8-56

UserGuide for Cisco Digital Media Manager5.4.x
OL-15762-05
Chapter8 Authentication and Federated Identity
Reference
Exported IdP Metadata Sample from OpenAM
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="dmsIdp" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MJEwVFggTTQ1MUwD9w0kQACIQNICQQWBGBYlAqqAMBGUzAwAEkVsiagAELKkCBkDCADdhAUIQIGE
CYABEMTxwVzNBKQlNQZDMAlNCEQ1ADJzAKC0E4QgQSBExwGGVwzM0AAgQOVDUDT0A8cCNTxMFBVV
BxxjNambbJAQRbThnMxjlMNFYMm8cpT2mDovLMTvENv4pAJIw2yNDRAYDMMTAG0wOyET3MLExgMw
ZEMAAVk80JDVMVT1TSghThEMxBwjAU1zkwFMYEODCAQgH0MGQQGAJCNLEUNBQEBsCCBAwQVMlQAx
DGgwkJ5EAY9vMADP2y0NbJIQo0jV5RaXw8YbsQsTVQDjx5ZNKNZaUgMBByUDjhcYjN2wJBSWQ0bNABmAo2eD4JQ1QA
hEVyPDgAQEMZBUIAtNdgrxA0BcYIB9QuG4aWYHGX/ LcxHcYOES0MIYciud6KmI+/ kq/ YpRbA30QYctD0uax/
0M7BUD/SMT+P1kQhA9dCLiOeu2WB2dKFWWOwcLIhgne7omCI+ozijrImy+4C3fz9zC/VrBA3bQZMcnsE6YbZJDC7Ih
AjNAEAoQNZ5gGAKxBYEABzXjgAQwcDpvFYK1yNqr wArSlA7b3Vkhn42iQVjvj8I3No2ssay4LZyBsffkrm+
gATatC/ HvyyNGoapGS9K4fLZNzBaXDW99/ 728x7bGciRWFdx4VOdPABkis+ a1Had9Blj8uCupvRp/ wkRkP+
6hldOYEWQyVmrwid02g3S5Gtb+ ErQO7KA5G1wKvrw=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService index="0" isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://OpenAM.example.com:8080/opensso/ArtifactResolver/metaAlias/idp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://OpenAM.example.com:8080/opensso/IDPSloRedirect/metaAlias/idp"
ResponseLocation="http://OpenAM.example.com:8080/opensso/IDPSloRedirect/metaAlias/idp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://OpenAM.example.com:8080/opensso/IDPSloPOST/metaAlias/idp"
ResponseLocation="http://OpenAM.example.com:8080/opensso/IDPSloPOST/metaAlias/idp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://OpenAM.example.com:8080/opensso/IDPSloSoap/metaAlias/idp"/>
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://OpenAM.example.com:8080/opensso/IDPMniRedirect/metaAlias/idp"
ResponseLocation="http://OpenAM.example.com:8080/opensso/IDPMniRedirect/metaAlias/idp"/>
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://OpenAM.example.com:8080/opensso/IDPMniPOST/metaAlias/idp"
ResponseLocation="http://OpenAM.example.com:8080/opensso/IDPMniPOST/metaAlias/idp"/>
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://OpenAM.example.com:8080/opensso/IDPMniSoap/metaAlias/idp"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameID
Format>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://OpenAM.example.com:8080/opensso/SSORedirect/metaAlias/idp"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://OpenAM.example.com:8080/opensso/SSOPOST/metaAlias/idp"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://OpenAM.example.com:8080/opensso/SSOSoap/metaAlias/idp"/>
<NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://OpenAM.example.com:8080/opensso/NIMSoap/metaAlias/idp"/>