Versions Compared

Old Version 1

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 2

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
titleShibboleth-Specific Tip

TBD..The Location attribute of these endpoints is derived from the <ProfileHandler> elements defined in the IdP's handler.xml file. As with all IdP profile handlers that rely on SOAP, the locations will typically be of the form https://hostname:8443 + servlet context + "/profile" + path, where path is determined from the <RequestPath> child element in the profile handler configuration.

The elements must also include a Binding attribute, which can be copied directly from the profile handler's inboundBinding attribute.

Logout

If your IdP supports SAML 2.0 Single Logout, you will need to include one or more <md:SingleLogoutService> endpoint elements in the metadata.

...

Tip
titleShibboleth-Specific Tip

TBD..The Location attribute of these endpoints is derived from the <ProfileHandler> elements defined in the IdP's handler.xml file. As with all front-channel IdP profile handlers, the locations will typically be of the form https://hostname + servlet context + "/profile" + path, where path is determined from the <RequestPath> child element in the profile handler configuration.

The elements must also include a Binding attribute, which can be copied directly from the profile handler's inboundBinding attribute.

Attribute Services

IdPs that support attribute queries document this by including the additional <md:AttributeAuthorityDescriptor> role in their metadata containing one or more <md:AttributeService> endpoint elements. These are the SOAP endpoints to which SPs or other software may send SAML attribute queries.

Tip
titleShibboleth-Specific Tip

TBD..The Location attribute of these endpoints is derived from the <ProfileHandler> elements defined in the IdP's handler.xml file. As with all IdP profile handlers that rely on SOAP, the locations will typically be of the form https://hostname:8443 + servlet context + "/profile" + path, where path is determined from the <RequestPath> child element in the profile handler configuration.

The elements must also include a Binding attribute, which can be copied directly from the profile handler's inboundBinding attribute.

Documenting Attributes

An IdP can enumerate the SAML attributes that it can supply (subject to policy) to SPs. This is essentially informational in most cases.

...