Metadados SAML 2.0 IdP

De seguida pode encontrar os metadados gerados pelo SimpleSAMLphp. Pode enviar este documento de metadados aos seus parceiros para configurar uma federação.

Pode obter os metadados em XML num URL dedicado:

https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php

Metadados

Metadados no formato XML SAML 2.0

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php">
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:Extensions>
      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">sanren.ac.za</shibmd:Scope>
      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">csir.co.za</shibmd:Scope>
      <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:DisplayName xml:lang="en">SANReN Competency Area</mdui:DisplayName>
        <mdui:Description xml:lang="en">To authenticate SANReN Competency Area staff</mdui:Description>
        <mdui:InformationURL xml:lang="en">http://www.sanren.ac.za</mdui:InformationURL>
      </mdui:UIInfo>
      <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:IPHint>146.64.0.0/16</mdui:IPHint>
        <mdui:DomainHint>sanren.ac.za</mdui:DomainHint>
        <mdui:DomainHint>csir.co.za</mdui:DomainHint>
        <mdui:GeolocationHint>geo:-25.755799,28.2749455;u=50</mdui:GeolocationHint>
      </mdui:DiscoHints>
    </md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en">Council for Scientific and Industrial Research</md:OrganizationName>
    <md:OrganizationName xml:lang="af">Wetenskaplike en Nywerheidnavorsingsraad</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">SANReN Competency Area</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">http://www.sanren.ac.za/</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="support">
    <md:GivenName>SANReN Sysadmins</md:GivenName>
    <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress>
    <md:TelephoneNumber>+27.12.841.2308</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="technical">
    <md:GivenName>SANReN Sysadmin Support</md:GivenName>
    <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress>
    <md:TelephoneNumber>+27.12.841.2308</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="other" xmlns:remd="http://refeds.org/metadata" remd:contactType="http://refeds.org/metadata/contactType/security">
    <md:GivenName>SANReN CSIRT</md:GivenName>
    <md:EmailAddress>mailto:csirt@sanren.ac.za</md:EmailAddress>
    <md:TelephoneNumber>+27.12.841.4111</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="technical">
    <md:GivenName>Administrators</md:GivenName>
    <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

Metadados no formato ficheiro de configuração do SimpleSAMLphp. Use esta alternativa se usar uma entidade SimpleSAMLphp no outro extremo:

$metadata['https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php'] = [
    'metadata-set' => 'saml20-idp-remote',
    'entityid' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php',
    'SingleSignOnService' => [
        [
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SSOService.php',
        ],
    ],
    'SingleLogoutService' => [
        [
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SingleLogoutService.php',
        ],
    ],
    'certData' => 'MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=',
    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
    'OrganizationName' => [
        'en' => 'Council for Scientific and Industrial Research',
        'af' => 'Wetenskaplike en Nywerheidnavorsingsraad',
    ],
    'OrganizationDisplayName' => [
        'en' => 'SANReN Competency Area',
    ],
    'OrganizationURL' => [
        'en' => 'http://www.sanren.ac.za/',
    ],
    'scope' => [
        'sanren.ac.za',
        'csir.co.za',
    ],
    'UIInfo' => [
        'DisplayName' => [
            'en' => 'SANReN Competency Area',
        ],
        'Description' => [
            'en' => 'To authenticate SANReN Competency Area staff',
        ],
        'InformationURL' => [
            'en' => 'http://www.sanren.ac.za',
        ],
    ],
    'DiscoHints' => [
        'IPHint' => [
            '146.64.0.0/16',
        ],
        'DomainHint' => [
            'sanren.ac.za',
            'csir.co.za',
        ],
        'GeolocationHint' => [
            'geo:-25.755799,28.2749455;u=50',
        ],
    ],
    'contacts' => [
        [
            'contactType' => 'support',
            'emailAddress' => 'mailto:sysadmin@sanren.ac.za',
            'givenName' => 'SANReN Sysadmins',
            'telephoneNumber' => '+27.12.841.2308',
        ],
        [
            'contactType' => 'technical',
            'emailAddress' => 'mailto:sysadmin@sanren.ac.za',
            'givenName' => 'SANReN Sysadmin Support',
            'telephoneNumber' => '+27.12.841.2308',
        ],
        [
            'contactType' => 'other',
            'emailAddress' => 'mailto:csirt@sanren.ac.za',
            'givenName' => 'SANReN CSIRT',
            'telephoneNumber' => '+27.12.841.4111',
            'attributes' => [
                'xmlns:remd' => 'http://refeds.org/metadata',
                'remd:contactType' => 'http://refeds.org/metadata/contactType/security',
            ],
        ],
        [
            'emailAddress' => 'sysadmin@sanren.ac.za',
            'contactType' => 'technical',
            'givenName' => 'Administrators',
        ],
    ],
];

Certificates

Download the X509 certificates as PEM-encoded files.

idp.crt