This site requires JavaScript to be enabled
Welcome Guest|
Recent searches
IE BUMPER

Shibboleth Service Provider (SP) Examples

Number of views : 0
Article Number : KB0017849
Published on : 2020-07-15
Last modified : 2020-07-15 19:23:06
Knowledge Base : IT Public Self Help

The below are only examples and your code or approach may vary depending on your server and configuration. For assistance, please refer to the documentation or vendor of your web hosting software or operating system.

Select the code example that you wish to view:

Example Metadata File

This is a sample only.

Do not supply it as-is without review, and do not provide it in real time to your partners.

<!--
This is example metadata only. Do *NOT* supply it as is without review,
and do *NOT* provide it in real time to your partners.
 -->
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_704b290905168a2ef396515bbd747f8f708ae617" entityID="https://sp/shibboleth">

    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_704b290905168a2ef396515bbd747f8f708ae617">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>gtM96qHZFK5YHSlRy1ALfkcWluORgDWzTfPmoH/beJI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ZV1n2mnSWyWSqBgIjmBLwCQqUy+P8/qSL/YHytQdSV3Gg4Ob+204Gknd4sMBCQ5j
        ItW/XYWlOnPLJnCCL5by/7h88wyG1oDKJ338xoPN2PJHns+Nc9rM52fI0B+FV72k
        mengyGy2GOzHukLC42alN2r7Yi5+e4yHdZCrWL8ehYGwCA2M5oR1MYK5bZ9NDjb9
        2sYOTunj8T+vwRRPMA/dVgHPbyxQjIoMS2kE5Ux9nmAT7FwbWPCtPjx5RW2JDBk1
        uXbC+N+TL+zmp5dJMBIaNYI++0WJsgy2znLvZnmsgZxuswnK4oEpoJk52BCplXUx
        67kJQm9pktIbuLuHsenSGmuQa34ov7c7Z//Tc6V93bNKuakvAwAKgi0eyKt+zfXe
        imRt0HMczkbOH5M1KvpG9zgRbFmlUfCi6WQBP94aVm6V9v7lYj40FhxZI1hKklF9
        e919mKB3IIkqtjd+pMJQM6LkVvK8AmKTz7Dujm/JKut+ZXoVMsYHYItQURkTmML9</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:KeyName>sp.testbed.local</ds:KeyName>
            <ds:X509Data>
                <ds:X509SubjectName>CN=sp.testbed.local</ds:X509SubjectName>
                <ds:X509Certificate>MIID9zCCAl+gAwIBAgIJAMGsmas5mr4mMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
                BAMTEHNwLnRlc3RiZWQubG9jYWwwHhcNMTkwNTA3MTg0MzE5WhcNMjkwNTA0MTg0
                MzE5WjAbMRkwFwYDVQQDExBzcC50ZXN0YmVkLmxvY2FsMIIBojANBgkqhkiG9w0B
                AQEFAAOCAY8AMIIBigKCAYEAxnfXGPiZWLZv6gOj1xCVH2Bis/CtLVrlztDLeISQ
                1HVZUtKbIJwLSRIt8P+gYGucjdPNnNo42JZ1j2HOHzlgMjx0zgSuR0OQjw/WNym3
                kgfAlRKBhwgcnDuY48c5syNFpu4ZH376sEziIevtL2FdkiryCsNGT5ETyCA+dG4c
                TMhJwVq7FtLbYtzXqOvS7yooszYXO6oIOrc+gSCDz0kkGDHexx2fBJeDDpo9gPNd 
                YrQ/FzMrVltgZ99rXM7LKAOKEtG5E56Aau/7ey6Nween+jBqXdsfPsUS4hGOQOC0
                mX3CO90cAh7o2ybLzHmzS4+jG5pgOCzPk0yBeSqqb7KvN8Am4Xa4d3wG2rizAxnP
                MoUiVHukpl6wjs9E32fHWOvcfK6pl1DffSYzZ9P40Rn3KAyhsBAnkt7VxZR0W+Bf
                1sTww2nWUHnmxSNu1Cku8qhp6S6AHq9hELUq3EfdON5le/DpZ6RWt1ukE0jNw4tc
                uuBEx/kTmdF8JochRjtStdCVAgMBAAGjPjA8MBsGA1UdEQQUMBKCEHNwLnRlc3Ri
                ZWQubG9jYWwwHQYDVR0OBBYEFN3EmV3JORDjW6XxwlgAAY7ruA5UMA0GCSqGSIb3
                DQEBCwUAA4IBgQCuFJmf5gXBhEpEqliarPz9LeVeGwQtHp51pzLalLcqNEgTxvIC
                H7Xw2sgC9AFs0jjVL+YBOpFT/Fzug4g7GHqT9tgmFi7KR0cq58Q265WjGIXk3iGb
                Rxc8xqtH2NZ026uj9QEp9sQ4fJVAxE8qfEYOUOHPkzHozEySMUs5gWVSUKS/bqjP
                GMbIsBu9/DrkCj7TkrUpdGPZI76BtSUUF6Yn1ne7YH6SPB4vk+UDhaZSOsjsVG09
                l9aC7dmF5518sNeAjPcKbdARIAO5fCTdH0435jNJwUObGx2HWYsYp4XlA6Ycv775
                +dgkzroPc6TO1rYHKj1lF9eZs6gkYGr+1M1k7VyW9jdwOmVE9SCHun6t+GdCEIZh
                LCPp4U8C36II93y6IYDUkIKMzjeLZMHZvpswUzXK7/JUgDuZ3YGKA7zIT0rxSEZ/
                YOdlVPNv3DF6isGsXugGVz8rULJ9xlxkvgjhKs1ZQvVe1jlkS9o9lGeKMXeSqUv8 
                Qa1VfyjCjlfwQXI=
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>

