This content has been marked as final.
Show 4 replies
-
1. Re: Generate SAML2 Metadata File from Filter?
anil.saldhana Aug 5, 2010 7:25 PM (in response to bigman921)Are you interested in contributing your work to PL?
-
2. Re: Generate SAML2 Metadata File from Filter?
bigman921 Aug 5, 2010 8:31 PM (in response to anil.saldhana)is there a sample metadata file for an sp? Sure, will contribute it back when I can get it working.
Marc
-
3. Re: Generate SAML2 Metadata File from Filter?
anil.saldhana Aug 6, 2010 10:37 AM (in response to bigman921)This is what I picked up from the SAML2 metadata spec.
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://ServiceProvider.com/SAML"> <ds:Signature>...</ds:Signature> <SPSSODescriptor AuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <ds:KeyInfo> <ds:KeyName>ServiceProvider.com SSO Key</ds:KeyName> </ds:KeyInfo> </KeyDescriptor> <KeyDescriptor use="encryption"> <ds:KeyInfo> <ds:KeyName>ServiceProvider.com Encrypt Key</ds:KeyName> </ds:KeyInfo> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa- 1_5"/> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://ServiceProvider.com/SAML/SLO/SOAP"/> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://ServiceProvider.com/SAML/SLO/Browser" ResponseLocation="https://ServiceProvider.com/SAML/SLO/Response"/> <NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient </NameIDFormat> <AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://ServiceProvider.com/SAML/SSO/Artifact"/> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ServiceProvider.com/SAML/SSO/POST"/> <AttributeConsumingService index="0"> <ServiceName xml:lang="en">Academic Journals R US</ServiceName> <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" FriendlyName="eduPersonEntitlement"> <saml:AttributeValue> https://ServiceProvider.com/entitlements/123456789 </saml:AttributeValue> </RequestedAttribute> </AttributeConsumingService> </SPSSODescriptor> <Organization> <OrganizationName xml:lang="en">Academic Journals RUS</OrganizationName> <OrganizationDisplayName xml:lang="en"> Academic Journals R US, a Division of Dirk Corp. </OrganizationDisplayName> <OrganizationURL xml:lang="en">https://ServiceProvider.com</OrganizationURL> </Organization> </EntityDescriptor>
Forgive the formatting.
-
4. Re: Generate SAML2 Metadata File from Filter?
marcelkolsteren Aug 6, 2010 10:51 AM (in response to anil.saldhana)Another example of SP metadata, generated with the PicketLink Seam module:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:EntityDescriptor xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:ns4="urn:oasis:names:tc:SAML:2.0:assertion" entityID="http://www.frrry.com/MiEnterprise"> <ns2:SPSSODescriptor WantAssertionsSigned="true" AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <ns2:KeyDescriptor use="signing"> <KeyInfo> <X509Data> <X509Certificate>MIICTzCCAbigAwIBAgIESpkzXzANBgkqhkiG9w0BAQUFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTA5MDgyOTEzNTU0M1oXDTA5MTEyNzEzNTU0M1owbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjgojQu5sR+uOzpMyEcFskVUjtdzLxhLd7Tue56rx0T0GOhwghWywoGu3ZYnIgSTWZhFlciBrtXSO/qSnc56JLruZqJmBfEzEwPqpbBG/0koe07zhMXqtJYKqZZE7rvcZmQ1+elzf0kZSyIvQDoyFHRkSukwCH/rshx4JlilHExECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBf7zW4U5zuzgNcY+54MLf16aBxk9itHVSXdKpJwfT3t01OF6PBVA2xg6XT84sDiw6y+0hwqo/eD42TbY3V3BffSWbwdhJoLGSRZ/XquIrzL9w0kN7jAvczunEZwHoMo0DPjBYKa4Wm4XXUOo1oU66ctfb2RneSCFwQbWfP/Wa15A==</X509Certificate> </X509Data> </KeyInfo> </ns2:KeyDescriptor> <ns2:SingleLogoutService xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:IndexedEndpointType" index="0" Location="https://www.frrry.com/MiEnterprise/SingleLogoutService.seam" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/> <ns2:SingleLogoutService xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:IndexedEndpointType" index="0" Location="https://www.frrry.com/MiEnterprise/SingleLogoutService.seam" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> <ns2:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</ns2:NameIDFormat> <ns2:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns2:NameIDFormat> <ns2:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</ns2:NameIDFormat> <ns2:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress</ns2:NameIDFormat> <ns2:AssertionConsumerService index="0" Location="https://www.frrry.com/MiEnterprise/AssertionConsumerService.seam" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/> <ns2:AssertionConsumerService index="0" Location="https://www.frrry.com/MiEnterprise/AssertionConsumerService.seam" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> </ns2:SPSSODescriptor> </ns2:EntityDescriptor>
I agree that generating the metadata is not hard, especially if you are acquainted with JAXB. The PicketLink project already contains an ObjectFactory for the metadata (generated from the XSD file).