マイクロソフト系技術情報 Wiki」は、「Open棟梁Project」,「OSSコンソーシアム .NET開発基盤部会」によって運営されています。

目次

概要

詳細

Google

IDPSSODescriptor

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2" validUntil="2022-02-28T14:34:20.000Z">
  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>CERTIFICATE</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp"/>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>

Azure

IDPSSODescriptor

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ceca4e9c-2656-40c1-8e83-cce46b99284a" entityID="https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/">
  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>
            ...
          </X509Certificate>
        </X509Data>
      </KeyInfo>
    </KeyDescriptor>
    <KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>
            ...
          </X509Certificate>
        </X509Data>
      </KeyInfo>
    </KeyDescriptor>
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
  </IDPSSODescriptor>
</EntityDescriptor>

ADFD

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_5197a745-3513-4b82-a809-92269b4dbb18" entityID="http://fs.customer.com/adfs/services/trust">
    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <KeyDescriptor use="encryption">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>...</X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor use="signing">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>...</X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/>
        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/>
    </IDPSSODescriptor>
</EntityDescriptor>

Cybozu

SPSSODescriptor

<md:EntityDescriptor entityID="https://(sub_domain).cybozu.com">
  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:NameIDFormat>
      urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
    </md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://(sub_domain).cybozu.com/saml/acs" index="0"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

参考

Complete documentation and samples

oasis-open.org

https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf

1 Introduction
1.1 Notation
2 Metadata for SAML V2.0
2.1 Namespaces
2.2 Common Types
2.2.1 Simple Type entityIDType
2.2.2 Complex Type EndpointType
2.2.3 Complex Type IndexedEndpointType
2.2.4 Complex Type localizedNameType
2.2.5 Complex Type localizedURIType
2.3 Root Elements
2.3.1 Element <EntitiesDescriptor>
2.3.2 Element <EntityDescriptor>
2.3.2.1 Element <Organization>
2.3.2.2 Element <ContactPerson>
2.3.2.3 Element <AdditionalMetadataLocation>
2.4 Role Descriptor Elements
2.4.1 Element <RoleDescriptor>
2.4.1.1 Element <KeyDescriptor>
2.4.2 Complex Type SSODescriptorType
2.4.3 Element <IDPSSODescriptor>
2.4.4 Element <SPSSODescriptor>
2.4.4.1 Element <AttributeConsumingService>
2.4.4.2 Element <RequestedAttribute>
2.4.5 Element <AuthnAuthorityDescriptor>
2.4.6 Element <PDPDescriptor>
2.4.7 Element <AttributeAuthorityDescriptor>
2.5 Element <AffiliationDescriptor>
2.6 Examples
3 Signature Processing
3.1 XML Signature Profile
3.1.1 Signing Formats and Algorithms
3.1.2 References
3.1.3 Canonicalization Method
3.1.4 Transforms
3.1.5 KeyInfo
4 Metadata Publication and Resolution
4.1 Publication and Resolution via Well-Known Location
4.1.1 Publication
4.1.2 Resolution
4.2 Publishing and Resolution via DNS
4.2.1 Publication
4.2.1.1 First Well Known Rule
4.2.1.2 The Order Field
4.2.1.3 The Preference Field
4.2.1.4 The Flag Field
4.2.1.5 The Service Field
4.2.1.6 The Regex and Replacement Fields
4.2.2 NAPTR Examples
4.2.2.1 Entity Metadata NAPTR Examples
4.2.2.2 Name Identifier Examples
4.2.3 Resolution
4.2.3.1 Parsing the Unique Identifier
4.2.3.2 Obtaining Metadata via the DNS
4.2.4 Metadata Location Caching
4.3 Post-Processing of Metadata
4.3.1 Metadata Instance Caching
4.3.2 Handling of HTTPS Redirects
4.3.3 Processing of XML Signatures and General Trust Processing
4.3.3.1 Processing Signed DNS Zones
4.3.3.2 Processing Signed Documents and Fragments
4.3.3.3 Processing Server Authentication during Metadata Retrieval via TLS/SSL
5 References
Appendix A.Registration of MIME media type application/samlmetadata+xml
Appendix B. Acknowledgments
Appendix C. Notices

Tags: :IT国際標準, :認証基盤, :クレームベース認証, :SAML


トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2019-04-25 (木) 16:18:35 (201d)