Cisco Systems 5.2.x manual Exported IdP Configuration Sample from Shibboleth

Chapter 6 Authentication and Federated Identity

Reference

<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

Location="http://OpenAM.example.com:8080/opensso/IDPSloPOST/metaAlias/idp"

ResponseLocation="http://OpenAM.example.com:8080/opensso/IDPSloPOST/metaAlias/idp"/>

<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"

Location="http://OpenAM.example.com:8080/opensso/IDPSloSoap/metaAlias/idp"/>

<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

Location="http://OpenAM.example.com:8080/opensso/IDPMniRedirect/metaAlias/idp"

ResponseLocation="http://OpenAM.example.com:8080/opensso/IDPMniRedirect/metaAlias/idp"/>

<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

Location="http://OpenAM.example.com:8080/opensso/IDPMniPOST/metaAlias/idp"

ResponseLocation="http://OpenAM.example.com:8080/opensso/IDPMniPOST/metaAlias/idp"/>

<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"

Location="http://OpenAM.example.com:8080/opensso/IDPMniSoap/metaAlias/idp"/>

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameID Format>

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

Location="http://OpenAM.example.com:8080/opensso/SSORedirect/metaAlias/idp"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

Location="http://OpenAM.example.com:8080/opensso/SSOPOST/metaAlias/idp"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"

Location="http://OpenAM.example.com:8080/opensso/SSOSoap/metaAlias/idp"/> <NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"

Location="http://OpenAM.example.com:8080/opensso/NIMSoap/metaAlias/idp"/> <AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"

Location="http://OpenAM.example.com:8080/opensso/AIDReqSoap/IDPRole/metaAlias/idp"/> <AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI"

Location="http://OpenAM.example.com:8080/opensso/AIDReqUri/IDPRole/metaAlias/idp"/>

</IDPSSODescriptor>

</EntityDescriptor>

Exported IdP Configuration Sample from Shibboleth

<EntityDescriptor entityID=”https://sso.example.com/idp/shibboleth” xmlns=”urn:oasis:names:tc:SAML:2.0:metadata” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#” xmlns:shibmd=”urn:mace:shibboleth:metadata:1.0” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>

<IDPSSODescriptor protocolSupportEnumeration=”urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol”>

<KeyDescriptor>

<ds:KeyInfo>

<ds:X509Data>

<ds:X509Certificate>

MIICRTCCAa6gAwIBAgIETOrk+jANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzELMAkGA1UE

CBMCQ0ExCzAJBgNVBAcTAlNKMQ4wDAYDVQQKEwVDSVNDTzEOMAwGA1UECxMFQ0lTQ08xHTAbBgNV

BAMTFGZydWl0bG9vcHMuY2lzY28uY29tMCAXDTEwMTEyMjIxNDczOFoYDzIxMTAxMDI5MjE0NzM4

WjBmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNKMQ4wDAYDVQQKEwVDSVND

TzEOMAwGA1UECxMFQ0lTQ08xHTAbBgNVBAMTFGZydWl0bG9vcHMuY2lzY28uY29tMIGfMA0GCSqG

SIb3DQEBAQUAA4GNADCBiQKBgQCX0tTliXR7pGh9NNEKbIkChNB0t/H+2ysm4xr1Y60+hFssJGGx

qnNv8UEqH7SIk7Z9eDBW6lJreiH3KtSWIJBvtV1hLGZAlwPTu/b6GzVHGX9uZaj3Jyw0N8rul8k8

BoTsdNag7ZhQ7vIfcQ1HjLw9RT3u+n5ZkD+hbwEKtKePEwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB