test

Deployment Example 2: Federation Using SAML v2

10.4 Sample Identity Provider Metadata Template Files

In the following examples, changes to the file are indicated in bold.

Example 10–1 Modified saml2-idp-template.xml File


<EntityDescriptor
    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
    entityID="loadbalancer-3.example.com">
    <IDPSSODescriptor
        WantAuthnRequestsSigned="false"
        protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <KeyDescriptor use="signing">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>
MIICZDCCAg6gAwIBAgICBr8wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
EwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEeMBwGA1UEChMVU3VuIE1pY3Jvc3lz
dGVtcyBJbmMuMRowGAYDVQQLExFJZGVudGl0eSBTZXJ2aWNlczEcMBoGA1UEAxMTQ2VydGlmaWNh
dGUgTWFuYWdlcjAeFw0wNzAzMDcyMTUwMDVaFw0xMDEyMDEyMTUwMDVaMDsxFDASBgNVBAoTC2V4
YW1wbGUuY29tMSMwIQYDVQQDExpMb2FkQmFsYW5jZXItMy5leGFtcGxlLmNvbTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAlOhN9HddLMpE3kCjkPSOFpCkDxTNuhMhcgBkYmSEF/iJcQsLX/ga
pO+W1SIpwqfsjzR5ZvEdtc/8hGumRHqcX3r6XrU0dESM6MW5AbNNJsBnwIV6xZ5QozB4wL4zREhw
zwwYejDVQ/x+8NRESI3ym17tDLEuAKyQBueubgjfic0CAwEAAaNgMF4wEQYJYIZIAYb4QgEBBAQD
AgZAMA4GA1UdDwEB/wQEAwIE8DAfBgNVHSMEGDAWgBQ7oCE35Uwn7FsjS01w5e3DA1CrrjAYBgNV
HREEETAPgQ1tYWxsYUBzdW4uY29tMA0GCSqGSIb3DQEBBAUAA0EAGhJhep7X2hqWJWQoXFcdU7eQ
        </KeyDescriptor>
        <KeyDescriptor use="encryption">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
EwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEeMBwGA1UEChMVU3VuIE1pY3Jvc3lz
dGVtcyBJbmMuMRowGAYDVQQLExFJZGVudGl0eSBTZXJ2aWNlczEcMBoGA1UEAxMTQ2VydGlmaWNh
dGUgTWFuYWdlcjAeFw0wNzAzMDcyMjAxMTVaFw0xMDEyMDEyMjAxMTVaMDsxFDASBgNVBAoTC2V4
YW1wbGUuY29tMSMwIQYDVQQDExpMb2FkQmFsYW5jZXItMy5leGFtcGxlLmNvbTCBnzANBgkqhkiG
HREEETAPgQ1tYWxsYUBzdW4uY29tMA0GCSqGSIb3DQEBBAUAA0EAEgbmnOz2Rvpj9bludb9lEeVa
OA46zRiyt4BPlbgIaFyG6P7GWSddMi/14EimQjjDbr4ZfvlEdPJmimHExZY3KQ==
            </KeyInfo>
            </EncryptionMethod>
        </KeyDescriptor>
        <ArtifactResolutionService
            index="0"
            isDefault="1"/>
        <SingleLogoutService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        <SingleLogoutService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
        <ManageNameIDService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
            ResponseLocation="https://LoadBalancer-3.example.com:9443/
               amserver/IDPMniRedirect/metaAlias/idp"/>
        <ManageNameIDService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
            Location="https://LoadBalancer-3.example.com:9443/amserver/
               IDPMniSoap/metaAlias/idp"/>
        <NameIDFormat>
            urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
        </NameIDFormat>
        <NameIDFormat>
            urn:oasis:names:tc:SAML:2.0:nameid-format:transient
        </NameIDFormat>
        <SingleSignOnService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
            Location="https://LoadBalancer-3.example.com:9443/amserver/
                SSORedirect/metaAlias/idp"/>
        <SingleSignOnService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
            Location="https://LoadBalancer-3.example.com:9443/amserver/
                SSOSoap/metaAlias/idp"/>
    </IDPSSODescriptor>
</EntityDescriptor>
Example 10–2 Modified saml2-idp-metadata-template.xml File


<EntityConfig xmlns="urn:sun:fm:SAML:2.0:entityconfig"
    xmlns:fm="urn:sun:fm:SAML:2.0:entityconfig"
    hosted="1"
    entityID="loadbalancer-3.example.com">
                                                                                
    <IDPSSOConfig metaAlias="/users/idp">
        <Attribute name="signingCertAlias">
            <Value>LoadBalancer-3</Value>
            <Value>LoadBalancer-3-enc</Value>
        </Attribute>
        </Attribute>
        <Attribute name="basicAuthUser">
        <Attribute name="basicAuthPassword">
            <Value></Value>
            <Value>false</Value>
        </Attribute>
        <Attribute name="autofedAttribute">
            <Value></Value>
        </Attribute>
        <Attribute name="assertionEffectiveTime">
            <Value>600</Value>
        </Attribute>
        <Attribute name="idpAuthncontextMapper">
        </Attribute>
        <Attribute name="idpAuthncontextClassrefMapping">
        </Attribute>
        <Attribute name="idpAccountMapper">
        </Attribute>
        <Attribute name="idpAttributeMapper">
        </Attribute>
        <Attribute name="attributeMap">
            <Value>EmailAddress=mail</Value>
            <Value>Telephone=telephonenumber</Value>
        </Attribute>
       <Attribute name="wantNameIDEncrypted">
           <Value></Value>
       </Attribute>
        <Attribute name="wantArtifactResolveSigned">
            <Value>true</Value>
        </Attribute>
       <Attribute name="wantLogoutRequestSigned">
           <Value>true</Value>
       </Attribute>
       <Attribute name="wantLogoutResponseSigned ">
           <Value>true</Value>
       </Attribute>
       <Attribute name="wantMNIRequestSigned">
           <Value>true</Value>
       </Attribute>
       <Attribute name="wantMNIResponseSigned">
           <Value>true</Value>
       </Attribute>
       <Attribute name="cotlist">
           <Value>saml2_circle_of_trust</Value>
       </Attribute>
    </IDPSSOConfig>
</EntityConfig>