entrouvert
/
simplesamlphp
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Creating a new page for MDRPI, modifying all the documentation to point to it. 

git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3346 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
jaimepc@gmail.com 2014-01-30 15:07:18 +00:00
parent a084b31d81
commit 0f0ccfcedc
6 changed files with 124 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
docs/simplesamlphp-metadata-extensions-rpi.txt Normal file
View File

@ -0,0 +1,113 @@
SAML V2.0 Metadata Extensions for Registration and Publication Information
=============================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id:$`
* Author: Jaime Perez [jaime.perez@uninett.no](mailto:jaime.perez@uninett.no)
<!-- {{TOC}} -->
This is a reference for the SimpleSAMLphp implementation of the [SAML
V2.0 Metadata Extensions for Registration and Publication Information](http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.html)
defined by OASIS.
This extension aims to provide information about the registrars and publishers of the metadata themselves, and it is therefore
available throught different endpoints and modules that provide metadata all along simpleSAMLphp. More specifically, this
extension can be used for:
- metadata published for a [hosted service provider](./saml:sp).
- metadata published for a [hosted identity provider](./simplesamlphp-reference-idp-hosted).
- metadata collected and published by means of the [`aggregator`](./aggregator:aggregator) or [`aggregator2`](./aggregator2:aggregator2) modules.
Currently, only the `<mdrpi:RegistrationInfo>` element is supported.
Depending on the metadata set you want to add this extension to, you will have to configure it on the corresponding
configuration file:
- `metadata/saml20-idp-hosted.php` for hosted identity providers.
- `config/authsources.php` for hosted service providers.
- `config/module_aggregator.php` for the `aggregator` module.
- `config/module_aggregator2.php` for the `aggregator2` module.
RegistrationInfo Items
----------------------
The configuration is the same for all the different files, and consists of a single directive called `RegistrationInfo`, which
**must** be an indexed array with the following options:
`authority`
: A string containing an identifier of the authority who has registered this metadata. This parameter is **mandatory**.
`instant`
: A string containing the instant when the entity or entities where registered by the authority. This parameter is
optional, and must be expressed in the UTC timezone with the *zulu* (`Z`) timezone identifier. If omitted, there will be no
`registrationInstant` in the resulting metadata, except in the `aggregator2` module, which will use the instant when the metadata
was generated.
`policies`
: An indexed array containing URLs pointing to the policy under which the entity or entities where registered. Each
index must be the language code corresponding to the language of the URL. This parameter is optional, and will be omitted in the
resulting metadata if not configured.
Examples
--------
Service Provider:
'default-sp' => array(
'saml:SP',
'entityID' => NULL,
...
'RegistrationInfo' => array(
'authority' => 'urn:mace:sp.example.org',
'instant' => '2008-01-17T11:28:03.577Z',
'policies' => array('en' => 'http://sp.example.org/policy', 'es' => 'http://sp.example.org/politica'),
),
),
Identity Provider:
$metadata['__DYNAMIC:1__'] = array(
'host' => '__DEFAULT__',
...
'RegistrationInfo' => array(
'authority' => 'urn:mace:idp.example.org',
'instant' => '2008-01-17T11:28:03.577Z',
),
);
`aggregator` module:
$config = array(
'aggregators' => array(
...
),
'maxDuration' => 60*60*24*5,
'reconstruct' => FALSE,
...
'RegistrationInfo' => array(
'authority' => 'urn:mace:example.federation',
'instant' => '2008-01-17T11:28:03Z',
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
),
);
`aggregator2` module:
$config = array(
'example.org' => array(
'sources' => array(
...
),
'RegistrationInfo' => array(
'authority' => 'urn:mace:example.federation',
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
),
),
);

2
docs/simplesamlphp-metadata-extensions-ui.txt
View File

@ -12,7 +12,7 @@ SAML V2.0 Metadata Extensions for Login and Discovery User Interface
<!-- {{TOC}} -->
This is a reference for the SimpleSAMLphp implemenation of the [SAML
This is a reference for the SimpleSAMLphp implementation of the [SAML
V2.0 Metadata Extensions for Login and Discovery User Interface](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf)
defined by OASIS.

