SAML 2.0 IdP metaandmed
SAML 2.0 IdP metaandmed
Need on SimpleSAMLphp poolt sulle genereeritud metaandmed. Võid saata need metaandmed usaldatavatele partneritele usaldatava föderatsiooni loomiseks.
Metaandmete XML-i on võimalik saada spetsiaalselt aadressilt:
https://auth.ut.ee/idp/saml2/idp/metadata.php
Metaandmed
SAML 2.0 metaandmete XML-vormingus:
<?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://auth.ut.ee/idp/saml2/idp/metadata.php"> <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="true"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIFDTCCA3WgAwIBAgIUVxrkORoRY2+r3Dongzu9Z2+v1RwwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhUYXJ0dW1hYTEOMAwGA1UEBwwFVGFydHUxHDAaBgNVBAoME1VuaXZlcnNpdHkgb2YgVGFydHUxEzARBgNVBAsMCklUIG9zYWtvbmQxEzARBgNVBAMMCmF1dGgudXQuZWUxGzAZBgkqhkiG9w0BCQEWDG9yYWNsZUB1dC5lZTAeFw0yMjA3MjYwNjE2NDhaFw0zMjA3MjUwNjE2NDhaMIGVMQswCQYDVQQGEwJFRTERMA8GA1UECAwIVGFydHVtYWExDjAMBgNVBAcMBVRhcnR1MRwwGgYDVQQKDBNVbml2ZXJzaXR5IG9mIFRhcnR1MRMwEQYDVQQLDApJVCBvc2Frb25kMRMwEQYDVQQDDAphdXRoLnV0LmVlMRswGQYJKoZIhvcNAQkBFgxvcmFjbGVAdXQuZWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDTHKTkF5xuimI4dBmeolY7Yz89zQqLVFlFakBk1EVbtI2mOKbBMcj/6WqD7UF/XLw8BJ5IImWq9zs+oo0fLBb9McT6+4WEWS5FTWg/QFeGMHJJ7pjhME4V2lsPobKQ4gQdG77FAPCcQ4kHybQg8CyRgLavNPKjTfqA4+hbsialCwlTiAuSEt1Q4c3mmxq0HQbAHVyDZ07irFo+l1gz8UBcDG3YFZfCrSCd8lPDIexJ3JknRk+mfmsPpT6s39QvDuYIxFDmwUbu1U63vtzdI7Kk4YUulLEmYIvoWa6ORNujnMR0+KprPWADMcnAKCA4f6PSf0OPX99tbvMR3hyaAajJlBnT8pQDF8bgYqRtscjes0+LhZv9PP/K4Cpj9ip+sMebeZGI+W3u4nPfl73WMlqT+hZoNqr+hUeXeUaFODR7Cd1qHjea8zb+QfzjNyABcK9C7ncVKi50HIfb/u5Kd6DGqxPCb8m2k432LW5dtotgePF9tC/s55xhDJLDNXW9OqkCAwEAAaNTMFEwHQYDVR0OBBYEFDwQsIzZDtmq9ZYgRrKim0wlnMuUMB8GA1UdIwQYMBaAFDwQsIzZDtmq9ZYgRrKim0wlnMuUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAIBkT55Etc6S8xNpxreNnnnkz+MYFCRWmg+7QelLAcdsBOfl/evs7KriTX4xF7/vtRPzYk1LZgYQd+v/M5pvSsn5oQm9EWKHS8X8P83jlEQU9JjZCSwb3izsMOQJLigI7CDb7p5m6jqc7RWv+LplQ2UGsrN58kJs5zx8zBjFec7zH+FsAIEsxW07RPh82FQ6nFoPQ3Iveni3c8WOx/Pn0O3IeWMh5VK+8wKDjSnBoZJDHtJj4S8+DZs29UtauL39WlYELnSailGCgjj7JUFo3f3Ztq0jTcJww0tdCplVL+miAlj4JtHmw4YG0qqR/eC6PJg52UvkyUWsYf5tk2qXLsJ6MYCWn4tANV9CoXOba5Wa6tTPMd8bKIxjy0Cyug4+4i2+I+jD5dI9+PskJQrHYjxa5K7ZAxAvfmfyLHemTkMlsAjTcylW4q8JKW+6C/9mdggVyQB3y540WrCONO0dIrowu7Pw+2O/GkJ/vXJ8r1zLnmkaLLliz92nudfoIPHf+A==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIFDTCCA3WgAwIBAgIUVxrkORoRY2+r3Dongzu9Z2+v1RwwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhUYXJ0dW1hYTEOMAwGA1UEBwwFVGFydHUxHDAaBgNVBAoME1VuaXZlcnNpdHkgb2YgVGFydHUxEzARBgNVBAsMCklUIG9zYWtvbmQxEzARBgNVBAMMCmF1dGgudXQuZWUxGzAZBgkqhkiG9w0BCQEWDG9yYWNsZUB1dC5lZTAeFw0yMjA3MjYwNjE2NDhaFw0zMjA3MjUwNjE2NDhaMIGVMQswCQYDVQQGEwJFRTERMA8GA1UECAwIVGFydHVtYWExDjAMBgNVBAcMBVRhcnR1MRwwGgYDVQQKDBNVbml2ZXJzaXR5IG9mIFRhcnR1MRMwEQYDVQQLDApJVCBvc2Frb25kMRMwEQYDVQQDDAphdXRoLnV0LmVlMRswGQYJKoZIhvcNAQkBFgxvcmFjbGVAdXQuZWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDTHKTkF5xuimI4dBmeolY7Yz89zQqLVFlFakBk1EVbtI2mOKbBMcj/6WqD7UF/XLw8BJ5IImWq9zs+oo0fLBb9McT6+4WEWS5FTWg/QFeGMHJJ7pjhME4V2lsPobKQ4gQdG77FAPCcQ4kHybQg8CyRgLavNPKjTfqA4+hbsialCwlTiAuSEt1Q4c3mmxq0HQbAHVyDZ07irFo+l1gz8UBcDG3YFZfCrSCd8lPDIexJ3JknRk+mfmsPpT6s39QvDuYIxFDmwUbu1U63vtzdI7Kk4YUulLEmYIvoWa6ORNujnMR0+KprPWADMcnAKCA4f6PSf0OPX99tbvMR3hyaAajJlBnT8pQDF8bgYqRtscjes0+LhZv9PP/K4Cpj9ip+sMebeZGI+W3u4nPfl73WMlqT+hZoNqr+hUeXeUaFODR7Cd1qHjea8zb+QfzjNyABcK9C7ncVKi50HIfb/u5Kd6DGqxPCb8m2k432LW5dtotgePF9tC/s55xhDJLDNXW9OqkCAwEAAaNTMFEwHQYDVR0OBBYEFDwQsIzZDtmq9ZYgRrKim0wlnMuUMB8GA1UdIwQYMBaAFDwQsIzZDtmq9ZYgRrKim0wlnMuUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAIBkT55Etc6S8xNpxreNnnnkz+MYFCRWmg+7QelLAcdsBOfl/evs7KriTX4xF7/vtRPzYk1LZgYQd+v/M5pvSsn5oQm9EWKHS8X8P83jlEQU9JjZCSwb3izsMOQJLigI7CDb7p5m6jqc7RWv+LplQ2UGsrN58kJs5zx8zBjFec7zH+FsAIEsxW07RPh82FQ6nFoPQ3Iveni3c8WOx/Pn0O3IeWMh5VK+8wKDjSnBoZJDHtJj4S8+DZs29UtauL39WlYELnSailGCgjj7JUFo3f3Ztq0jTcJww0tdCplVL+miAlj4JtHmw4YG0qqR/eC6PJg52UvkyUWsYf5tk2qXLsJ6MYCWn4tANV9CoXOba5Wa6tTPMd8bKIxjy0Cyug4+4i2+I+jD5dI9+PskJQrHYjxa5K7ZAxAvfmfyLHemTkMlsAjTcylW4q8JKW+6C/9mdggVyQB3y540WrCONO0dIrowu7Pw+2O/GkJ/vXJ8r1zLnmkaLLliz92nudfoIPHf+A==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://auth.ut.ee/idp/saml2/idp/SingleLogoutService.php"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://auth.ut.ee/idp/saml2/idp/SSOService.php"/> </md:IDPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>UT</md:GivenName> <md:SurName>Admin</md:SurName> <md:EmailAddress>mailto:devops@ut.ee</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor>
SimpleSAMLphp formaadis: kasuta seda siis, kui ka teine pool kasutab SimpleSAMLphp-d:
