SAML 2.0 IdP Metadata

SimpleSAMLphp har har genererat följande metadata. För att sätta upp en betrodd federation kan du skicka metadata till de parter du har förtroende för.

Du kan hämta metadata i XML-format på dedicerad URL:

https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php

Metadata

I SAML 2.0 Metadata XML-format:

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php">
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:Extensions>
      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">sanren.ac.za</shibmd:Scope>
      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">csir.co.za</shibmd:Scope>
      <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:DisplayName xml:lang="en">SANReN Competency Area</mdui:DisplayName>
        <mdui:Description xml:lang="en">To authenticate SANReN Competency Area staff</mdui:Description>
        <mdui:InformationURL xml:lang="en">http://www.sanren.ac.za</mdui:InformationURL>
      </mdui:UIInfo>
      <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:IPHint>146.64.0.0/16</mdui:IPHint>
        <mdui:DomainHint>sanren.ac.za</mdui:DomainHint>
        <mdui:DomainHint>csir.co.za</mdui:DomainHint>
        <mdui:GeolocationHint>geo:-25.755799,28.2749455;u=50</mdui:GeolocationHint>
      </mdui:DiscoHints>
    </md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en">Council for Scientific and Industrial Research</md:OrganizationName>
    <md:OrganizationName xml:lang="af">Wetenskaplike en Nywerheidnavorsingsraad</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">SANReN Competency Area</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">http://www.sanren.ac.za/</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="support">
    <md:GivenName>SANReN Sysadmins</md:GivenName>
    <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress>
    <md:TelephoneNumber>+27.12.841.2308</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="technical">
    <md:GivenName>SANReN Sysadmin Support</md:GivenName>
    <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress>
    <md:TelephoneNumber>+27.12.841.2308</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="other" xmlns:remd="http://refeds.org/metadata" remd:contactType="http://refeds.org/metadata/contactType/security">
    <md:GivenName>SANReN CSIRT</md:GivenName>
    <md:EmailAddress>mailto:csirt@sanren.ac.za</md:EmailAddress>
    <md:TelephoneNumber>+27.12.841.4111</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="technical">
    <md:GivenName>Administrators</md:GivenName>
    <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

I filformatet för simpleSAML, använd detta detta format om SimpleSAMLphp används i mottagende sida:

$metadata['https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php'] = [
    'metadata-set' => 'saml20-idp-remote',
    'entityid' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php',
    'SingleSignOnService' => [
        [
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SSOService.php',
        ],
    ],
    'SingleLogoutService' => [
        [
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SingleLogoutService.php',
        ],
    ],
    'certData' => 'MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=',
    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
    'OrganizationName' => [
        'en' => 'Council for Scientific and Industrial Research',
        'af' => 'Wetenskaplike en Nywerheidnavorsingsraad',
    ],
    'OrganizationDisplayName' => [
        'en' => 'SANReN Competency Area',
    ],
    'OrganizationURL' => [
        'en' => 'http://www.sanren.ac.za/',
    ],
    'scope' => [
        'sanren.ac.za',
        'csir.co.za',
    ],
    'UIInfo' => [
        'DisplayName' => [
            'en' => 'SANReN Competency Area',
        ],
        'Description' => [
            'en' => 'To authenticate SANReN Competency Area staff',
        ],
        'InformationURL' => [
            'en' => 'http://www.sanren.ac.za',
        ],
    ],
    'DiscoHints' => [
        'IPHint' => [
            '146.64.0.0/16',
        ],
        'DomainHint' => [
            'sanren.ac.za',
            'csir.co.za',
        ],
        'GeolocationHint' => [
            'geo:-25.755799,28.2749455;u=50',
        ],
    ],
    'contacts' => [
        [
            'contactType' => 'support',
            'emailAddress' => 'mailto:sysadmin@sanren.ac.za',
            'givenName' => 'SANReN Sysadmins',
            'telephoneNumber' => '+27.12.841.2308',
        ],
        [
            'contactType' => 'technical',
            'emailAddress' => 'mailto:sysadmin@sanren.ac.za',
            'givenName' => 'SANReN Sysadmin Support',
            'telephoneNumber' => '+27.12.841.2308',
        ],
        [
            'contactType' => 'other',
            'emailAddress' => 'mailto:csirt@sanren.ac.za',
            'givenName' => 'SANReN CSIRT',
            'telephoneNumber' => '+27.12.841.4111',
            'attributes' => [
                'xmlns:remd' => 'http://refeds.org/metadata',
                'remd:contactType' => 'http://refeds.org/metadata/contactType/security',
            ],
        ],
        [
            'emailAddress' => 'sysadmin@sanren.ac.za',
            'contactType' => 'technical',
            'givenName' => 'Administrators',
        ],
    ],
];

Certifikat

Hämta X509-certifikaten som PEM-kodade filer.

idp.crt