Metadata

IdP

The supported fields in metadata for SAML 2.0 IdP's is as follows (as of release 4):

- SingleLogoutServiceResponse
- SingleLogoutService
- SingleSignOnService
- certFingerprint
- certData
- NameIDFormat
- contact:name
- contact:email
- entity:name:<lang id>
- entity:description:<lang id>
- entity:url:<lang id>

The following fields needs to be implemented:

- certificate
- metadata.sign.enable
- metadata.dign.privatekey
- metadata.sign.certificate
- metadata.sign.privatekey_pass

SP

The supporte metadata fields for SAML 2.0 SP as follows (as of release 4):

- AssertionConsumerService
- SingleLogoutService
- entity:name:<lang id>
- entity:description:<lang id>
- entity:url:<lang id>
- contact:name
- contact:email
- NameIDFormat
- certFingerprint
- certData

The following fields needs to be implemented:

- certificate
- metadata.sign.enable
- metadata.dign.privatekey
- metadata.sign.certificate
- metadata.sign.privatekey_pass

Certificate and metadata.sign.certificate can be the same field, since the same certificate is used. Certificates poses a few problems, since the functions and methods build into SSP, can only read certs from the certdir. We do not want to upload a file directly to the certdir on a working installation in SSP. This needs to be solved before signing of metadata is possible.

The contact fields can be extended to also cover the following fields for both IdP's and SP's:

- contact:surName
- contact:givenName
- contact:company
- contact:telephoneNumber

By default the contact type is 'technical'. Complete list is:

- technical
- support
- administrative
- billing
- other

The way that the contact fields are handled do not support the other types. One way is to extend the contact fields to include the type as well like this: "contact:<type>:<fieldname>"