Versions Compared

Version Old Version 2 New Version 3
Changes made by

Former user

ndk@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Cat out the new certificate file's contents. Strip out the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- strings, but leave them in the file itself. Leading and trailing whitespace breaks early Xerces, and was fixed in 2.6.1 and in 2.7. Embedded whitespace (indenting) probably requires xmlsec 1.3, which doesn't use openssl's broken base64 decoder; it's not clear what the Java parser allows. Place the resulting alphanumeric soup in XML like the following:

...

Code Block
xml
xml
<EntitiesDescriptor
	 xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
	 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
	 xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
	 xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/saml-schema-metadata-2.0.xsd
	 urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd
	 http://www.w3.org/2000/09/xmldsig# ../schemas/xmldsig-core-schema.xsd"
	 Name="https://www.supervillain.edu/evil-federation/policy.html"
	 validUntil="2010-01-01T00:00:00Z">

	<!-- This is the metadata for Evil Federation using embedded certificates. -->

	<!-- The Supervillain IdP -->
	<EntityDescriptor entityID="https://idp.example.org/shibboleth">
		<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
			<Extensions>
				<!-- It's authoritative for supervillain.edu. -->
				<shibmd:Scope>supervillain.edu</shibmd:Scope>
			</Extensions>

			<KeyDescriptor use="signing">
				 <ds:KeyInfo>
					  <ds:X509Data>
						  <ds:X509Certificate>
MIIEzTCCA7WgAwIBAgIJAPBxTwLnvO0aMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxDzANBgNVBAcTBkdvdGhhbTEgMB4G
A1UEChMXU3VwZXJ2aWxsYWluIFVuaXZlcnNpdHkxHTAbBgNVBAMTFGlkcC5zdXBl
cnZpbGxhaW4uZWR1MSswKQYJKoZIhvcNAQkBFhxncmVlbmdvYmxpbkBzdXBlcnZp
bGxhaW4uZWR1MB4XDTA2MDgxNzIxMDUzNVoXDTE2MDgxNDIxMDUzNVowgZ8xCzAJ
BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGR290aGFtMSAw
HgYDVQQKExdTdXBlcnZpbGxhaW4gVW5pdmVyc2l0eTEdMBsGA1UEAxMUaWRwLnN1
cGVydmlsbGFpbi5lZHUxKzApBgkqhkiG9w0BCQEWHGdyZWVuZ29ibGluQHN1cGVy
dmlsbGFpbi5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf18VZ
75icxGtfpH50gZpDST1nNvCB2zhU3EYJtnMFCwQY/oWQhWz34+f/78ahiYfWBb+v
QaaRgf2IVMM38Mrol2sqn79s9dmEJyPqOaupWZmskgR05aogt2oFYtXCvV2QGurI
FvDn9Z/bIjrC+Xp7Mztu/Zx7dEFmdtkgvSBcnjVr7unGcObSxNAMOG//DEIyIXkj
eMuw/EAlqJBCF33hDDuaQIaZsfJsSIG7hiB7AxaP5+q0sRaimMuw/7urbIveNC9V
vNYNZa4XE8DQzTA8Gc7qqdlCnwvuYEZU5SDB/UwF6LSRqm9Z/dH7hW5j9k/Wqx8S
P4XNmW83QgE0hF2DAgMBAAGjggEIMIIBBDAdBgNVHQ4EFgQUnrDyPuiCOWUqq6oQ
x2vgw6DxYmcwgdQGA1UdIwSBzDCByYAUnrDyPuiCOWUqq6oQx2vgw6DxYmehgaWk
gaIwgZ8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMG
R290aGFtMSAwHgYDVQQKExdTdXBlcnZpbGxhaW4gVW5pdmVyc2l0eTEdMBsGA1UE
AxMUaWRwLnN1cGVydmlsbGFpbi5lZHUxKzApBgkqhkiG9w0BCQEWHGdyZWVuZ29i
bGluQHN1cGVydmlsbGFpbi5lZHWCCQDwcU8C57ztGjAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBBQUAA4IBAQCqrOghCppgxhs4a96r+LgNeUlWc6j6/t0MJA8i3HpB
B3QIvfGS/0UWUwClhx4K5clnNKmLNcps6QvwVxKE/hjzE6B9Vo4+F+0WprPjvoK5
FCYGYLfhCSDRi8GXATVQlQ6kaChOH7PgjAejrBNoRCKzq/sAP+1ZB0TaJaigbXEu
QnFlpBv54Vq+HBsS5i0N9Qd5kyB2FVOfecSzQEqOeNENreoKxlj8vLqQRH0DPObf
A2hidRUUxZktslTpuN+9hTpeqVWVx802QpzDNTeBEn8lf2e4eStQuY8edkh9yE/j
F/xPvs1EdxIeiFvd237Ef9TV2JoxEN2+pOSTtdJ8Exk0
						  </ds:X509Certificate>
					  </ds:X509Data>
				 </ds:KeyInfo>
			</KeyDescriptor>

