Standard metadata properties are defined in the Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 specification and include information such as the single sign-on service URL and the assertion consumer service URL. During installation, two standard metadata configuration files are created for use as input to the saml2meta utility. They are located in /AccessManager-base/product-directory/saml2/meta or /FederationManager-base/SUNWam/saml2/meta.
idpMeta.xml is the default standard metadata configuration file if your instance of the SAML v2 Plug-in for Federation Services will act as an identity provider.
spMeta.xml is the default standard metadata configuration file if your instance of the SAML v2 Plug-in for Federation Services will act as an service provider.
The following sections define both the identity provider and service provider standard metadata properties that have been implemented in the SAML v2 Plug-in for Federation Services.
A complete listing of all the standard metadata properties can be found in the Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0.
The identity provider standard metadata properties implemented in the SAML v2 Plug-in for Federation Services are defined in the following table.
WantAuthnRequestsSigned |
Takes a value of true or false. If true, all authentication requests received by this identity provider must be signed. |
ArtifactResolutionService |
Defines the endpoint(s) that support the Artifact Resolution profile. |
SingleLogoutService |
Defines the endpoint(s) that support the Single Logout profiles. |
ManageNameIDService |
Defines the endpoint(s) that support the Name Identifier Management profiles. |
NameIDFormat |
Defines the name identifier formats supported by the identity provider. Name identifiers are a way for providers to communicate with each other regarding a user. Single sign-on interactions support two types of identifiers:
More information about name identifiers is in Single Sign-on. |
SingleSignOnService |
Defines the endpoint(s) that support the profiles of the Authentication Request protocol. All identity providers must support at least one such endpoint. |
The service provider standard metadata properties implemented in the SAML v2 Plug-in for Federation Services are defined in the following table.
AuthnRequestsSigned |
Takes a value of true or false. If true, the service provider will sign all outgoing authentication requests. |
WantAssertionsSigned |
Takes a value of true or false. If true, all assertions received by this service provider must be signed. |
SingleLogoutService |
Defines the endpoint(s) that support the Single Logout profiles. |
ManageNameIDService |
Defines the endpoint(s) that support the Name Identifier Management profiles. |
NameIDFormat |
Defines the name identifier formats supported by the service provider. Name identifiers are a way for providers to communicate with each other regarding a user. Single sign-on interactions support two types of identifiers:
More information about name identifiers is in Single Sign-on. |
AssertionConsumerService |
Defines the endpoint(s) that support the profiles of the Authentication Request protocol. All service providers support at least one such endpoint. |