SAML 2.0 IdP metaandmed
SAML 2.0 IdP metaandmed
Need on SimpleSAMLphp poolt sulle genereeritud metaandmed. Võid saata need metaandmed usaldatavatele partneritele usaldatava föderatsiooni loomiseks.
Metaandmete XML-i on võimalik saada spetsiaalselt aadressilt:
https://auth.ut.ee/idp/saml2/idp/metadata.php
Metaandmed
SAML 2.0 metaandmete XML-vormingus:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://auth.ut.ee/idp/saml2/idp/metadata.php">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="true">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIFDTCCA3WgAwIBAgIUVxrkORoRY2+r3Dongzu9Z2+v1RwwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhUYXJ0dW1hYTEOMAwGA1UEBwwFVGFydHUxHDAaBgNVBAoME1VuaXZlcnNpdHkgb2YgVGFydHUxEzARBgNVBAsMCklUIG9zYWtvbmQxEzARBgNVBAMMCmF1dGgudXQuZWUxGzAZBgkqhkiG9w0BCQEWDG9yYWNsZUB1dC5lZTAeFw0yMjA3MjYwNjE2NDhaFw0zMjA3MjUwNjE2NDhaMIGVMQswCQYDVQQGEwJFRTERMA8GA1UECAwIVGFydHVtYWExDjAMBgNVBAcMBVRhcnR1MRwwGgYDVQQKDBNVbml2ZXJzaXR5IG9mIFRhcnR1MRMwEQYDVQQLDApJVCBvc2Frb25kMRMwEQYDVQQDDAphdXRoLnV0LmVlMRswGQYJKoZIhvcNAQkBFgxvcmFjbGVAdXQuZWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDTHKTkF5xuimI4dBmeolY7Yz89zQqLVFlFakBk1EVbtI2mOKbBMcj/6WqD7UF/XLw8BJ5IImWq9zs+oo0fLBb9McT6+4WEWS5FTWg/QFeGMHJJ7pjhME4V2lsPobKQ4gQdG77FAPCcQ4kHybQg8CyRgLavNPKjTfqA4+hbsialCwlTiAuSEt1Q4c3mmxq0HQbAHVyDZ07irFo+l1gz8UBcDG3YFZfCrSCd8lPDIexJ3JknRk+mfmsPpT6s39QvDuYIxFDmwUbu1U63vtzdI7Kk4YUulLEmYIvoWa6ORNujnMR0+KprPWADMcnAKCA4f6PSf0OPX99tbvMR3hyaAajJlBnT8pQDF8bgYqRtscjes0+LhZv9PP/K4Cpj9ip+sMebeZGI+W3u4nPfl73WMlqT+hZoNqr+hUeXeUaFODR7Cd1qHjea8zb+QfzjNyABcK9C7ncVKi50HIfb/u5Kd6DGqxPCb8m2k432LW5dtotgePF9tC/s55xhDJLDNXW9OqkCAwEAAaNTMFEwHQYDVR0OBBYEFDwQsIzZDtmq9ZYgRrKim0wlnMuUMB8GA1UdIwQYMBaAFDwQsIzZDtmq9ZYgRrKim0wlnMuUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAIBkT55Etc6S8xNpxreNnnnkz+MYFCRWmg+7QelLAcdsBOfl/evs7KriTX4xF7/vtRPzYk1LZgYQd+v/M5pvSsn5oQm9EWKHS8X8P83jlEQU9JjZCSwb3izsMOQJLigI7CDb7p5m6jqc7RWv+LplQ2UGsrN58kJs5zx8zBjFec7zH+FsAIEsxW07RPh82FQ6nFoPQ3Iveni3c8WOx/Pn0O3IeWMh5VK+8wKDjSnBoZJDHtJj4S8+DZs29UtauL39WlYELnSailGCgjj7JUFo3f3Ztq0jTcJww0tdCplVL+miAlj4JtHmw4YG0qqR/eC6PJg52UvkyUWsYf5tk2qXLsJ6MYCWn4tANV9CoXOba5Wa6tTPMd8bKIxjy0Cyug4+4i2+I+jD5dI9+PskJQrHYjxa5K7ZAxAvfmfyLHemTkMlsAjTcylW4q8JKW+6C/9mdggVyQB3y540WrCONO0dIrowu7Pw+2O/GkJ/vXJ8r1zLnmkaLLliz92nudfoIPHf+A==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIFDTCCA3WgAwIBAgIUVxrkORoRY2+r3Dongzu9Z2+v1RwwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhUYXJ0dW1hYTEOMAwGA1UEBwwFVGFydHUxHDAaBgNVBAoME1VuaXZlcnNpdHkgb2YgVGFydHUxEzARBgNVBAsMCklUIG9zYWtvbmQxEzARBgNVBAMMCmF1dGgudXQuZWUxGzAZBgkqhkiG9w0BCQEWDG9yYWNsZUB1dC5lZTAeFw0yMjA3MjYwNjE2NDhaFw0zMjA3MjUwNjE2NDhaMIGVMQswCQYDVQQGEwJFRTERMA8GA1UECAwIVGFydHVtYWExDjAMBgNVBAcMBVRhcnR1MRwwGgYDVQQKDBNVbml2ZXJzaXR5IG9mIFRhcnR1MRMwEQYDVQQLDApJVCBvc2Frb25kMRMwEQYDVQQDDAphdXRoLnV0LmVlMRswGQYJKoZIhvcNAQkBFgxvcmFjbGVAdXQuZWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDTHKTkF5xuimI4dBmeolY7Yz89zQqLVFlFakBk1EVbtI2mOKbBMcj/6WqD7UF/XLw8BJ5IImWq9zs+oo0fLBb9McT6+4WEWS5FTWg/QFeGMHJJ7pjhME4V2lsPobKQ4gQdG77FAPCcQ4kHybQg8CyRgLavNPKjTfqA4+hbsialCwlTiAuSEt1Q4c3mmxq0HQbAHVyDZ07irFo+l1gz8UBcDG3YFZfCrSCd8lPDIexJ3JknRk+mfmsPpT6s39QvDuYIxFDmwUbu1U63vtzdI7Kk4YUulLEmYIvoWa6ORNujnMR0+KprPWADMcnAKCA4f6PSf0OPX99tbvMR3hyaAajJlBnT8pQDF8bgYqRtscjes0+LhZv9PP/K4Cpj9ip+sMebeZGI+W3u4nPfl73WMlqT+hZoNqr+hUeXeUaFODR7Cd1qHjea8zb+QfzjNyABcK9C7ncVKi50HIfb/u5Kd6DGqxPCb8m2k432LW5dtotgePF9tC/s55xhDJLDNXW9OqkCAwEAAaNTMFEwHQYDVR0OBBYEFDwQsIzZDtmq9ZYgRrKim0wlnMuUMB8GA1UdIwQYMBaAFDwQsIzZDtmq9ZYgRrKim0wlnMuUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAIBkT55Etc6S8xNpxreNnnnkz+MYFCRWmg+7QelLAcdsBOfl/evs7KriTX4xF7/vtRPzYk1LZgYQd+v/M5pvSsn5oQm9EWKHS8X8P83jlEQU9JjZCSwb3izsMOQJLigI7CDb7p5m6jqc7RWv+LplQ2UGsrN58kJs5zx8zBjFec7zH+FsAIEsxW07RPh82FQ6nFoPQ3Iveni3c8WOx/Pn0O3IeWMh5VK+8wKDjSnBoZJDHtJj4S8+DZs29UtauL39WlYELnSailGCgjj7JUFo3f3Ztq0jTcJww0tdCplVL+miAlj4JtHmw4YG0qqR/eC6PJg52UvkyUWsYf5tk2qXLsJ6MYCWn4tANV9CoXOba5Wa6tTPMd8bKIxjy0Cyug4+4i2+I+jD5dI9+PskJQrHYjxa5K7ZAxAvfmfyLHemTkMlsAjTcylW4q8JKW+6C/9mdggVyQB3y540WrCONO0dIrowu7Pw+2O/GkJ/vXJ8r1zLnmkaLLliz92nudfoIPHf+A==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://auth.ut.ee/idp/saml2/idp/SingleLogoutService.php"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://auth.ut.ee/idp/saml2/idp/SSOService.php"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>UT</md:GivenName>
<md:SurName>Admin</md:SurName>
<md:EmailAddress>mailto:devops@ut.ee</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
SimpleSAMLphp formaadis: kasuta seda siis, kui ka teine pool kasutab SimpleSAMLphp-d:
$metadata['https://auth.ut.ee/idp/saml2/idp/metadata.php'] = [
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://auth.ut.ee/idp/saml2/idp/metadata.php',
