...
Tip |
---|
title | Shibboleth-Specific Tip |
---|
|
TBD..The Location attribute of these endpoints is derived from the <ProfileHandler> elements defined in the IdP's handler.xml file. As with all IdP profile handlers that rely on SOAP, the locations will typically be of the form https://hostname:8443 + servlet context + "/profile" + path , where path is determined from the <RequestPath> child element in the profile handler configuration. The elements must also include a Binding attribute, which can be copied directly from the profile handler's inboundBinding attribute. |
Logout
If your IdP supports SAML 2.0 Single Logout, you will need to include one or more <md:SingleLogoutService>
endpoint elements in the metadata.
...
Tip |
---|
title | Shibboleth-Specific Tip |
---|
|
TBD..The Location attribute of these endpoints is derived from the <ProfileHandler> elements defined in the IdP's handler.xml file. As with all front-channel IdP profile handlers, the locations will typically be of the form https://hostname + servlet context + "/profile" + path , where path is determined from the <RequestPath> child element in the profile handler configuration. The elements must also include a Binding attribute, which can be copied directly from the profile handler's inboundBinding attribute. |
Attribute Services
IdPs that support attribute queries document this by including the additional <md:AttributeAuthorityDescriptor>
role in their metadata containing one or more <md:AttributeService>
endpoint elements. These are the SOAP endpoints to which SPs or other software may send SAML attribute queries.
Tip |
---|
title | Shibboleth-Specific Tip |
---|
|
TBD..The Location attribute of these endpoints is derived from the <ProfileHandler> elements defined in the IdP's handler.xml file. As with all IdP profile handlers that rely on SOAP, the locations will typically be of the form https://hostname:8443 + servlet context + "/profile" + path , where path is determined from the <RequestPath> child element in the profile handler configuration. The elements must also include a Binding attribute, which can be copied directly from the profile handler's inboundBinding attribute. |
Documenting Attributes
An IdP can enumerate the SAML attributes that it can supply (subject to policy) to SPs. This is essentially informational in most cases.
...