Creating a new page for MDRPI, modifying all the documentation to point to it.
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3346 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
a084b31d81
commit
0f0ccfcedc
|
@ -0,0 +1,113 @@
|
|||
SAML V2.0 Metadata Extensions for Registration and Publication Information
|
||||
=============================
|
||||
|
||||
<!--
|
||||
This file is written in Markdown syntax.
|
||||
For more information about how to use the Markdown syntax, read here:
|
||||
http://daringfireball.net/projects/markdown/syntax
|
||||
-->
|
||||
|
||||
* Version: `$Id:$`
|
||||
* Author: Jaime Perez [jaime.perez@uninett.no](mailto:jaime.perez@uninett.no)
|
||||
|
||||
<!-- {{TOC}} -->
|
||||
|
||||
This is a reference for the SimpleSAMLphp implementation of the [SAML
|
||||
V2.0 Metadata Extensions for Registration and Publication Information](http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.html)
|
||||
defined by OASIS.
|
||||
|
||||
This extension aims to provide information about the registrars and publishers of the metadata themselves, and it is therefore
|
||||
available throught different endpoints and modules that provide metadata all along simpleSAMLphp. More specifically, this
|
||||
extension can be used for:
|
||||
|
||||
- metadata published for a [hosted service provider](./saml:sp).
|
||||
- metadata published for a [hosted identity provider](./simplesamlphp-reference-idp-hosted).
|
||||
- metadata collected and published by means of the [`aggregator`](./aggregator:aggregator) or [`aggregator2`](./aggregator2:aggregator2) modules.
|
||||
|
||||
Currently, only the `<mdrpi:RegistrationInfo>` element is supported.
|
||||
|
||||
Depending on the metadata set you want to add this extension to, you will have to configure it on the corresponding
|
||||
configuration file:
|
||||
|
||||
- `metadata/saml20-idp-hosted.php` for hosted identity providers.
|
||||
- `config/authsources.php` for hosted service providers.
|
||||
- `config/module_aggregator.php` for the `aggregator` module.
|
||||
- `config/module_aggregator2.php` for the `aggregator2` module.
|
||||
|
||||
RegistrationInfo Items
|
||||
----------------------
|
||||
|
||||
The configuration is the same for all the different files, and consists of a single directive called `RegistrationInfo`, which
|
||||
**must** be an indexed array with the following options:
|
||||
|
||||
`authority`
|
||||
: A string containing an identifier of the authority who has registered this metadata. This parameter is **mandatory**.
|
||||
|
||||
`instant`
|
||||
: A string containing the instant when the entity or entities where registered by the authority. This parameter is
|
||||
optional, and must be expressed in the UTC timezone with the *zulu* (`Z`) timezone identifier. If omitted, there will be no
|
||||
`registrationInstant` in the resulting metadata, except in the `aggregator2` module, which will use the instant when the metadata
|
||||
was generated.
|
||||
|
||||
`policies`
|
||||
: An indexed array containing URLs pointing to the policy under which the entity or entities where registered. Each
|
||||
index must be the language code corresponding to the language of the URL. This parameter is optional, and will be omitted in the
|
||||
resulting metadata if not configured.
|
||||
|
||||
|
||||
Examples
|
||||
--------
|
||||
|
||||
Service Provider:
|
||||
|
||||
'default-sp' => array(
|
||||
'saml:SP',
|
||||
'entityID' => NULL,
|
||||
...
|
||||
'RegistrationInfo' => array(
|
||||
'authority' => 'urn:mace:sp.example.org',
|
||||
'instant' => '2008-01-17T11:28:03.577Z',
|
||||
'policies' => array('en' => 'http://sp.example.org/policy', 'es' => 'http://sp.example.org/politica'),
|
||||
),
|
||||
),
|
||||
|
||||
Identity Provider:
|
||||
|
||||
$metadata['__DYNAMIC:1__'] = array(
|
||||
'host' => '__DEFAULT__',
|
||||
...
|
||||
'RegistrationInfo' => array(
|
||||
'authority' => 'urn:mace:idp.example.org',
|
||||
'instant' => '2008-01-17T11:28:03.577Z',
|
||||
),
|
||||
);
|
||||
|
||||
`aggregator` module:
|
||||
|
||||
$config = array(
|
||||
'aggregators' => array(
|
||||
...
|
||||
),
|
||||
'maxDuration' => 60*60*24*5,
|
||||
'reconstruct' => FALSE,
|
||||
...
|
||||
'RegistrationInfo' => array(
|
||||
'authority' => 'urn:mace:example.federation',
|
||||
'instant' => '2008-01-17T11:28:03Z',
|
||||
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
|
||||
),
|
||||
);
|
||||
|
||||
`aggregator2` module:
|
||||
|
||||
$config = array(
|
||||
'example.org' => array(
|
||||
'sources' => array(
|
||||
...
|
||||
),
|
||||
'RegistrationInfo' => array(
|
||||
'authority' => 'urn:mace:example.federation',
|
||||
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
|
||||
),
|
||||
),
|
||||
);
|
|
@ -12,7 +12,7 @@ SAML V2.0 Metadata Extensions for Login and Discovery User Interface
|
|||
|
||||
<!-- {{TOC}} -->
|
||||
|
||||
This is a reference for the SimpleSAMLphp implemenation of the [SAML
|
||||
This is a reference for the SimpleSAMLphp implementation of the [SAML
|
||||
V2.0 Metadata Extensions for Login and Discovery User Interface](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf)
|
||||
defined by OASIS.
|
||||
|
||||
|
|
|
@ -209,22 +209,8 @@ The following SAML 2.0 options are available:
|
|||
in the `NameIDFormat` element.
