SAML V2.0 Metadata Extensions for Identity Provider Discovery Service Protocol and Profile
This is a reference for the SimpleSAMLphp implementation of the SAML V2.0 Metadata Extensions for Identity Provider Discovery Service Protocol and Profile defined by OASIS.
The metadata extension is available to SP usage of SimpleSAMLphp. The entries are placed inside the relevant
entry in
authsources.php
.
An example:
<?php
$config = [
'default-sp' => [
'saml:SP',
'DiscoveryResponse' => [
[
'index' => 1,
'Binding' => 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol',
'Location' => 'https://simplesamlphp.org/some/endpoint',
'isDefault' => true,
],
],
/* ... */
],
];
Generated XML Metadata Examples
The example given above will generate the following XML metadata:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com/saml-idp">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://simplesamlphp.org/some/endpoint" index="1" isDefault="true" />
</md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
...