...
In comparison to the existing (JSON) format, all the same configuration options are available. See the table at the end for mappings between the JSON claims and the SAML metadata.
...
| JSON claim | SAML metadata location | Notes |
|---|---|---|
| client_id | EntityDescriptor/@entityID | |
| client_secret | EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:ClientSecret EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:ClientSecretKeyReference | Only one value per entity |
| redirect_uri | EntityDescriptor/SPSSODescriptor/AssertionConsumerService | Binding:
|
token_endpoint_auth_method application_type client_uri software_id software_version sector_identifier_uri id_token_signed_response_alg id_token_encrypted_response_alg id_token_encrypted_response_enc userinfo_signed_response_alg userinfo_encrypted_response_alg userinfo_encrypted_response_enc request_object_signing_alg request_object_encryption_alg request_object_encryption_enc token_endpoint_auth_signing_alg default_max_age require_auth_time initiate_login_uri | Like-named XML Attributes defined on: EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions | These are single-valued claims that map directly into XML Attributes in a metadata extension element. |
grant_types response_types scopes | Like-named XML Attributes defined on: EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions | These are multiple-valued claims that map directly into XML Attributes in a metadata extension element. Multiple values are supplied using a space-delimited list. NOTE: Since OP 3.2, use '+' sign to supply a response type value containing a space. For instance, the value "code code+id_token+token" in XML is translated into two OIDC response types: "code" and "code id_token token". |
| client_name | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:DisplayName | |
| logo_uri | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:Logo | |
| contacts | EntityDescriptor/ContactPerson/EmailAddress | |
| organization_name | EntityDescriptor/Organization/OrganizationName | |
| tos_uri | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:InformationURL | |
| policy_uri | EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:PrivacyStatementURL | |
| jwks_uri | EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:JwksUri | |
| jwks | EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:JwksData | The value is Base64-encoded JSON string |
| subject_type | EntityDescriptor/SPSSODescriptor/NameIDFormat | One of:
|
| default_acr_values | EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:default_acr_value | Each value is defined in an extension element. |
| request_uris | EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:request_uri | Each value is defined in an extension element. |
| post_logout_redirect_uris | EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:post_logout_redirect_uri | Each value is defined in an extension element. |
...