Metadata
IdP
The supported fields in metadata for SAML 2.0 IdP's is as follows (as of release 4):
SingleLogoutServiceResponse
SingleLogoutService
SingleSignOnService
certFingerprint
certData
NameIDFormat
contact:name
contact:email
entity:name:<lang id>
entity:description:<lang id>
entity:url:<lang id>
The following fields needs to be implemented:
certificate
metadata.sign.enable
metadata.dign.privatekey
metadata.sign.certificate
metadata.sign.privatekey_pass
SP
The supporte metadata fields for SAML 2.0 SP as follows (as of release 4):
AssertionConsumerService
SingleLogoutService
entity:name:<lang id>
entity:description:<lang id>
entity:url:<lang id>
contact:name
contact:email
NameIDFormat
certFingerprint
certData
The following fields needs to be implemented:
certificate
metadata.sign.enable
metadata.dign.privatekey
metadata.sign.certificate
metadata.sign.privatekey_pass
Certificate and metadata.sign.certificate can be the same field, since the same certificate is used. Certificates poses a few problems, since the functions and methods build into SSP, can only read certs from the certdir. We do not want to upload a file directly to the certdir on a working installation in SSP. This needs to be solved before signing of metadata is possible.
The contact fields can be extended to also cover the following fields for both IdP's and SP's:
contact:surName
contact:givenName
contact:company
contact:telephoneNumber
By default the contact type is 'technical'. Complete list is:
technical
support
administrative
billing
other
The way that the contact fields are handled do not support the other types. One way is to extend the contact fields to include the type as well like this: "contact:<type>:<fieldname>"