'SingleSignOnService' => [
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://auth.ut.ee/idp/saml2/idp/SSOService.php',
],
],
'SingleLogoutService' => [
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://auth.ut.ee/idp/saml2/idp/SingleLogoutService.php',
],
],
'certData' => 'MIIFDTCCA3WgAwIBAgIUVxrkORoRY2+r3Dongzu9Z2+v1RwwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhUYXJ0dW1hYTEOMAwGA1UEBwwFVGFydHUxHDAaBgNVBAoME1VuaXZlcnNpdHkgb2YgVGFydHUxEzARBgNVBAsMCklUIG9zYWtvbmQxEzARBgNVBAMMCmF1dGgudXQuZWUxGzAZBgkqhkiG9w0BCQEWDG9yYWNsZUB1dC5lZTAeFw0yMjA3MjYwNjE2NDhaFw0zMjA3MjUwNjE2NDhaMIGVMQswCQYDVQQGEwJFRTERMA8GA1UECAwIVGFydHVtYWExDjAMBgNVBAcMBVRhcnR1MRwwGgYDVQQKDBNVbml2ZXJzaXR5IG9mIFRhcnR1MRMwEQYDVQQLDApJVCBvc2Frb25kMRMwEQYDVQQDDAphdXRoLnV0LmVlMRswGQYJKoZIhvcNAQkBFgxvcmFjbGVAdXQuZWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDTHKTkF5xuimI4dBmeolY7Yz89zQqLVFlFakBk1EVbtI2mOKbBMcj/6WqD7UF/XLw8BJ5IImWq9zs+oo0fLBb9McT6+4WEWS5FTWg/QFeGMHJJ7pjhME4V2lsPobKQ4gQdG77FAPCcQ4kHybQg8CyRgLavNPKjTfqA4+hbsialCwlTiAuSEt1Q4c3mmxq0HQbAHVyDZ07irFo+l1gz8UBcDG3YFZfCrSCd8lPDIexJ3JknRk+mfmsPpT6s39QvDuYIxFDmwUbu1U63vtzdI7Kk4YUulLEmYIvoWa6ORNujnMR0+KprPWADMcnAKCA4f6PSf0OPX99tbvMR3hyaAajJlBnT8pQDF8bgYqRtscjes0+LhZv9PP/K4Cpj9ip+sMebeZGI+W3u4nPfl73WMlqT+hZoNqr+hUeXeUaFODR7Cd1qHjea8zb+QfzjNyABcK9C7ncVKi50HIfb/u5Kd6DGqxPCb8m2k432LW5dtotgePF9tC/s55xhDJLDNXW9OqkCAwEAAaNTMFEwHQYDVR0OBBYEFDwQsIzZDtmq9ZYgRrKim0wlnMuUMB8GA1UdIwQYMBaAFDwQsIzZDtmq9ZYgRrKim0wlnMuUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAIBkT55Etc6S8xNpxreNnnnkz+MYFCRWmg+7QelLAcdsBOfl/evs7KriTX4xF7/vtRPzYk1LZgYQd+v/M5pvSsn5oQm9EWKHS8X8P83jlEQU9JjZCSwb3izsMOQJLigI7CDb7p5m6jqc7RWv+LplQ2UGsrN58kJs5zx8zBjFec7zH+FsAIEsxW07RPh82FQ6nFoPQ3Iveni3c8WOx/Pn0O3IeWMh5VK+8wKDjSnBoZJDHtJj4S8+DZs29UtauL39WlYELnSailGCgjj7JUFo3f3Ztq0jTcJww0tdCplVL+miAlj4JtHmw4YG0qqR/eC6PJg52UvkyUWsYf5tk2qXLsJ6MYCWn4tANV9CoXOba5Wa6tTPMd8bKIxjy0Cyug4+4i2+I+jD5dI9+PskJQrHYjxa5K7ZAxAvfmfyLHemTkMlsAjTcylW4q8JKW+6C/9mdggVyQB3y540WrCONO0dIrowu7Pw+2O/GkJ/vXJ8r1zLnmkaLLliz92nudfoIPHf+A==',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
'sign.authnrequest' => true,
'redirect.sign' => true,
'contacts' => [
[
'emailAddress' => 'devops@ut.ee',
'contactType' => 'technical',
'givenName' => 'UT',
'surName' => 'Admin',
],
],
];
Sertifikaadid
Lae alla X509 sertifikaadid PEM kodeeringus failidena.