    <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
        <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
        <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
        <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
        <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    </md:Extensions>

    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:Extensions>
            <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://sp:8443/Shibboleth.sso/Login"/>
            <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp:8443/Shibboleth.sso/Login" index="1"/>
        </md:Extensions>
        <md:KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:KeyName>sp.testbed.local</ds:KeyName>
                <ds:X509Data>
                    <ds:X509SubjectName>CN=sp.testbed.local</ds:X509SubjectName>
                    <ds:X509Certificate>MIID9zCCAl+gAwIBAgIJAMGsmas5mr4mMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
                    BAMTEHNwLnRlc3RiZWQubG9jYWwwHhcNMTkwNTA3MTg0MzE5WhcNMjkwNTA0MTg0
                    MzE5WjAbMRkwFwYDVQQDExBzcC50ZXN0YmVkLmxvY2FsMIIBojANBgkqhkiG9w0B
                    AQEFAAOCAY8AMIIBigKCAYEAxnfXGPiZWLZv6gOj1xCVH2Bis/CtLVrlztDLeISQ
                    1HVZUtKbIJwLSRIt8P+gYGucjdPNnNo42JZ1j2HOHzlgMjx0zgSuR0OQjw/WNym3
                    kgfAlRKBhwgcnDuY48c5syNFpu4ZH376sEziIevtL2FdkiryCsNGT5ETyCA+dG4c
                    TMhJwVq7FtLbYtzXqOvS7yooszYXO6oIOrc+gSCDz0kkGDHexx2fBJeDDpo9gPNd
                    YrQ/FzMrVltgZ99rXM7LKAOKEtG5E56Aau/7ey6Nween+jBqXdsfPsUS4hGOQOC0
                    mX3CO90cAh7o2ybLzHmzS4+jG5pgOCzPk0yBeSqqb7KvN8Am4Xa4d3wG2rizAxnP
                    MoUiVHukpl6wjs9E32fHWOvcfK6pl1DffSYzZ9P40Rn3KAyhsBAnkt7VxZR0W+Bf
                    1sTww2nWUHnmxSNu1Cku8qhp6S6AHq9hELUq3EfdON5le/DpZ6RWt1ukE0jNw4tc
                    uuBEx/kTmdF8JochRjtStdCVAgMBAAGjPjA8MBsGA1UdEQQUMBKCEHNwLnRlc3Ri
                    ZWQubG9jYWwwHQYDVR0OBBYEFN3EmV3JORDjW6XxwlgAAY7ruA5UMA0GCSqGSIb3
                    DQEBCwUAA4IBgQCuFJmf5gXBhEpEqliarPz9LeVeGwQtHp51pzLalLcqNEgTxvIC
                    H7Xw2sgC9AFs0jjVL+YBOpFT/Fzug4g7GHqT9tgmFi7KR0cq58Q265WjGIXk3iGb
                    Rxc8xqtH2NZ026uj9QEp9sQ4fJVAxE8qfEYOUOHPkzHozEySMUs5gWVSUKS/bqjP
                    GMbIsBu9/DrkCj7TkrUpdGPZI76BtSUUF6Yn1ne7YH6SPB4vk+UDhaZSOsjsVG09
                    l9aC7dmF5518sNeAjPcKbdARIAO5fCTdH0435jNJwUObGx2HWYsYp4XlA6Ycv775
                    +dgkzroPc6TO1rYHKj1lF9eZs6gkYGr+1M1k7VyW9jdwOmVE9SCHun6t+GdCEIZh
                    LCPp4U8C36II93y6IYDUkIKMzjeLZMHZvpswUzXK7/JUgDuZ3YGKA7zIT0rxSEZ/
                    YOdlVPNv3DF6isGsXugGVz8rULJ9xlxkvgjhKs1ZQvVe1jlkS9o9lGeKMXeSqUv8
                    Qa1VfyjCjlfwQXI=
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:KeyDescriptor use="encryption">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:KeyName>sp.testbed.local</ds:KeyName>
                <ds:X509Data>
                    <ds:X509SubjectName>CN=sp.testbed.local</ds:X509SubjectName>
                    <ds:X509Certificate>MIID9zCCAl+gAwIBAgIJAJBhFGKTN2BDMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
                    BAMTEHNwLnRlc3RiZWQubG9jYWwwHhcNMTkwNTA3MTg0MzM3WhcNMjkwNTA0MTg0
                    MzM3WjAbMRkwFwYDVQQDExBzcC50ZXN0YmVkLmxvY2FsMIIBojANBgkqhkiG9w0B
                    AQEFAAOCAY8AMIIBigKCAYEA2OrmrNNMFjNulgG7tP/Zjuz1bq4rvw9s4uqF37MK
                    owISobL4MW4yyBCAHsulsaWgeubtbf/N9Sk/LvCDxt4iYW7B9euB6CoNKAhLowrl
                    gps9OtNQQNqaDGnXr5mJEqRoBAHEem/swh27/ChnMDc5/O7Obwp3uKtBI7c++4ON
                    BK4F+0olhQjtioWXge22EswcpabBeCPYWIDbQ8+pZHvSQxgRU2BGwNlmXYPIIyem
                    Smz3u37MShtTtjX80iwHMYb3FZfLG6HcC9LltcYipB3juoVEa5uaYAX1qZ4EQxHo
                    /M7Gk39TLOeryuugfvumLU6dpsnNEGCA0y5y9qPD0cqGeceSG6+MUSp1U6UzOiqD
                    9SR1Jw2uu1HLssqgLkaSDNAP7LfGcsjQ0Io7Dxi8jCLy0vlo+HAyuhFM4b/p6FBh
