SAML 2.0 metadata for EHerkenning profile

SAML 2.0 metadata for EHerkenning profile

When the SAML 2.0 profile is set to EHerkenning in System Setup, SAML 2.0 metadata obeys to EHerkenning specification as follow:

  1. There’s an EntitiesDescriptor element that contains one or more EntityDescriptor elements.
  2. The ID on the EntitiesDescriptor and the EntityDescriptor are static. We use the following convention to generate the IDs based on entity identifier:
  3. The EntitiesDescriptor element has an additional namespace which is xmlns:eme="urn:etoegang:1.9:metadata-extension"
  4. The EntityDescriptor element has a version attribute: eme:version="1.9"
  5. The EntityDescriptor element contains a ContactPerson element inside it.
  6. SAML 2.0 metadata for Service Providers:
  7. SAML 2.0 metadata for Identity Providers: contains two AssertionConsumerService elements for ARTIFACT binding as follow:

<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://identify.safewhere.local/runtime/saml2auth/artifact.idp" index="1" isDefault="false" />

<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://identify.safewhere.local/runtime/saml2auth/artifact.idp" index="2" isDefault="false" />

What’re changes on service catalog’s metadata

  1. The ID on the ServiceCatalogue is static. Here is its value format:
  2. On the SAML2.0 protocol connection, we have the new setting: PrivacyPolicyURL

When its value is not empty, it will be loaded at esc:PrivacyPolicyURL of the service on the service catalog.
2017-08-01_11-36-02
Note: we also have some news added settings at the system setup page. Please follow the link

Save

Save

Save