'Ucam Federation' IdP metadata: Difference between revisions
(Created) |
mNo edit summary |
||
Line 1: | Line 1: | ||
If you just want your Shibboleth SP to be able to authenticate people from the University using Raven then you only need to supply your SP with metadata describing the Shibboleth IdP provided by Raven (on the other hand, if you want to be able to identify people from all the members of the UK federation then you need a different, bigger, set of metadata. | If you just want your Shibboleth SP to be able to authenticate people from the University using Raven then you only need to supply your SP with metadata describing the Shibboleth IdP provided by Raven (on the other hand, if you want to be able to identify people from all the members of the UK federation then you need a different, bigger, set of metadata). | ||
In due course you'll be able to automatically access a signed metadata file describing the Raven IdP, but in the meantime here's a copy. Store it in a file called ucamfederation-idp-metadata.xml inside the same directory as the main shibboleth2.xml configuration file. Be careful not to corrupt or reformat this file when extracting it from this page - wikis are not the best vehicle for software distribution. | In due course you'll be able to automatically access a signed metadata file describing the Raven IdP, but in the meantime here's a copy. Store it in a file called ucamfederation-idp-metadata.xml inside the same directory as the main shibboleth2.xml configuration file. Be careful not to corrupt or reformat this file when extracting it from this page - wikis are not the best vehicle for software distribution. |
Revision as of 16:50, 23 February 2009
If you just want your Shibboleth SP to be able to authenticate people from the University using Raven then you only need to supply your SP with metadata describing the Shibboleth IdP provided by Raven (on the other hand, if you want to be able to identify people from all the members of the UK federation then you need a different, bigger, set of metadata).
In due course you'll be able to automatically access a signed metadata file describing the Raven IdP, but in the meantime here's a copy. Store it in a file called ucamfederation-idp-metadata.xml inside the same directory as the main shibboleth2.xml configuration file. Be careful not to corrupt or reformat this file when extracting it from this page - wikis are not the best vehicle for software distribution.
<!-- Ucam federation IdP metadata --> <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2001/04/xmlenc# xenc-schema.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd" Name="https://shib.raven.cam.ac.uk/ucamfederation/" > <Extensions> <shibmeta:KeyAuthority xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" VerifyDepth="3"> <!-- The KeyAuthority element's VerifyDepth attribute must be at least as large as the verification depth required by each root certificate below. --> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <!-- GTE CyberTrust Global Root * CN=GTE CyberTrust Global Root, OU=GTE CyberTrust Solutions, Inc., O=GTE Corporation, C=US This is used to sign: * CN=Cybertrust Educational CA, OU=Educational CA, O=Cybertrust, C=BE This in turn is used to sign SureServer EDU end certificates. One intermediate CA below the root, so requires a verification depth of at least 2. Validity Not Before: Aug 13 00:29:00 1998 GMT Not After : Aug 13 23:59:00 2018 GMT --> <ds:X509Data> <ds:X509Certificate>MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </shibmeta:KeyAuthority> </Extensions> <EntityDescriptor entityID="https://shib.raven.cam.ac.uk/shibboleth"> <Extensions> <shibmeta:Scope xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" regexp="false">cam.ac.uk</shibmeta:Scope> <shibmeta:Scope xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" regexp="false">eresources.lib.cam.ac.uk</shibmeta:Scope> </Extensions> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0"> <Extensions> <shibmeta:Scope xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" regexp="false">cam.ac.uk</shibmeta:Scope> <shibmeta:Scope xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" regexp="false">eresources.lib.cam.ac.uk</shibmeta:Scope> </Extensions> <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:KeyName>shib.raven.cam.ac.uk</ds:KeyName> </ds:KeyInfo> </KeyDescriptor> <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.raven.cam.ac.uk:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService> <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.raven.cam.ac.uk/shibboleth-idp/SSO"></SingleSignOnService> </IDPSSODescriptor> <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol"> <Extensions> <shibmeta:Scope xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" regexp="false">cam.ac.uk</shibmeta:Scope> <shibmeta:Scope xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" regexp="false">eresources.lib.cam.ac.uk</shibmeta:Scope> </Extensions> <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:KeyName>shib.raven.cam.ac.uk</ds:KeyName> </ds:KeyInfo> </KeyDescriptor> <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.raven.cam.ac.uk:8443/shibboleth-idp/AA"></AttributeService> <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> </AttributeAuthorityDescriptor> <Organization> <OrganizationName xml:lang="en">University of Cambridge</OrganizationName> <OrganizationDisplayName xml:lang="en">University of Cambridge (pilot)</OrganizationDisplayName> <OrganizationURL xml:lang="en">http://www.cam.ac.uk/</OrganizationURL> </Organization> <ContactPerson contactType="support"> <GivenName>Raven Support</GivenName> <EmailAddress>mailto:raven-support@ucs.cam.ac.uk</EmailAddress> </ContactPerson> <ContactPerson contactType="technical"> <GivenName>Jon</GivenName> <SurName>Warbrick</SurName> <EmailAddress>mailto:jw35@cam.ac.uk</EmailAddress> </ContactPerson> <ContactPerson contactType="administrative"> <GivenName>Jon</GivenName> <SurName>Warbrick</SurName> <EmailAddress>mailto:jw35@cam.ac.uk</EmailAddress> </ContactPerson> </EntityDescriptor> </EntitiesDescriptor>