21
docs/simplesamlphp-reference-idp-hosted.txt
View File

@ -209,22 +209,8 @@ The following SAML 2.0 options are available:
in the `NameIDFormat` element.
`RegistrationInfo`
: Allows to specify information about the registrar of this IdP. Please refer to the
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
for further information on this topic. This option accepts an array with the following
options:
: - `authority`: The unique identifier of the authority that registered the entity.
It is recommended that this be a URL that resolves to a human readable page describing
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
: - `instant`: The instant the entity was registered with the authority. Time values
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
is OPTIONAL.
: - `policies`: The policy under which the entity was registered. An indexed array with
URLs pointing to the localized versions of the policy. Each index will be used as the
language identifier. This parameter is OPTIONAL.
: Allows to specify information about the registrar of this SP. Please refer to the
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
`saml20.sendartifact`
: Set to `TRUE` to enable the IdP to send responses with the HTTP-Artifact binding.
@ -378,10 +364,11 @@ The following options for Shibboleth 1.3 IdP's are avaiblable:
Metadata extensions
-------------------
SimpleSAMLphp supports generating metadata with the MDUI and EntityAttributes metadata extensions.
SimpleSAMLphp supports generating metadata with the MDUI, MDRPI and EntityAttributes metadata extensions.
See the documentation for those extensions for more details:
* [MDUI extension](./simplesamlphp-metadata-extensions-ui)
* [MDRPI extension](./simplesamlphp-metadata-extensions-rpi)
* [EntityAttributes](./simplesamlphp-metadata-extensions-attributes)

18
modules/aggregator/docs/aggregator.txt
View File

@ -40,22 +40,8 @@ All of the global parameters can be overriden for each aggregator. Here is a lis
: Whether simpleSAMLphp should regenerate the metadata XML (TRUE) or pass-through the input metadata XML (FALSE).
`RegistrationInfo`
: Allows to specify information about the registrar of this aggregate. Please refer to the
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
for further information on this topic. This option accepts an array with the following
options:
: - `authority`: The unique identifier of the authority that registered the entity.
It is recommended that this be a URL that resolves to a human readable page describing
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
: - `instant`: The instant the entity was registered with the authority. Time values
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
is OPTIONAL.
: - `policies`: The policy under which the entity was registered. An indexed array with
URLs pointing to the localized versions of the policy. Each index will be used as the
language identifier. This parameter is OPTIONAL.
: Allows to specify information about the registrar of this metadata. Please refer to the
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
`set`
: By default all SAML types are available, including: `array('saml20-idp-remote', 'saml20-sp-remote', 'shib13-idp-remote', 'shib13-sp-remote')`. This list can be reduced by specifying one of the following values:

18
modules/aggregator2/docs/aggregator2.txt
View File

@ -67,22 +67,8 @@ The aggregator can be configured with the following options:
The path to the certificate can be absolute, or it can be relative to the `cert`-directory.
`RegistrationInfo`
: Allows to specify information about the registrar of this aggregate. Please refer to the
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
for further information on this topic. This option accepts an array with the following
options:
: - `authority`: The unique identifier of the authority that registered the entity.
It is recommended that this be a URL that resolves to a human readable page describing
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
: - `instant`: The instant the entity was registered with the authority. Time values
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
is OPTIONAL.
: - `policies`: The policy under which the entity was registered. An indexed array with
URLs pointing to the localized versions of the policy. Each index will be used as the
language identifier. This parameter is OPTIONAL.
: Allows to specify information about the registrar of this metadata. Please refer to the
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
### Aggregator source configuration

17
modules/saml/docs/sp.txt
View File

@ -13,6 +13,7 @@ SimpleSAMLphp supports generating metadata with the MDUI and MDRPI metadata exte
See the documentation for those extensions for more details:
* [MDUI extension](./simplesamlphp-metadata-extensions-ui)
* [MDRPI extension](./simplesamlphp-metadata-extensions-rpi)
Parameters
@ -277,21 +278,7 @@ Options
`RegistrationInfo`
: Allows to specify information about the registrar of this SP. Please refer to the
'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
for further information on this topic. This option accepts an array with the following
options:
: - `authority`: The unique identifier of the authority that registered the entity.
It is recommended that this be a URL that resolves to a human readable page describing
the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
: - `instant`: The instant the entity was registered with the authority. Time values
must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
is OPTIONAL.
: - `policies`: The policy under which the entity was registered. An indexed array with
URLs pointing to the localized versions of the policy. Each index will be used as the
language identifier. This parameter is OPTIONAL.
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
`RelayState`
: The page the user should be redirected to after an IdP initiated SSO.