113 lines
4.2 KiB
Plaintext
113 lines
4.2 KiB
Plaintext
SAML V2.0 Metadata Extensions for Registration and Publication Information
|
|
=============================
|
|
|
|
<!--
|
|
This file is written in Markdown syntax.
|
|
For more information about how to use the Markdown syntax, read here:
|
|
http://daringfireball.net/projects/markdown/syntax
|
|
-->
|
|
|
|
* Author: Jaime Perez [jaime.perez@uninett.no](mailto:jaime.perez@uninett.no)
|
|
|
|
<!-- {{TOC}} -->
|
|
|
|
This is a reference for the SimpleSAMLphp implementation of the [SAML
|
|
V2.0 Metadata Extensions for Registration and Publication Information](http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.html)
|
|
defined by OASIS.
|
|
|
|
This extension aims to provide information about the registrars and publishers of the metadata themselves, and it is therefore
|
|
available throught different endpoints and modules that provide metadata all along simpleSAMLphp. More specifically, this
|
|
extension can be used for:
|
|
|
|
- metadata published for a [hosted service provider](./saml:sp).
|
|
- metadata published for a [hosted identity provider](./simplesamlphp-reference-idp-hosted).
|
|
- metadata collected and published by means of the [`aggregator`](./aggregator:aggregator) or [`aggregator2`](./aggregator2:aggregator2) modules.
|
|
|
|
Currently, only the `<mdrpi:RegistrationInfo>` element is supported.
|
|
|
|
Depending on the metadata set you want to add this extension to, you will have to configure it on the corresponding
|
|
configuration file:
|
|
|
|
- `metadata/saml20-idp-hosted.php` for hosted identity providers.
|
|
- `config/authsources.php` for hosted service providers.
|
|
- `config/module_aggregator.php` for the `aggregator` module.
|
|
- `config/module_aggregator2.php` for the `aggregator2` module.
|
|
|
|
RegistrationInfo Items
|
|
----------------------
|
|
|
|
The configuration is the same for all the different files, and consists of a single directive called `RegistrationInfo`, which
|
|
**must** be an indexed array with the following options:
|
|
|
|
`authority`
|
|
: A string containing an identifier of the authority who has registered this metadata. This parameter is **mandatory**.
|
|
|
|
`instant`
|
|
: A string containing the instant when the entity or entities where registered by the authority. This parameter is
|
|
optional, and must be expressed in the UTC timezone with the *zulu* (`Z`) timezone identifier. If omitted, there will be no
|
|
`registrationInstant` in the resulting metadata, except in the `aggregator2` module, which will use the instant when the metadata
|
|
was generated.
|
|
|
|
`policies`
|
|
: An indexed array containing URLs pointing to the policy under which the entity or entities where registered. Each
|
|
index must be the language code corresponding to the language of the URL. This parameter is optional, and will be omitted in the
|
|
resulting metadata if not configured.
|
|
|
|
|
|
Examples
|
|
--------
|
|
|
|
Service Provider:
|
|
|
|
'default-sp' => array(
|
|
'saml:SP',
|
|
'entityID' => NULL,
|
|
...
|
|
'RegistrationInfo' => array(
|
|
'authority' => 'urn:mace:sp.example.org',
|
|
'instant' => '2008-01-17T11:28:03.577Z',
|
|
'policies' => array('en' => 'http://sp.example.org/policy', 'es' => 'http://sp.example.org/politica'),
|
|
),
|
|
),
|
|
|
|
Identity Provider:
|
|
|
|
$metadata['__DYNAMIC:1__'] = array(
|
|
'host' => '__DEFAULT__',
|
|
...
|
|
'RegistrationInfo' => array(
|
|
'authority' => 'urn:mace:idp.example.org',
|
|
'instant' => '2008-01-17T11:28:03.577Z',
|
|
),
|
|
);
|
|
|
|
`aggregator` module:
|
|
|
|
$config = array(
|
|
'aggregators' => array(
|
|
...
|
|
),
|
|
'maxDuration' => 60*60*24*5,
|
|
'reconstruct' => FALSE,
|
|
...
|
|
'RegistrationInfo' => array(
|
|
'authority' => 'urn:mace:example.federation',
|
|
'instant' => '2008-01-17T11:28:03Z',
|
|
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
|
|
),
|
|
);
|
|
|
|
`aggregator2` module:
|
|
|
|
$config = array(
|
|
'example.org' => array(
|
|
'sources' => array(
|
|
...
|
|
),
|
|
'RegistrationInfo' => array(
|
|
'authority' => 'urn:mace:example.federation',
|
|
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
|
|
),
|
|
),
|
|
);
|