django-mellon/mellon/templates/mellon/metadata.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
 entityID="{{ entity_id }}"
 xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
 <SPSSODescriptor
   AuthnRequestsSigned="true"
   WantAssertionsSigned="true"
   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     {% for public_key in public_keys %}
       <KeyDescriptor>
           <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
               <ds:X509Data>
                   <ds:X509Certificate>
                   {{ public_key }}
                   </ds:X509Certificate>
               </ds:X509Data>
           </ds:KeyInfo>
       </KeyDescriptor>
    {% endfor %}
   <SingleLogoutService
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
     Location="{{ logout_url }}" />
   {% for name_id_format in name_id_formats %}
       <NameIDFormat>{{ name_id_format }}</NameIDFormat>
   {% endfor %}
   <AssertionConsumerService
     index="0"
     isDefault="true"
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
     Location="{{ login_url }}" />
   <AssertionConsumerService
     index="1"
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
     Location="{{ login_url }}" />
 </SPSSODescriptor>

</EntityDescriptor>