Content Comparison

client_id

EntityDescriptor/@entityID

client_secret

EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:ClientSecret

EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:ClientSecretKeyReference

Only one value per entity

redirect_uri

EntityDescriptor/SPSSODescriptor/AssertionConsumerService

Binding: 

https://tools.ietf.org/html/rfc6749#section-3.1.2

token_endpoint_auth_method

application_type

client_uri

software_id

software_version

sector_identifier_uri

id_token_signed_response_alg

id_token_encrypted_response_alg

id_token_encrypted_response_enc

userinfo_signed_response_alg

userinfo_encrypted_response_alg

userinfo_encrypted_response_enc

request_object_signing_alg

request_object_encryption_alg

request_object_encryption_enc

token_endpoint_auth_signing_alg

default_max_age

require_auth_time

initiate_login_uri

frontchannel_logout_session_required ^v2.2

backchannel_logout_session_required ^v2.2

Like-named XML Attributes defined on:

EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions

These are single-valued claims that map directly into XML Attributes in a metadata extension element.

grant_types

response_types

scopes

Like-named XML Attributes defined on:

EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions

These are multiple-valued claims that map directly into XML Attributes in a metadata extension element. Multiple values are supplied using a space-delimited list.

NOTE: Since OP 3.2, use '+' sign to supply a response type value containing a space. For instance, the value "code code+id_token+token" in XML is translated into two OIDC response types: "code" and "code id_token token".

client_name

EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:DisplayName

logo_uri

EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:Logo

contacts

EntityDescriptor/ContactPerson/EmailAddress

organization_name

EntityDescriptor/Organization/OrganizationName

tos_uri

EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:InformationURL

policy_uri

EntityDescriptor/SPSSODescriptor/Extensions/mdui:UIInfo/mdui:PrivacyStatementURL

jwks_uri

EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:JwksUri

jwks

EntityDescriptor/SPSSODescriptor/ds:KeyDescriptor/ds:KeyInfo/oidcmd:JwksData

The value is Base64-encoded JSON string.

The JSON may be a single JWK or a JSON array of JWKs.

subject_type

EntityDescriptor/SPSSODescriptor/NameIDFormat

One of:
urn:mace:shibboleth:metadata:oidc:1.0:nameid-format:public
urn:mace:shibboleth:metadata:oidc:1.0:nameid-format:pairwise 

default_acr_values

EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:default_acr_value

Each value is defined in an extension element.

request_uris

EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:request_uri

Each value is defined in an extension element.

post_logout_redirect_uris

EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/oidcmd:post_logout_redirect_uri

Each value is defined in an extension element.

audience ¹

EntityDescriptor/SPSSODescriptor/Extensions/oidcmd:OAuthRPExtensions/saml:Audience

Each value is defined in an extension element (the element itself is a standard SAML element imported from the Assertion schema).

frontchannel_logout_uri ^v2.2

EntityDescriptor/SPSSODescriptor/SingleLogoutService

Binding: 

https://openid.net/specs/openid-connect-frontchannel-1_0.html

backchannel_logout_uri ^v2.2

EntityDescriptor/SPSSODescriptor/SingleLogoutService

Binding:

https://openid.net/specs/openid-connect-backchannel-1_0.html