Versions Compared

Old Version 3

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 4

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A common use of Metadata across both IdP and SP roles, among others, is to associate one or more public keys with the system being defined. The <md:KeyDescriptor> element is a wrapper around the XML Signature-defined <ds:KeyInfo> element, an extensible container for describing keys.

...

Code Block
xml
xml
titleExample role with a single authentication/encryption key

...
<md:SPSSODescriptor>
...
  <md:KeyDescriptor>
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:X509Data>
        <ds:X509Certificate>
          MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
          BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
          Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
          AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
          ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
          Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
          4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
          lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
          v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
          CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
          eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
          BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
          Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
          w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </md:KeyDescriptor>
...
</md:SPSSODescriptor>
...

...

Code Block
xml
xml
titleExample role with separate authentication/encryption keys

...
<md:SPSSODescriptor>
...
  <md:KeyDescriptor use="signing">
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:X509Data>
        <ds:X509Certificate>
          MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
          BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
          Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
          AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
          ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
          Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
          4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
          lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
          v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
          CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
          eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
          BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
          Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
          w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </md:KeyDescriptor>

  <md:KeyDescriptor use="encryption">
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:X509Data>
        <ds:X509Certificate>
          MIIDFTCCAf2gAwIBAgIJAK4gEVnyy0CbMA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNV
          BAMTGnNub3dkb2cuYWQuc2VydmljZS5vc3UuZWR1MB4XDTA4MDMxMjE2MTYyNloX
          DTE4MDMxMDE2MTYyNlowJTEjMCEGA1UEAxMac25vd2RvZy5hZC5zZXJ2aWNlLm9z
          dS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFdV6i/iTjyOdr
          uhXnK0ge5u5m1M7nQzI15hfFOLRjmFj3YeSQV39BRl1VEhngY0rODGu7jxq+agWm
          FkF2VLsPCuQp0G/YsSWJem3Ml5UyY0h0GQy7Rgb+aQpHeq298fVwe/xLJqFb0McD
          1amO/xL5yYteT3egh5vP+NVJH8qZ/iAiB7FD3IWpJmGVAQfFaGGJ+xzVETtsX/gk
          Vw3Bu219j498D+4HBsZBKX0OPeuDw3JS7lb7O95c6bTOYkNlAQ35xeqzSh8k5sO5
          h/PZu7IVMNAZHgdDV252kI8eK+fEhWeGpXnOHy/kM6u3xoNmlO9curvuaVST4Nei
          0gzxNDblAgMBAAGjSDBGMCUGA1UdEQQeMByCGnNub3dkb2cuYWQuc2VydmljZS5v
          c3UuZWR1MB0GA1UdDgQWBBR3jHu4t+0+mnfh2LmuOj1kKCdcdTANBgkqhkiG9w0B
          AQUFAAOCAQEAiq9kwY+gowisM5eLAFRu+0GQCUrgT0cj/faBLlehtJLU71VauYdR
          bDqafydNmAu7obyjFC61dk8yMQKJ0GoRYnrmAh6g0v4MJB0V5Q3tU+yVGmPjIr9a
          24WIOVBpdyW17bXU6l9b9ZyWkA3jmUi7/AqaqrX2cQ/Y2sBGhPHKvntet+9sJqBB
          NzTBhkaNKRSg2NSzdS0bjuqYPkgCiYKVXYpV7Hcf5YS+Jl16hMDaLizGp2lK0Vo3
          eCb5ax4QditlbQl9l6FKJ2FMPk0/UCUKQb8bEDHHbmxu/zcebiAqAysVvBsDXixI
          vVWP2Vo0PaLrOqehb7Gs5h9YyM0p1TxK3w==
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </md:KeyDescriptor>
...
</md:SPSSODescriptor>
...

...