SAML 2.0 IdP metaandmed
Need on SimpleSAMLphp poolt sulle genereeritud metaandmed. Võid saata need metaandmed usaldatavatele partneritele usaldatava föderatsiooni loomiseks.
Metaandmete XML-i on võimalik saada spetsiaalselt aadressilt:
https://idp.astound.com/saml2/idp/metadata.php
Metaandmed
SAML 2.0 metaandmete XML-vormingus:
<?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://idp.astound.com/saml2/idp/metadata.php"> <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIFazCCA1OgAwIBAgIUCJco/QgUMC1l+0Nn4dgcwYVPUe8wDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjEwMTcxNTA4MjdaFw0zMjEwMTQxNTA4MjdaMEUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgBH0JyCMF5B4cIwqSfZVTbHOJypt1EDHjAEqKdOKqYOcUQkog03iTcIoGhcniZtAwZAI2C+K30H/PaCUCEr1fEFpBGvUy1bpwU+XrVn/nsi4JiOPxkpRzLUvqKZcohfcKhfYXrx9/2dpbNKBcSlfPUS4wOWcXxgEINFd17kwRR2/NjFAffin3BJYHRZSfrSlRNgzD/8iY6yV8/kuS4NQi5lXo+JYTkkDLgKSP9IsUw0+pyEVAHjzwVufHKvmREjQBYPw3+NK1lFXmJ9Dj0etGaXifqYYO+JHgSYskJfH66NcaFh6TnvVMZ0KFYjqgZKSj5qbthRIZ6nuw7g1T0rdPCXfAat89CG9LwRVi0aub073IQxUIvxGEI/1oGGhLhtvimF2Gt0ugg+E29R4wFT07yPrkj9yoNZot76ywiiOTjAYRO8xcOE9GGuEqGrFgJ+vJCzK3gAlgsRv9ypnHciT4F/ZgJZ/xvjpaZh6sze3V8lNpNdNyD28ucU1NpBCDGablnavkR7VX9Etf8TNqmxqUAkpKxCwl/NAUBRbi0tpIaqvvN1luyPEKCOeRUNTWE6SHtOGeUTppmZTrlL5w8MlQ9A/pHH8VJXFXzcEUJQAnpkaXgpt6lVvfX2HV/5u9i2KaSOIa10kiRiw1Na24wKY7kdie1JdAU52fynzC63QslwIDAQABo1MwUTAdBgNVHQ4EFgQUgJXRFwgMysVZgYpszNiP++ScUHIwHwYDVR0jBBgwFoAUgJXRFwgMysVZgYpszNiP++ScUHIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAS/KGESlKaZ2HeU3FX9e4rf+bR2NtRBRctrtx9pzWgDTvTIqyKF+pvgG9TzpvuH7POwl3Lop4Fm7azAIidDuBYGl6npfFPDgEcDibosgjhNKkTfgeRHrhR8vZm/tZ8cwLNduO+O+/MPJ2avdoeZm+9QCp4w9FwhlEpGP1ynMDGV/doyuHx71I5nB0h+1PhvFg+d+cVtMaxcV38pHBJh/5uf+fyv828SxRgBIGNwWIWVsZg0SmdgpbmJVxVWNC47cui+Wp6A8VbaVy/6rMCS891xZwcWhjOMGDW7B8RPWrb3oMUHNUG7boZMWS3VUnl+JIXuXA+4TNq92erpGvB35D1G4A1MHk4OKBgMlJpRCkpvAGFw44goG36+qKG7Qo0FazxfqnHmaKd8taWLCBiNRYTY9aMH3UoofPX5SzxHAjJp0x/9pTd/zDwCI8occdcYNjjN6NilD0cevvEm3YgvyD30R87pyT6TAuL1v4kWfLIm6rsx6BfgA5qBskDw8hBKAF4t7KWPmHavyQ8jUfgajHYfQo9OLueNyUEsCmbqkkoaMFdxpnfpKVwqAxCUeZFp/l7tp94+43spFIVcBoTGU+Q2D8CSXJBgADo5ktl3NJGPBcRYvZRWOgkNu5YG11K1EScotU5HzD1t4AUBnUG9bnSQbTVDR0cJd1RFvbKghKT5M=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIFazCCA1OgAwIBAgIUCJco/QgUMC1l+0Nn4dgcwYVPUe8wDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjEwMTcxNTA4MjdaFw0zMjEwMTQxNTA4MjdaMEUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgBH0JyCMF5B4cIwqSfZVTbHOJypt1EDHjAEqKdOKqYOcUQkog03iTcIoGhcniZtAwZAI2C+K30H/PaCUCEr1fEFpBGvUy1bpwU+XrVn/nsi4JiOPxkpRzLUvqKZcohfcKhfYXrx9/2dpbNKBcSlfPUS4wOWcXxgEINFd17kwRR2/NjFAffin3BJYHRZSfrSlRNgzD/8iY6yV8/kuS4NQi5lXo+JYTkkDLgKSP9IsUw0+pyEVAHjzwVufHKvmREjQBYPw3+NK1lFXmJ9Dj0etGaXifqYYO+JHgSYskJfH66NcaFh6TnvVMZ0KFYjqgZKSj5qbthRIZ6nuw7g1T0rdPCXfAat89CG9LwRVi0aub073IQxUIvxGEI/1oGGhLhtvimF2Gt0ugg+E29R4wFT07yPrkj9yoNZot76ywiiOTjAYRO8xcOE9GGuEqGrFgJ+vJCzK3gAlgsRv9ypnHciT4F/ZgJZ/xvjpaZh6sze3V8lNpNdNyD28ucU1NpBCDGablnavkR7VX9Etf8TNqmxqUAkpKxCwl/NAUBRbi0tpIaqvvN1luyPEKCOeRUNTWE6SHtOGeUTppmZTrlL5w8MlQ9A/pHH8VJXFXzcEUJQAnpkaXgpt6lVvfX2HV/5u9i2KaSOIa10kiRiw1Na24wKY7kdie1JdAU52fynzC63QslwIDAQABo1MwUTAdBgNVHQ4EFgQUgJXRFwgMysVZgYpszNiP++ScUHIwHwYDVR0jBBgwFoAUgJXRFwgMysVZgYpszNiP++ScUHIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAS/KGESlKaZ2HeU3FX9e4rf+bR2NtRBRctrtx9pzWgDTvTIqyKF+pvgG9TzpvuH7POwl3Lop4Fm7azAIidDuBYGl6npfFPDgEcDibosgjhNKkTfgeRHrhR8vZm/tZ8cwLNduO+O+/MPJ2avdoeZm+9QCp4w9FwhlEpGP1ynMDGV/doyuHx71I5nB0h+1PhvFg+d+cVtMaxcV38pHBJh/5uf+fyv828SxRgBIGNwWIWVsZg0SmdgpbmJVxVWNC47cui+Wp6A8VbaVy/6rMCS891xZwcWhjOMGDW7B8RPWrb3oMUHNUG7boZMWS3VUnl+JIXuXA+4TNq92erpGvB35D1G4A1MHk4OKBgMlJpRCkpvAGFw44goG36+qKG7Qo0FazxfqnHmaKd8taWLCBiNRYTY9aMH3UoofPX5SzxHAjJp0x/9pTd/zDwCI8occdcYNjjN6NilD0cevvEm3YgvyD30R87pyT6TAuL1v4kWfLIm6rsx6BfgA5qBskDw8hBKAF4t7KWPmHavyQ8jUfgajHYfQo9OLueNyUEsCmbqkkoaMFdxpnfpKVwqAxCUeZFp/l7tp94+43spFIVcBoTGU+Q2D8CSXJBgADo5ktl3NJGPBcRYvZRWOgkNu5YG11K1EScotU5HzD1t4AUBnUG9bnSQbTVDR0cJd1RFvbKghKT5M=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.astound.com/module.php/core/authenticate.php?as=astound&logout"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.astound.com/module.php/core/authenticate.php?as=astound&logout"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.astound.com/saml2/idp/SSOService.php"/> </md:IDPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>Christopher</md:GivenName> <md:SurName>Godaire</md:SurName> <md:EmailAddress>mailto:christopher.godaire@astound.com</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor>
SimpleSAMLphp formaadis: kasuta seda siis, kui ka teine pool kasutab SimpleSAMLphp-d:
$metadata['https://idp.astound.com/saml2/idp/metadata.php'] = [ 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'https://idp.astound.com/saml2/idp/metadata.php', 'SingleSignOnService' => [ [ 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://idp.astound.com/saml2/idp/SSOService.php', ], ], 'SingleLogoutService' => [ [ 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'Location' => 'https://idp.astound.com/module.php/core/authenticate.php?as=astound&logout', ], [ 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://idp.astound.com/module.php/core/authenticate.php?as=astound&logout', ], ], 'certData' => 'MIIFazCCA1OgAwIBAgIUCJco/QgUMC1l+0Nn4dgcwYVPUe8wDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjEwMTcxNTA4MjdaFw0zMjEwMTQxNTA4MjdaMEUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgBH0JyCMF5B4cIwqSfZVTbHOJypt1EDHjAEqKdOKqYOcUQkog03iTcIoGhcniZtAwZAI2C+K30H/PaCUCEr1fEFpBGvUy1bpwU+XrVn/nsi4JiOPxkpRzLUvqKZcohfcKhfYXrx9/2dpbNKBcSlfPUS4wOWcXxgEINFd17kwRR2/NjFAffin3BJYHRZSfrSlRNgzD/8iY6yV8/kuS4NQi5lXo+JYTkkDLgKSP9IsUw0+pyEVAHjzwVufHKvmREjQBYPw3+NK1lFXmJ9Dj0etGaXifqYYO+JHgSYskJfH66NcaFh6TnvVMZ0KFYjqgZKSj5qbthRIZ6nuw7g1T0rdPCXfAat89CG9LwRVi0aub073IQxUIvxGEI/1oGGhLhtvimF2Gt0ugg+E29R4wFT07yPrkj9yoNZot76ywiiOTjAYRO8xcOE9GGuEqGrFgJ+vJCzK3gAlgsRv9ypnHciT4F/ZgJZ/xvjpaZh6sze3V8lNpNdNyD28ucU1NpBCDGablnavkR7VX9Etf8TNqmxqUAkpKxCwl/NAUBRbi0tpIaqvvN1luyPEKCOeRUNTWE6SHtOGeUTppmZTrlL5w8MlQ9A/pHH8VJXFXzcEUJQAnpkaXgpt6lVvfX2HV/5u9i2KaSOIa10kiRiw1Na24wKY7kdie1JdAU52fynzC63QslwIDAQABo1MwUTAdBgNVHQ4EFgQUgJXRFwgMysVZgYpszNiP++ScUHIwHwYDVR0jBBgwFoAUgJXRFwgMysVZgYpszNiP++ScUHIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAS/KGESlKaZ2HeU3FX9e4rf+bR2NtRBRctrtx9pzWgDTvTIqyKF+pvgG9TzpvuH7POwl3Lop4Fm7azAIidDuBYGl6npfFPDgEcDibosgjhNKkTfgeRHrhR8vZm/tZ8cwLNduO+O+/MPJ2avdoeZm+9QCp4w9FwhlEpGP1ynMDGV/doyuHx71I5nB0h+1PhvFg+d+cVtMaxcV38pHBJh/5uf+fyv828SxRgBIGNwWIWVsZg0SmdgpbmJVxVWNC47cui+Wp6A8VbaVy/6rMCS891xZwcWhjOMGDW7B8RPWrb3oMUHNUG7boZMWS3VUnl+JIXuXA+4TNq92erpGvB35D1G4A1MHk4OKBgMlJpRCkpvAGFw44goG36+qKG7Qo0FazxfqnHmaKd8taWLCBiNRYTY9aMH3UoofPX5SzxHAjJp0x/9pTd/zDwCI8occdcYNjjN6NilD0cevvEm3YgvyD30R87pyT6TAuL1v4kWfLIm6rsx6BfgA5qBskDw8hBKAF4t7KWPmHavyQ8jUfgajHYfQo9OLueNyUEsCmbqkkoaMFdxpnfpKVwqAxCUeZFp/l7tp94+43spFIVcBoTGU+Q2D8CSXJBgADo5ktl3NJGPBcRYvZRWOgkNu5YG11K1EScotU5HzD1t4AUBnUG9bnSQbTVDR0cJd1RFvbKghKT5M=', 'NameIDFormat' => [ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', ], 'contacts' => [ [ 'emailAddress' => 'christopher.godaire@astound.com', 'contactType' => 'technical', 'givenName' => 'Christopher', 'surName' => 'Godaire', ], ], ];
Sertifikaadid
Lae alla X509 sertifikaadid PEM kodeeringus failidena.