                    6LVG8sZ3dFx+LbnSIX5TT2JJrSYtNqkAUWaWLj7VIit0r2zjwttLmWT5z5DIrdTN
                    ePz2zXAxE0N4sm7UzxalXNn/AgMBAAGjPjA8MBsGA1UdEQQUMBKCEHNwLnRlc3Ri
                    ZWQubG9jYWwwHQYDVR0OBBYEFOZZlnocOTOAJXdU762a+4goVdZKMA0GCSqGSIb3
                    DQEBCwUAA4IBgQAApvDeRUsiHvQ/sSVMxKzg10KbedQtRkSmMU7qYJxTBf0kmvlh
                    3ICBfjw58tmRtPcf6A/K5DwqJKmcOksZiaR5KADerB14TX//1uTqmk7hUf9K7XD9
                    fFp37QXA7z9NR0Lp56ctK6mtQq0gYxZRAGK0NRaJbSIguOFD0Z4TpjxQx52Yt1Qx
                    RMBysD/QiEz4KGcFjeIx5LV65lfJu7ngCKqzT9E/YYsei2FNrRG9auqqGuNmZdKn
                    Zo8AD5Jw3Hw6z8s8xG59I4QseNC2eUMmJHI9MlCPj5nVyq0ilHH70mjdfycyfIoQ
                    uo0d60HxE1Ur27SkRhPbK0bwf74fHz2hxj7QaiUBiRtrSZ40ylp9CbxrSxpFthVe
                    sn7BM8IlJ5oSRYpiYPISfo9pUoUCSNwrRNQMMTI3B7jLbqosm1PDpS8uIKkKYFVf
                    tTyJr0gN3BxgX8ZBRYaN92ChlB1Y6vz/xAkmy5N1/g7qBJHYTlrK4qoyZ5iaPm9f
                    gONEZWSuXQiHIWA=
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
            <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
        </md:KeyDescriptor>
        <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://sp:8443/Shibboleth.sso/Artifact/SOAP" index="1"/>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://sp:8443/Shibboleth.sso/SLO/SOAP"/>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sp:8443/Shibboleth.sso/SLO/Redirect"/>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp:8443/Shibboleth.sso/SLO/POST"/>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp:8443/Shibboleth.sso/SLO/Artifact"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp:8443/Shibboleth.sso/SAML2/POST" index="1"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://sp:8443/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp:8443/Shibboleth.sso/SAML2/Artifact" index="3"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://sp:8443/Shibboleth.sso/SAML2/ECP" index="4"/>
        <md:AttributeConsumingService index="1">
            <md:ServiceName xml:lang="en">Sample Service</md:ServiceName>
            <md:ServiceDescription xml:lang="en">An example service that requires a human-readable identifier and optional name and e-mail address.</md:ServiceDescription>
            <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
            <md:RequestedAttribute FriendlyName="mail" Name="urn:mace:dir:attribute-def:mail" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
            <md:RequestedAttribute FriendlyName="displayName" Name="urn:mace:dir:attribute-def:displayName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
        </md:AttributeConsumingService>
    </md:SPSSODescriptor>
    <md:Organization>
        <md:OrganizationName xml:lang="en">My Organization Name</md:OrganizationName>
        <md:OrganizationDisplayName xml:lang="en">My Organization Display Name</md:OrganizationDisplayName>
        <md:OrganizationURL xml:lang="en">https://www.utexas.edu</md:OrganizationURL>
    </md:Organization>
    <md:ContactPerson contactType="technical">
        <md:GivenName>Technical Team</md:GivenName>
        <md:EmailAddress>technical@example.org</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson contactType="administrative">
        <md:GivenName>Same as Technical Team</md:GivenName>
        <md:EmailAddress>technical@example.org</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson contactType="support">
        <md:GivenName>Support Team</md:GivenName>
        <md:EmailAddress>support@example.org</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson contactType="other" 
        xmlns:remd="http://refeds.org/metadata" remd:contactType="http://refeds.org/metadata/contactType/security">
        <md:GivenName>Security Team</md:GivenName>
        <md:EmailAddress>technical@example.org</md:EmailAddress>
    </md:ContactPerson>
</md:EntityDescriptor>
URL Protection Examples

