Shared SAML2 metadata
This is for how to configure SAML2 metadata, which applies to both SAML_IDP and SAML_SP buckets in the configuration.
Configuration
| Property | Optional value |
|---|---|
| adminContact | Array of Contacts |
| supportContact | Array of Contacts |
| billingContact | Array of Contacts |
| otherContact | Array of Contacts |
| techContact | Array of Contacts |
| orgURL | The organization URL |
| orgName | The organization name (legal) |
| orgDisplayName | The organization's display name |
Contact
| Property | Optional value |
|---|---|
| givenName | The given name |
| sn | The surname |
| The email |
Example configuration
In the example below, this should be appended to the configuration for an SAML IdP or SP in either the bucket SAML_IDP or SAML_SP
{
"adminContact": [
{
"givenName": "Adminman",
"sn": "Barson",
"mail": "foo@bar.com"
},
{
"givenName": "Adminman 2",
"sn": "Barson",
"mail": "foo@bar.com"
}
],
"supportContact": [
{
"givenName": "Supportman",
"sn": "Barson",
"mail": "foo@bar.com"
},
{
"givenName": "Supportman 2",
"sn": "Barson",
"mail": "foo@bar.com"
}
],
"billingContact": [
{
"givenName": "Billman",
"sn": "Barson",
"mail": "foo@bar.com"
},
{
"givenName": "Billman 2",
"sn": "Barson",
"mail": "foo@bar.com"
}
],
"otherContact": [
{
"givenName": "Otherman",
"sn": "Barson",
"mail": "foo@bar.com"
},
{
"givenName": "Otherman 2",
"sn": "Barson",
"mail": "foo@bar.com"
}
],
"techContact": [
{
"givenName": "Techman",
"sn": "Barson",
"mail": "foo@bar.com"
},
{
"givenName": "Techman 2",
"sn": "Barson",
"mail": "foo@bar.com"
}
],
"orgURL": "https://foo.bar.com/",
"orgName": "Foo Bar Sweden AB",
"orgDisplayName": "Foo Bar"
}
Example of generated metadata
In this example, only the parts that are directly related to what's configured above has been included
<md:EntityDescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Foo Bar Sweden AB</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Foo Bar</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">https://foo.bar.com/</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="administrative">
<md:GivenName>Adminman</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="administrative">
<md:GivenName>Adminman 2</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="billing">
<md:GivenName>Billman</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="billing">
<md:GivenName>Billman 2</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="other">
<md:GivenName>Otherman</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="other">
<md:GivenName>Otherman 2</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:GivenName>Supportman</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:GivenName>Supportman 2</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="technical">
<md:GivenName>Techman</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="technical">
<md:GivenName>Techman 2</md:GivenName>
<md:SurName>Barson</md:SurName>
<md:EmailAddress>foo@bar.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>