
If the IdP does not require keys signed by a specific certification authority, then you can generate your own self-signed key using the Java utility “keytool”.
Note: The binding location does not have to be SSL-enabed.
|