$metadata['https://auth.ut.ee/idp/saml2/idp/metadata.php'] = [ 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'https://auth.ut.ee/idp/saml2/idp/metadata.php', 'SingleSignOnService' => [ [ 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://auth.ut.ee/idp/saml2/idp/SSOService.php', ], ], 'SingleLogoutService' => [ [ 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://auth.ut.ee/idp/saml2/idp/SingleLogoutService.php', ], ], 'certData' => 'MIIFDTCCA3WgAwIBAgIUVxrkORoRY2+r3Dongzu9Z2+v1RwwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhUYXJ0dW1hYTEOMAwGA1UEBwwFVGFydHUxHDAaBgNVBAoME1VuaXZlcnNpdHkgb2YgVGFydHUxEzARBgNVBAsMCklUIG9zYWtvbmQxEzARBgNVBAMMCmF1dGgudXQuZWUxGzAZBgkqhkiG9w0BCQEWDG9yYWNsZUB1dC5lZTAeFw0yMjA3MjYwNjE2NDhaFw0zMjA3MjUwNjE2NDhaMIGVMQswCQYDVQQGEwJFRTERMA8GA1UECAwIVGFydHVtYWExDjAMBgNVBAcMBVRhcnR1MRwwGgYDVQQKDBNVbml2ZXJzaXR5IG9mIFRhcnR1MRMwEQYDVQQLDApJVCBvc2Frb25kMRMwEQYDVQQDDAphdXRoLnV0LmVlMRswGQYJKoZIhvcNAQkBFgxvcmFjbGVAdXQuZWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDTHKTkF5xuimI4dBmeolY7Yz89zQqLVFlFakBk1EVbtI2mOKbBMcj/6WqD7UF/XLw8BJ5IImWq9zs+oo0fLBb9McT6+4WEWS5FTWg/QFeGMHJJ7pjhME4V2lsPobKQ4gQdG77FAPCcQ4kHybQg8CyRgLavNPKjTfqA4+hbsialCwlTiAuSEt1Q4c3mmxq0HQbAHVyDZ07irFo+l1gz8UBcDG3YFZfCrSCd8lPDIexJ3JknRk+mfmsPpT6s39QvDuYIxFDmwUbu1U63vtzdI7Kk4YUulLEmYIvoWa6ORNujnMR0+KprPWADMcnAKCA4f6PSf0OPX99tbvMR3hyaAajJlBnT8pQDF8bgYqRtscjes0+LhZv9PP/K4Cpj9ip+sMebeZGI+W3u4nPfl73WMlqT+hZoNqr+hUeXeUaFODR7Cd1qHjea8zb+QfzjNyABcK9C7ncVKi50HIfb/u5Kd6DGqxPCb8m2k432LW5dtotgePF9tC/s55xhDJLDNXW9OqkCAwEAAaNTMFEwHQYDVR0OBBYEFDwQsIzZDtmq9ZYgRrKim0wlnMuUMB8GA1UdIwQYMBaAFDwQsIzZDtmq9ZYgRrKim0wlnMuUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAIBkT55Etc6S8xNpxreNnnnkz+MYFCRWmg+7QelLAcdsBOfl/evs7KriTX4xF7/vtRPzYk1LZgYQd+v/M5pvSsn5oQm9EWKHS8X8P83jlEQU9JjZCSwb3izsMOQJLigI7CDb7p5m6jqc7RWv+LplQ2UGsrN58kJs5zx8zBjFec7zH+FsAIEsxW07RPh82FQ6nFoPQ3Iveni3c8WOx/Pn0O3IeWMh5VK+8wKDjSnBoZJDHtJj4S8+DZs29UtauL39WlYELnSailGCgjj7JUFo3f3Ztq0jTcJww0tdCplVL+miAlj4JtHmw4YG0qqR/eC6PJg52UvkyUWsYf5tk2qXLsJ6MYCWn4tANV9CoXOba5Wa6tTPMd8bKIxjy0Cyug4+4i2+I+jD5dI9+PskJQrHYjxa5K7ZAxAvfmfyLHemTkMlsAjTcylW4q8JKW+6C/9mdggVyQB3y540WrCONO0dIrowu7Pw+2O/GkJ/vXJ8r1zLnmkaLLliz92nudfoIPHf+A==', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'sign.authnrequest' => true, 'redirect.sign' => true, 'contacts' => [ [ 'emailAddress' => 'devops@ut.ee', 'contactType' => 'technical', 'givenName' => 'UT', 'surName' => 'Admin', ], ], ];
Sertifikaadid
Lae alla X509 sertifikaadid PEM kodeeringus failidena.