The below examples demonstrate how to protect URLs using the Shibboleth Service Provider software running on Apache HTTPD Server. See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig for information about configuring the Shibboleth Service Provider software on Apache HTTPD.

The below are only examples and your code or approach may vary depending on your service provider, server, and configuration. For assistance, please refer to the documentation or vendor of your chosen service provider software.

 

This example demonstrates requiring authentication for a resource:

<Location /secure>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require shib-session
</Location>

 

These examples demonstrate the use of a multi-value attribute for authorization:

<Location /onlystaff>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require shib-attr unscoped-affiliation staff
</Location>

<Location /onlystudents>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require shib-attr unscoped-affiliation student
</Location>

 

This example demonstrates the use of a single-value attribute for authorization:

<Location /onlystaffprimary>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require shib-attr primary-affiliation staff
</Location>

 

This example demonstrates the requesting of a different authentication context:

<Location /secure-duo>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  ShibRequestSetting entityID https://enterprise.login.utexas.edu/idp/shibboleth
  ShibRequestSetting authnContextClassRef https://idm.utsystem.edu/authncontext/twofactorbasic
  require valid-user
</Location>

 

This example demonstrates removing the authentication requirement for the specified directory, overriding its inherited permissions.

<Location /secure/butnotreally>
  AuthType None
  Require all granted
</Location>
Service Provider (SP) Contacts

The following code will add contacts in order to help comply with our metadata requirements:

1. Add the xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" and xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" namespaces to your <SPConfig> opening tag in shibboleth2.xml, similar to the example below:

<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
    xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
    clockSkew="180">

2. Add the following to the MetadataGenerator <Handler>. Be sure to provide your department’s contact info:

<Handler type="MetadataGenerator" Location="/Metadata" signing="true">
    <md:Organization>
        <md:OrganizationName xml:lang="en">My Organization Name</md:OrganizationName>
        <md:OrganizationDisplayName xml:lang="en">My Organization Display Name</md:OrganizationDisplayName>
        <md:OrganizationURL xml:lang="en">https://www.utexas.edu</md:OrganizationURL>
    </md:Organization>
    <md:ContactPerson contactType="technical">
        <md:GivenName>Technical Team</md:GivenName>
        <md:EmailAddress>technical@example.org</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson contactType="administrative">
        <md:GivenName>Same as Technical Team</md:GivenName>
        <md:EmailAddress>technical@example.org</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson contactType="support">
        <md:GivenName>Support Team</md:GivenName>
        <md:EmailAddress>support@example.org</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
        <md:GivenName>Security Team</md:GivenName>
        <md:EmailAddress>technical@example.org</md:EmailAddress>
    </md:ContactPerson>
    <md:AttributeConsumingService index="1">
        <md:ServiceName xml:lang="en">Sample Service</md:ServiceName>
        <md:ServiceDescription xml:lang="en">An example service that requires a human-readable identifier and optional name and e-mail address.</md:ServiceDescription>
        <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
        <md:RequestedAttribute FriendlyName="mail" Name="urn:mace:dir:attribute-def:mail" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
        <md:RequestedAttribute FriendlyName="displayName" Name="urn:mace:dir:attribute-def:displayName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
    </md:AttributeConsumingService>
</Handler>

 

Thank You! Your feedback has been submitted.

Feedback