SAML 2.0 IdP Metaadatok

Ezeket a metaadatokat a SimpleSAMLphp generálta. Ezt a dokumentumot küldheti el föderációs partnerei számára.

A következő címről töltheti le a metaadatokat:

https://idp.criann.fr/saml2/idp/metadata.php

Metaadatok

SAML 2.0 XML formátumban:

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://idp.criann.fr/saml2/idp/metadata.php">
  <md:Extensions>
    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">https://refeds.org/sirtfi2</saml:AttributeValue>
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">https://refeds.org/sirtfi</saml:AttributeValue>
      </saml:Attribute>
    </mdattr:EntityAttributes>
  </md:Extensions>
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:Extensions>
      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">criann.fr</shibmd:Scope>
      <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:DisplayName xml:lang="en">CRIANN</mdui:DisplayName>
        <mdui:DisplayName xml:lang="fr">CRIANN</mdui:DisplayName>
        <mdui:Description xml:lang="en">CRIANN - Identity Provider</mdui:Description>
        <mdui:Description xml:lang="fr">CRIANN - Fournisseur d'identit&#xE9;s</mdui:Description>
        <mdui:InformationURL xml:lang="en">https://www.criann.fr</mdui:InformationURL>
        <mdui:InformationURL xml:lang="fr">https://www.criann.fr</mdui:InformationURL>
      </mdui:UIInfo>
      <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:DomainHint>criann.fr</mdui:DomainHint>
      </mdui:DiscoHints>
    </md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIEmzCCA4OgAwIBAgIJAPvEN/keqokTMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJGUjESMBAGA1UECBMJTm9ybWFuZGllMSEwHwYDVQQHExhTYWludC1FdGllbm5lIGR1IFJvdXZyYXkxDzANBgNVBAoTBkNSSUFOTjEWMBQGA1UEAxMNaWRwLmNyaWFubi5mcjEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBjcmlhbm4uZnIwHhcNMTcwOTEwMTMzMTUzWhcNMjcwOTEwMTMzMTUzWjCBjzELMAkGA1UEBhMCRlIxEjAQBgNVBAgTCU5vcm1hbmRpZTEhMB8GA1UEBxMYU2FpbnQtRXRpZW5uZSBkdSBSb3V2cmF5MQ8wDQYDVQQKEwZDUklBTk4xFjAUBgNVBAMTDWlkcC5jcmlhbm4uZnIxIDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAY3JpYW5uLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzni5wiKsxURabTVnu3R4788wRM6XHSdPWTmENIZtLV1ztvjmWMouih3hxmO7EMKfJi7DEzF/UpLSLSfcFcADH6ymIp3MHmwTbhbZUjRVn1CEPJl3x+5kbXhzxohPhZJ90/A6eOzVrxrOAKvENe+m/bSlTN8u78pHF0cNH5Hm0pq3guZgfiuyRPxrVThBXXRH5XKaFTUIzKnyijeRg6SUoQM4MCORKJki6pPuUycUPhyA58o8LRqwJaVQEVqnN7Z4wCPLTvQAjpkBwoIa0ZyQo8GNPGim66g0giazFGj2UflnE9cWB8s20ymQ6oJOcZ+Ql5hJ7pzWj/4ShWk9X5amBQIDAQABo4H3MIH0MB0GA1UdDgQWBBRJDrpqneDGVWyAZuORz6IBF88OtjCBxAYDVR0jBIG8MIG5gBRJDrpqneDGVWyAZuORz6IBF88OtqGBlaSBkjCBjzELMAkGA1UEBhMCRlIxEjAQBgNVBAgTCU5vcm1hbmRpZTEhMB8GA1UEBxMYU2FpbnQtRXRpZW5uZSBkdSBSb3V2cmF5MQ8wDQYDVQQKEwZDUklBTk4xFjAUBgNVBAMTDWlkcC5jcmlhbm4uZnIxIDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAY3JpYW5uLmZyggkA+8Q3+R6qiRMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAER++8l3GpGYIqYlxX9G4AaqKsH8CbAcxAd8XgnrugjZbu9LGloKYn9JF0t+D08099Ps2q/KOQKyrhWorlusciKpvGVI9tDtapYmwb4lbo7FLNIeg8ZdcxqNqcgoqvC3pL+pOMLMgl5TGCv4140JkpHzhqy8miJhMTGJhKRA8vV1Y611MBlCGKYzujht8mCpQL+MqdB0n2WHJHPlqvv8CYifxAlVbb9rTBVkMxuYoWQZRQjXBOwQz8aI37uOdauiW2oulXScWMdjlRGzMsiGf8vjo8gUeWiBWl88FApzq06ylKUeAGoQKqFnhoaw3n31BnmfqQixCVJcmJmh7TlHsMw==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIEmzCCA4OgAwIBAgIJAPvEN/keqokTMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJGUjESMBAGA1UECBMJTm9ybWFuZGllMSEwHwYDVQQHExhTYWludC1FdGllbm5lIGR1IFJvdXZyYXkxDzANBgNVBAoTBkNSSUFOTjEWMBQGA1UEAxMNaWRwLmNyaWFubi5mcjEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBjcmlhbm4uZnIwHhcNMTcwOTEwMTMzMTUzWhcNMjcwOTEwMTMzMTUzWjCBjzELMAkGA1UEBhMCRlIxEjAQBgNVBAgTCU5vcm1hbmRpZTEhMB8GA1UEBxMYU2FpbnQtRXRpZW5uZSBkdSBSb3V2cmF5MQ8wDQYDVQQKEwZDUklBTk4xFjAUBgNVBAMTDWlkcC5jcmlhbm4uZnIxIDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAY3JpYW5uLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzni5wiKsxURabTVnu3R4788wRM6XHSdPWTmENIZtLV1ztvjmWMouih3hxmO7EMKfJi7DEzF/UpLSLSfcFcADH6ymIp3MHmwTbhbZUjRVn1CEPJl3x+5kbXhzxohPhZJ90/A6eOzVrxrOAKvENe+m/bSlTN8u78pHF0cNH5Hm0pq3guZgfiuyRPxrVThBXXRH5XKaFTUIzKnyijeRg6SUoQM4MCORKJki6pPuUycUPhyA58o8LRqwJaVQEVqnN7Z4wCPLTvQAjpkBwoIa0ZyQo8GNPGim66g0giazFGj2UflnE9cWB8s20ymQ6oJOcZ+Ql5hJ7pzWj/4ShWk9X5amBQIDAQABo4H3MIH0MB0GA1UdDgQWBBRJDrpqneDGVWyAZuORz6IBF88OtjCBxAYDVR0jBIG8MIG5gBRJDrpqneDGVWyAZuORz6IBF88OtqGBlaSBkjCBjzELMAkGA1UEBhMCRlIxEjAQBgNVBAgTCU5vcm1hbmRpZTEhMB8GA1UEBxMYU2FpbnQtRXRpZW5uZSBkdSBSb3V2cmF5MQ8wDQYDVQQKEwZDUklBTk4xFjAUBgNVBAMTDWlkcC5jcmlhbm4uZnIxIDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAY3JpYW5uLmZyggkA+8Q3+R6qiRMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAER++8l3GpGYIqYlxX9G4AaqKsH8CbAcxAd8XgnrugjZbu9LGloKYn9JF0t+D08099Ps2q/KOQKyrhWorlusciKpvGVI9tDtapYmwb4lbo7FLNIeg8ZdcxqNqcgoqvC3pL+pOMLMgl5TGCv4140JkpHzhqy8miJhMTGJhKRA8vV1Y611MBlCGKYzujht8mCpQL+MqdB0n2WHJHPlqvv8CYifxAlVbb9rTBVkMxuYoWQZRQjXBOwQz8aI37uOdauiW2oulXScWMdjlRGzMsiGf8vjo8gUeWiBWl88FApzq06ylKUeAGoQKqFnhoaw3n31BnmfqQixCVJcmJmh7TlHsMw==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.criann.fr/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.criann.fr/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:ContactPerson contactType="other">
    <md:Company>CRIANN</md:Company>
    <md:GivenName>CSIRT</md:GivenName>
    <md:SurName>Team</md:SurName>
    <md:EmailAddress>mailto:rssi@criann.fr</md:EmailAddress>
    <md:TelephoneNumber>+33(0)232924291</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="technical">
    <md:GivenName>CRIANN Support Team</md:GivenName>
    <md:EmailAddress>support@criann.fr</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