			<ArtifactResolutionService index="1"
				Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
				Location="http://idp.example.org:8080/shibboleth-idp/Artifact"/>

			<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>

			<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
				 Location="https://idp.example.org/shibboleth-idp/SSO"/>

		</IDPSSODescriptor>
		
		<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
			<Extensions>
				<!-- It's authoritative for supervillain.edu. -->
				<shibmd:Scope>supervillain.edu</shibmd:Scope>
			</Extensions>

			<KeyDescriptor use="signing">
				 <ds:KeyInfo>
					  <ds:X509Data>
						  <ds:X509Certificate>
MIIEzTCCA7WgAwIBAgIJAPBxTwLnvO0aMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxDzANBgNVBAcTBkdvdGhhbTEgMB4G
A1UEChMXU3VwZXJ2aWxsYWluIFVuaXZlcnNpdHkxHTAbBgNVBAMTFGlkcC5zdXBl
cnZpbGxhaW4uZWR1MSswKQYJKoZIhvcNAQkBFhxncmVlbmdvYmxpbkBzdXBlcnZp
bGxhaW4uZWR1MB4XDTA2MDgxNzIxMDUzNVoXDTE2MDgxNDIxMDUzNVowgZ8xCzAJ
BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGR290aGFtMSAw
HgYDVQQKExdTdXBlcnZpbGxhaW4gVW5pdmVyc2l0eTEdMBsGA1UEAxMUaWRwLnN1
cGVydmlsbGFpbi5lZHUxKzApBgkqhkiG9w0BCQEWHGdyZWVuZ29ibGluQHN1cGVy
dmlsbGFpbi5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf18VZ
75icxGtfpH50gZpDST1nNvCB2zhU3EYJtnMFCwQY/oWQhWz34+f/78ahiYfWBb+v
QaaRgf2IVMM38Mrol2sqn79s9dmEJyPqOaupWZmskgR05aogt2oFYtXCvV2QGurI
FvDn9Z/bIjrC+Xp7Mztu/Zx7dEFmdtkgvSBcnjVr7unGcObSxNAMOG//DEIyIXkj
eMuw/EAlqJBCF33hDDuaQIaZsfJsSIG7hiB7AxaP5+q0sRaimMuw/7urbIveNC9V
vNYNZa4XE8DQzTA8Gc7qqdlCnwvuYEZU5SDB/UwF6LSRqm9Z/dH7hW5j9k/Wqx8S
P4XNmW83QgE0hF2DAgMBAAGjggEIMIIBBDAdBgNVHQ4EFgQUnrDyPuiCOWUqq6oQ
x2vgw6DxYmcwgdQGA1UdIwSBzDCByYAUnrDyPuiCOWUqq6oQx2vgw6DxYmehgaWk
gaIwgZ8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMG
R290aGFtMSAwHgYDVQQKExdTdXBlcnZpbGxhaW4gVW5pdmVyc2l0eTEdMBsGA1UE
AxMUaWRwLnN1cGVydmlsbGFpbi5lZHUxKzApBgkqhkiG9w0BCQEWHGdyZWVuZ29i
bGluQHN1cGVydmlsbGFpbi5lZHWCCQDwcU8C57ztGjAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBBQUAA4IBAQCqrOghCppgxhs4a96r+LgNeUlWc6j6/t0MJA8i3HpB
B3QIvfGS/0UWUwClhx4K5clnNKmLNcps6QvwVxKE/hjzE6B9Vo4+F+0WprPjvoK5
FCYGYLfhCSDRi8GXATVQlQ6kaChOH7PgjAejrBNoRCKzq/sAP+1ZB0TaJaigbXEu
QnFlpBv54Vq+HBsS5i0N9Qd5kyB2FVOfecSzQEqOeNENreoKxlj8vLqQRH0DPObf
A2hidRUUxZktslTpuN+9hTpeqVWVx802QpzDNTeBEn8lf2e4eStQuY8edkh9yE/j
F/xPvs1EdxIeiFvd237Ef9TV2JoxEN2+pOSTtdJ8Exk0
						  </ds:X509Certificate>
					  </ds:X509Data>
				 </ds:KeyInfo>
			</KeyDescriptor>
			
			<AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
				 Location="http://idp.example.org:8080/shibboleth-idp/AA"/>

			<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
		</AttributeAuthorityDescriptor>

		<!-- This is just information about the entity in human terms. -->
		<Organization>
			 <OrganizationName xml:lang="en">The Exalted University of Supervillains</OrganizationName>
			 <OrganizationDisplayName xml:lang="en">Supervillain University</OrganizationDisplayName>
			 <OrganizationURL xml:lang="en">http://www.supervillain.edu/</OrganizationURL>
		</Organization>
		<ContactPerson contactType="technical">
			 <SurName>Norman Osborn</SurName>
			 <EmailAddress>greengoblin@supervillain.edu</EmailAddress>
		</ContactPerson>

