...
In comparison to the existing (JSON) format, all the same configuration options are available. See the table at the end for mappings between the JSON claims and the SAML metadata.
...
JSON claim | SAML metadata location | Notes |
---|---|---|
client_id | EntityDescriptor/@entityID | |
client_secret | EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:ClientSecret EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:ClientSecretKeyReference | Only one value per entity |
redirect_uri | EntityDescriptor/SPSSODescriptor/AssertionConsumerService | Binding:
|
token_endpoint_auth_method application_type client_uri software_id software_version sector_identifier_uri id_token_signed_response_alg id_token_encrypted_response_alg id_token_encrypted_response_enc userinfo_signed_response_alg userinfo_encrypted_response_alg userinfo_encrypted_response_enc request_object_signing_alg request_object_encryption_alg request_object_encryption_enc token_endpoint_auth_signing_alg default_max_age require_auth_time initiate_login_uri | Like-named XML Attributes defined on: EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions | These are single-valued claims that map directly into XML Attributes in a metadata extension element. |
grant_types response_types scopes | Like-named XML Attributes defined on: EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions | These are multiple-valued claims that map directly into XML Attributes in a metadata extension element. Multiple values are supplied using a space-delimited list. NOTE: Since OP 3.2, use '+' sign to supply a response type value containing a space. For instance, the value "code code+id_token+token" in XML is translated into two OIDC response types: "code" and "code id_token token". |
client_name | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:DisplayName | |
logo_uri | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:Logo | |
contacts | EntityDescriptor/ContactPerson/EmailAddress | |
organization_name | EntityDescriptor/Organization/OrganizationName | |
tos_uri | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:InformationURL | |
policy_uri | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:PrivacyStatementURL | |
jwks_uri | EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:JwksUri | |
jwks | EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:JwksData | The value is Base64-encoded JSON string |
subject_type | EntityDescriptor/SPSSODescriptor/NameIDFormat | One of:
|
default_acr_values | EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:default_acr_value | Each value is defined in an extension element. |
request_uris | EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:request_uri | Each value is defined in an extension element. |
post_logout_redirect_uris | EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:post_logout_redirect_uri | Each value is defined in an extension element. |
...