|
||||
|
||||
`RegistrationInfo`
|
||||
: Allows to specify information about the registrar of this IdP. Please refer to the
|
||||
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
|
||||
for further information on this topic. This option accepts an array with the following
|
||||
options:
|
||||
|
||||
: - `authority`: The unique identifier of the authority that registered the entity.
|
||||
It is recommended that this be a URL that resolves to a human readable page describing
|
||||
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
|
||||
|
||||
: - `instant`: The instant the entity was registered with the authority. Time values
|
||||
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
|
||||
is OPTIONAL.
|
||||
|
||||
: - `policies`: The policy under which the entity was registered. An indexed array with
|
||||
URLs pointing to the localized versions of the policy. Each index will be used as the
|
||||
language identifier. This parameter is OPTIONAL.
|
||||
: Allows to specify information about the registrar of this SP. Please refer to the
|
||||
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
|
||||
|
||||
`saml20.sendartifact`
|
||||
: Set to `TRUE` to enable the IdP to send responses with the HTTP-Artifact binding.
|
||||
|
@ -378,10 +364,11 @@ The following options for Shibboleth 1.3 IdP's are avaiblable:
|
|||
Metadata extensions
|
||||
-------------------
|
||||
|
||||
SimpleSAMLphp supports generating metadata with the MDUI and EntityAttributes metadata extensions.
|
||||
SimpleSAMLphp supports generating metadata with the MDUI, MDRPI and EntityAttributes metadata extensions.
|
||||
See the documentation for those extensions for more details:
|
||||
|
||||
* [MDUI extension](./simplesamlphp-metadata-extensions-ui)
|
||||
* [MDRPI extension](./simplesamlphp-metadata-extensions-rpi)
|
||||
* [EntityAttributes](./simplesamlphp-metadata-extensions-attributes)
|
||||
|
||||
|
||||
|
|
|
@ -40,22 +40,8 @@ All of the global parameters can be overriden for each aggregator. Here is a lis
|
|||
: Whether simpleSAMLphp should regenerate the metadata XML (TRUE) or pass-through the input metadata XML (FALSE).
|
||||
|
||||
`RegistrationInfo`
|
||||
: Allows to specify information about the registrar of this aggregate. Please refer to the
|
||||
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
|
||||
for further information on this topic. This option accepts an array with the following
|
||||
options:
|
||||
|
||||
: - `authority`: The unique identifier of the authority that registered the entity.
|
||||
It is recommended that this be a URL that resolves to a human readable page describing
|
||||
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
|
||||
|
||||
: - `instant`: The instant the entity was registered with the authority. Time values
|
||||
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
|
||||
is OPTIONAL.
|
||||
|
||||
: - `policies`: The policy under which the entity was registered. An indexed array with
|
||||
URLs pointing to the localized versions of the policy. Each index will be used as the
|
||||
language identifier. This parameter is OPTIONAL.
|
||||
: Allows to specify information about the registrar of this metadata. Please refer to the
|
||||
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
|
||||
|
||||
`set`
|
||||
: By default all SAML types are available, including: `array('saml20-idp-remote', 'saml20-sp-remote', 'shib13-idp-remote', 'shib13-sp-remote')`. This list can be reduced by specifying one of the following values:
|
||||
|
|
|
@ -67,22 +67,8 @@ The aggregator can be configured with the following options:
|
|||
The path to the certificate can be absolute, or it can be relative to the `cert`-directory.
|
||||
|
||||
`RegistrationInfo`
|
||||
: Allows to specify information about the registrar of this aggregate. Please refer to the
|
||||
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
|
||||
for further information on this topic. This option accepts an array with the following
|
||||
options:
|
||||
|
||||
: - `authority`: The unique identifier of the authority that registered the entity.
|
||||
It is recommended that this be a URL that resolves to a human readable page describing
|
||||
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
|
||||
|
||||
: - `instant`: The instant the entity was registered with the authority. Time values
|
||||
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
|
||||
is OPTIONAL.
|
||||
|
||||
: - `policies`: The policy under which the entity was registered. An indexed array with
|
||||
URLs pointing to the localized versions of the policy. Each index will be used as the
|
||||
language identifier. This parameter is OPTIONAL.
|
||||
: Allows to specify information about the registrar of this metadata. Please refer to the
|
||||
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
|
||||
|
||||
|
||||
### Aggregator source configuration
|
||||
|
|
|
@ -13,6 +13,7 @@ SimpleSAMLphp supports generating metadata with the MDUI and MDRPI metadata exte
|
|||
See the documentation for those extensions for more details:
|
||||
|
||||
* [MDUI extension](./simplesamlphp-metadata-extensions-ui)
|
||||
* [MDRPI extension](./simplesamlphp-metadata-extensions-rpi)
|
||||
|
||||
|
||||
Parameters
|
||||
|
@ -277,21 +278,7 @@ Options
|
|||
|
||||
`RegistrationInfo`
|
||||
: Allows to specify information about the registrar of this SP. Please refer to the
|
||||
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
|
||||
for further information on this topic. This option accepts an array with the following
|
||||
options:
|
||||
|
||||
: - `authority`: The unique identifier of the authority that registered the entity.
|
||||
It is recommended that this be a URL that resolves to a human readable page describing
|
||||
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
|
||||
|
||||
: - `instant`: The instant the entity was registered with the authority. Time values
|
||||
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
|
||||
is OPTIONAL.
|
||||
|
||||
: - `policies`: The policy under which the entity was registered. An indexed array with
|
||||
URLs pointing to the localized versions of the policy. Each index will be used as the
|
||||
language identifier. This parameter is OPTIONAL.
|
||||
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
|
||||
|
||||
`RelayState`
|
||||
: The page the user should be redirected to after an IdP initiated SSO.
|
||||
|
|
Reference in New Issue