	</EntityDescriptor>

	<!-- The main Supervillain web server -->
	<EntityDescriptor entityID="https://www.supervillain.edu/shibboleth/evil-federation/sp">
	
		<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">

			<KeyDescriptor use="signing">
				 <ds:KeyInfo>
					  <ds:X509Data>
						  <ds:X509Certificate>
MIIEwTCCA6mgAwIBAgIJANXcCaTUM3BiMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD
VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxDzANBgNVBAcTBkdvdGhhbTEgMB4G
A1UEChMXU3VwZXJ2aWxsYWluIFVuaXZlcnNpdHkxHTAbBgNVBAMTFHd3dy5zdXBl
cnZpbGxhaW4uZWR1MScwJQYJKoZIhvcNAQkBFhhtYWduZXRvQHN1cGVydmlsbGFp
bi5lZHUwHhcNMDYwODE3MjEwNTA2WhcNMTYwODE0MjEwNTA2WjCBmzELMAkGA1UE
BhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMQ8wDQYDVQQHEwZHb3RoYW0xIDAeBgNV
BAoTF1N1cGVydmlsbGFpbiBVbml2ZXJzaXR5MR0wGwYDVQQDExR3d3cuc3VwZXJ2
aWxsYWluLmVkdTEnMCUGCSqGSIb3DQEJARYYbWFnbmV0b0BzdXBlcnZpbGxhaW4u
ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvTuYbPyvUZJITK8
VdnK6RPuYjViMK8N4JW3dmCrty9gCxYihYSB8JM+q5MB0iiVL/MaAyrgvebT470T
ftlUXSi2Y27EfdWlHoOwHCKJ8TE6kP44BedoYwFkOsUDBYu/TPfD5E9NB5dXFPIs
XpL6+SmijGx0au2n1l+vVf78xGA5bjj+mN909GihGvDq2ruElEnbjTWEIMew3Di3
mlWRueXSXvrDZ8WdNW7XzMKx2g6PlLhXz17IBbuuzzCatbEbpjPO1hBXSrrhI+re
3Q5MdgrJoFyswHK1b26/3noDmZTCChvPz8Umjk1VeBDYzd3CtBOqw1x4+eaXAtzO
b0HpxQIDAQABo4IBBDCCAQAwHQYDVR0OBBYEFGBRXrvGwEl6CM6MEJNyGIQlzzPs
MIHQBgNVHSMEgcgwgcWAFGBRXrvGwEl6CM6MEJNyGIQlzzPsoYGhpIGeMIGbMQsw
CQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxDzANBgNVBAcTBkdvdGhhbTEg
MB4GA1UEChMXU3VwZXJ2aWxsYWluIFVuaXZlcnNpdHkxHTAbBgNVBAMTFHd3dy5z
dXBlcnZpbGxhaW4uZWR1MScwJQYJKoZIhvcNAQkBFhhtYWduZXRvQHN1cGVydmls
bGFpbi5lZHWCCQDV3Amk1DNwYjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4IBAQAWbSn0Bu0pin6elv6qYdraZAzxBqzRsr9DNn0Qw/0M4bbphiSTR8Sn6WXW
VlYs8WCl7dQR5njdf/RolrHpYFhYsE3/M6CMS4bOMSpP3cArf6qanzGUCvUVM17K
1c/hlHZ61FLCbLdw9UO0qoZhfc3iLQs9wq7/Vt8yqqEiK+K74Dg8W6Ex1P6wm99n
w1EP5Q/nzw4HvueBFkLYt2HCly2RFgUN95KK4iq+loMs+nVu+vRZQ1xeKlePYHxB
M2d1ESOWEp9vf0sWe8x9utqO3BhmSJKaf2Hq6kBT1UNoKJ7pxa7iqzjzxe5uqSEO
hGhEPd2UOHQ/FJAWtqWY7y3GyEs/
						  </ds:X509Certificate>
					  </ds:X509Data>
				 </ds:KeyInfo>
			</KeyDescriptor>

			<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>

			<AssertionConsumerService index="1" isDefault="true"
				Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
				Location="https://www.supervillain.edu/Shibboleth.sso/SAML/POST"/>
			<AssertionConsumerService index="2"
				Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
				Location="https://www.supervillain.edu/Shibboleth.sso/SAML/Artifact"/>
		</SPSSODescriptor>

		<!-- This is just information about the entity in human terms. -->
		<Organization>
			 <OrganizationName xml:lang="en">The Exalted University of Supervillains</OrganizationName>
			 <OrganizationDisplayName xml:lang="en">Supervillain University</OrganizationDisplayName>
			 <OrganizationURL xml:lang="en">http://www.supervillain.edu/</OrganizationURL>
		</Organization>
		<ContactPerson contactType="technical">
			 <SurName>Erik Magnus Lehnsherr</SurName>
			 <EmailAddress>magneto@supervillain.edu</EmailAddress>
		</ContactPerson>
		
	</EntityDescriptor>

</EntitiesDescriptor>

%COMMENT%

...