SAML V2.0 Metadata Extensions for Identity Provider Discovery Service Protocol and Profile

SAML V2.0 Metadata Extensions for Identity Provider Discovery Service Protocol and Profile
- Generated XML Metadata Examples

This is a reference for the SimpleSAMLphp implementation of the SAML V2.0 Metadata Extensions for Identity Provider Discovery Service Protocol and Profile defined by OASIS.

The metadata extension is available to SP usage of SimpleSAMLphp. The entries are placed inside the relevant entry in authsources.php .

An example:

  <?php
  $config = [

      'default-sp' => [
          'saml:SP',

          'DiscoveryResponse' => [
              [
                  'index' => 1,
                  'Binding' => 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol',
                  'Location' => 'https://simplesamlphp.org/some/endpoint',
                  'isDefault' => true,
              ],
          ],
          /* ... */
      ],
  ];

Generated XML Metadata Examples

The example given above will generate the following XML metadata:

  <?xml version="1.0"?>
  <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com/saml-idp">
    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:Extensions>
        <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://simplesamlphp.org/some/endpoint" index="1" isDefault="true" />
      </md:Extensions>
      <md:KeyDescriptor use="signing">
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ds:X509Data>
          ...