SimpleSAMLphp fájl formátumban - akkor használható, ha a másik oldalon SimpleSAMLphp van:

$metadata['https://idp.criann.fr/saml2/idp/metadata.php'] = array (
  'metadata-set' => 'saml20-idp-remote',
  'entityid' => 'https://idp.criann.fr/saml2/idp/metadata.php',
  'SingleSignOnService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
      'Location' => 'https://idp.criann.fr/saml2/idp/SSOService.php',
    ),
  ),
  'SingleLogoutService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
      'Location' => 'https://idp.criann.fr/saml2/idp/SingleLogoutService.php',
    ),
  ),
  'certData' => 'MIIEmzCCA4OgAwIBAgIJAPvEN/keqokTMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJGUjESMBAGA1UECBMJTm9ybWFuZGllMSEwHwYDVQQHExhTYWludC1FdGllbm5lIGR1IFJvdXZyYXkxDzANBgNVBAoTBkNSSUFOTjEWMBQGA1UEAxMNaWRwLmNyaWFubi5mcjEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBjcmlhbm4uZnIwHhcNMTcwOTEwMTMzMTUzWhcNMjcwOTEwMTMzMTUzWjCBjzELMAkGA1UEBhMCRlIxEjAQBgNVBAgTCU5vcm1hbmRpZTEhMB8GA1UEBxMYU2FpbnQtRXRpZW5uZSBkdSBSb3V2cmF5MQ8wDQYDVQQKEwZDUklBTk4xFjAUBgNVBAMTDWlkcC5jcmlhbm4uZnIxIDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAY3JpYW5uLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzni5wiKsxURabTVnu3R4788wRM6XHSdPWTmENIZtLV1ztvjmWMouih3hxmO7EMKfJi7DEzF/UpLSLSfcFcADH6ymIp3MHmwTbhbZUjRVn1CEPJl3x+5kbXhzxohPhZJ90/A6eOzVrxrOAKvENe+m/bSlTN8u78pHF0cNH5Hm0pq3guZgfiuyRPxrVThBXXRH5XKaFTUIzKnyijeRg6SUoQM4MCORKJki6pPuUycUPhyA58o8LRqwJaVQEVqnN7Z4wCPLTvQAjpkBwoIa0ZyQo8GNPGim66g0giazFGj2UflnE9cWB8s20ymQ6oJOcZ+Ql5hJ7pzWj/4ShWk9X5amBQIDAQABo4H3MIH0MB0GA1UdDgQWBBRJDrpqneDGVWyAZuORz6IBF88OtjCBxAYDVR0jBIG8MIG5gBRJDrpqneDGVWyAZuORz6IBF88OtqGBlaSBkjCBjzELMAkGA1UEBhMCRlIxEjAQBgNVBAgTCU5vcm1hbmRpZTEhMB8GA1UEBxMYU2FpbnQtRXRpZW5uZSBkdSBSb3V2cmF5MQ8wDQYDVQQKEwZDUklBTk4xFjAUBgNVBAMTDWlkcC5jcmlhbm4uZnIxIDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAY3JpYW5uLmZyggkA+8Q3+R6qiRMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAER++8l3GpGYIqYlxX9G4AaqKsH8CbAcxAd8XgnrugjZbu9LGloKYn9JF0t+D08099Ps2q/KOQKyrhWorlusciKpvGVI9tDtapYmwb4lbo7FLNIeg8ZdcxqNqcgoqvC3pL+pOMLMgl5TGCv4140JkpHzhqy8miJhMTGJhKRA8vV1Y611MBlCGKYzujht8mCpQL+MqdB0n2WHJHPlqvv8CYifxAlVbb9rTBVkMxuYoWQZRQjXBOwQz8aI37uOdauiW2oulXScWMdjlRGzMsiGf8vjo8gUeWiBWl88FApzq06ylKUeAGoQKqFnhoaw3n31BnmfqQixCVJcmJmh7TlHsMw==',
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
  'scope' => 
  array (
    0 => 'criann.fr',
  ),
  'EntityAttributes' => 
  array (
    '{urn:oasis:names:tc:SAML:2.0:attrname-format:uri}http://macedir.org/entity-category' => 
    array (
      0 => 'http://refeds.org/category/research-and-scholarship',
    ),
    '{urn:oasis:names:tc:SAML:2.0:attrname-format:uri}urn:oasis:names:tc:SAML:attribute:assurance-certification' => 
    array (
      0 => 'https://refeds.org/sirtfi2',
      1 => 'https://refeds.org/sirtfi',
    ),
  ),
  'UIInfo' => 
  array (
    'DisplayName' => 
    array (
      'en' => 'CRIANN',
      'fr' => 'CRIANN',
    ),
    'Description' => 
    array (
      'en' => 'CRIANN - Identity Provider',
      'fr' => 'CRIANN - Fournisseur d\'identités',
    ),
    'InformationURL' => 
    array (
      'en' => 'https://www.criann.fr',
      'fr' => 'https://www.criann.fr',
    ),
  ),
  'DiscoHints' => 
  array (
    'DomainHint' => 
    array (
      0 => 'criann.fr',
    ),
  ),
  'contacts' => 
  array (
    0 => 
    array (
      'contactType' => 'other',
      'emailAddress' => 'mailto:rssi@criann.fr',
      'givenName' => 'CSIRT',
      'surName' => 'Team',
      'telephoneNumber' => '+33(0)232924291',
      'company' => 'CRIANN',
    ),
    1 => 
    array (
      'emailAddress' => 'support@criann.fr',
      'contactType' => 'technical',
      'givenName' => 'CRIANN Support Team',
    ),
  ),
);

Tanúsítványok.

PEM formátumú X509 tanúsítvány letöltése.

idp.crt