Standard Metadata Properties (Sun Java System SAML v2 Plug-in for Federation Services User's Guide)

Sun Java System SAML v2 Plug-in for Federation Services User's Guide

Standard Metadata Properties

Standard metadata properties are defined in the Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 specification and include information such as the single sign-on service URL and the assertion consumer service URL. During installation, two standard metadata configuration files are created for use as input to the saml2meta utility. They are located in /AccessManager-base/product-directory/saml2/meta or /FederationManager-base/SUNWam/saml2/meta.

idpMeta.xml is the default standard metadata configuration file if your instance of the SAML v2 Plug-in for Federation Services will act as an identity provider.
spMeta.xml is the default standard metadata configuration file if your instance of the SAML v2 Plug-in for Federation Services will act as an service provider.

The following sections define both the identity provider and service provider standard metadata properties that have been implemented in the SAML v2 Plug-in for Federation Services.

Note –

A complete listing of all the standard metadata properties can be found in the Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0.

Identity Provider Standard Metadata Properties

The identity provider standard metadata properties implemented in the SAML v2 Plug-in for Federation Services are defined in the following table.

`WantAuthnRequestsSigned`	Takes a value of `true` or `false`. If `true`, all authentication requests received by this identity provider must be signed.
`ArtifactResolutionService`	Defines the endpoint(s) that support the Artifact Resolution profile.
`SingleLogoutService`	Defines the endpoint(s) that support the Single Logout profiles.
`ManageNameIDService`	Defines the endpoint(s) that support the Name Identifier Management profiles.
`NameIDFormat`	Defines the name identifier formats supported by the identity provider. Name identifiers are a way for providers to communicate with each other regarding a user. Single sign-on interactions support two types of identifiers: A persistent identifier is saved to a particular user's data store entry as the value of two attributes. A transient identifier is temporary and no data will be written to the user's persistent data store. More information about name identifiers is in Single Sign-on.
`SingleSignOnService`	Defines the endpoint(s) that support the profiles of the Authentication Request protocol. All identity providers must support at least one such endpoint.

Service Provider Standard Metadata Properties

The service provider standard metadata properties implemented in the SAML v2 Plug-in for Federation Services are defined in the following table.

`AuthnRequestsSigned`	Takes a value of `true` or `false`. If `true`, the service provider will sign all outgoing authentication requests.
`WantAssertionsSigned`	Takes a value of `true` or `false`. If `true`, all assertions received by this service provider must be signed.
`SingleLogoutService`	Defines the endpoint(s) that support the Single Logout profiles.
`ManageNameIDService`	Defines the endpoint(s) that support the Name Identifier Management profiles.
`NameIDFormat`	Defines the name identifier formats supported by the service provider. Name identifiers are a way for providers to communicate with each other regarding a user. Single sign-on interactions support two types of identifiers: A persistent identifier is saved to a particular user's data store entry as the value of two attributes. A transient identifier is temporary and no data will be written to the user's persistent data store. More information about name identifiers is in Single Sign-on.
`AssertionConsumerService`	Defines the endpoint(s) that support the profiles of the Authentication Request protocol. All service providers support at least one such endpoint.