Versions Compared

Old Version 47

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 48

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Metadata

...

Administration

...

This

...

page

...

is

...

for

...

site

...

administrators

...

responsible

...

for

...

creating

...

and

...

maintaining

...

SAML

...

metadata

...

on

...

behalf

...

of

...

their

...

organization.

...

The

...

metadata

...

submitted

...

by

...

the

...

site

...

administrator

...

is

...

vetted

...

and

...

approved

...

by

...

the

...

InCommon

...

Registration

...

Authority

...

(RA).

...

Since

...

the

...

security

...

of

...

the

...

SAML

...

protocol

...

depends

...

on

...

the

...

proper

...

use

...

of

...

metadata,

...

the

...

RA

...

checks

...

the

...

correctness

...

and

...

integrity

...

of

...

what

...

is

...

submitted

...

by

...

the

...

site

...

administrator.

...

In

...

particular,

...

the

...

RA

...

checks

...

that

...

the

...

certificates

...

and

...

endpoints

...

in

...

metadata

...

meet

...

certain

...

basic

...

requirements.

...

For

...

instance,

...

all

...

URIs

...

in

...

metadata

...

are

...

expected

...

to

...

be

...

rooted

...

in

...

the

...

primary

...

DNS

...

domain

...

of

...

the

...

submitting

...

organization.

...

If

...

not,

...

a

...

manual

...

vetting

...

process

...

is

...

triggered.

...

Federation

...

Manager

...

A

...

web

...

interface

...

called

...

the

...

Federation

...

Manager

...

is

...

used

...

to

...

administer

...

InCommon

...

metadata.

...

The

...

interface

...

supports

...

both

...

IdP

...

and

...

SP

...

metadata.

...

The

...

elements

...

of

...

each

...

are

...

referenced

...

in

...

the

...

following

...

sections.

...

For

...

reference,

...

a

...

sample

...

interface

...

for

...

new

...

IdPs

...

is

...

attached

...

to

...

this

...

wiki

...

page.

...

Likewise

...

a

...

sample

...

interface

...

for

...

new

...

SPs

...

is

...

attached.

...

IdP

...

Metadata Elements

Wiki Markup
 Elements

{div:style=float:right;margin-left:1em;margin-bottom:1ex}{note}Planning to register a [new IdP in metadata|New IdPs in Metadata]?{note}{div}

The

...

following

...

elements

...

are

...

called

...

out

...

in

...

IdP

...

metadata.

...

...

...

For IdP deployments based on the Shibboleth software, there is valuable information in the shib wiki regarding metadata for the Shibboleth IdP.

SP Metadata Elements

Wiki Markup
 Certificates|X.509 Certificates in Metadata]
** [Key Usage]
** [IdP Key Handling]
** [Certificate Migration]
*** [Migrating a Certificate in IdP Metadata|IdP Cert Migration]
* [User Interface Elements]
** [UI Elements in IdP Metadata|IdPUIElements]
* [Error Handling URL]
* [SAML Protocol Endpoints|Endpoints in Metadata]
** [Endpoints in IdP Metadata|IdP Endpoints]
* [Contacts|Contacts in Metadata]

For IdP deployments based on the Shibboleth software, there is valuable information in the shib wiki regarding [metadata for the Shibboleth IdP|https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataForIdP].

h3. SP Metadata Elements

{div:style=float:right;margin-left:1em;margin-bottom:1ex}{tip}Tips on how to [manage SP metadata|SP Metadata Management]{tip}{div}

The

...

following

...

elements

...

are

...

called

...

out

...

in

...

SP

...

metadata.

...

...

...

...

For SP deployments based on the Shibboleth software, there is valuable information in the shib wiki regarding metadata for the Shibboleth SP.

InCommon Extension Schema

InCommon has defined a small set of extensions to SAML metadata where necessary. An XML extension schema is provided.

...

Attachments