SAML Metadata のバックアップ(No.5) - マイクロソフト系技術情報 Wiki

バックアップ一覧
差分を表示
現在との差分を表示
ソースを表示
SAML Metadata へ行く。
- 1 (2019-04-20 (土) 15:34:23)
- 2 (2019-04-20 (土) 16:25:36)
- 3 (2019-04-23 (火) 12:41:49)
- 4 (2019-04-24 (水) 09:37:53)
- 5 (2019-04-24 (水) 18:51:08)

「マイクロソフト系技術情報 Wiki」は、「Open棟梁Project」,「OSSコンソーシアム .NET開発基盤部会」によって運営されています。

戻る

目次 †

目次
概要
詳細
例
- Google
- Azure
- ADFD
- Cybozu
参考
- oasis-open.org
- Complete documentation and samples

↑

概要 †

↑

詳細 †

↑

例 †

↑

Google †

IDPSSODescriptor

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2" validUntil="2022-02-28T14:34:20.000Z">
  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>CERTIFICATE</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp"/>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>

G suiteのSAML認証の設定方法 – サポート
SSO/IDaaSならトラスト・ログイン by GMO【旧SKUID(スクイド)】
https://support.trustlogin.com/hc/ja/articles/115003760514-G-suite%E3%81%AESAML%E8%AA%8D%E8%A8%BC%E3%81%AE%E8%A8%AD%E5%AE%9A%E6%96%B9%E6%B3%95

↑

Azure †

IDPSSODescriptor

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ceca4e9c-2656-40c1-8e83-cce46b99284a" entityID="https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/">
  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>
            ...
          </X509Certificate>
        </X509Data>
      </KeyInfo>
    </KeyDescriptor>
    <KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>
            ...
          </X509Certificate>
        </X509Data>
      </KeyInfo>
    </KeyDescriptor>
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
  </IDPSSODescriptor>
</EntityDescriptor>

↑

ADFD †

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_5197a745-3513-4b82-a809-92269b4dbb18" entityID="http://fs.customer.com/adfs/services/trust">
    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <KeyDescriptor use="encryption">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>...</X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor use="signing">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>...</X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/>
        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/>
    </IDPSSODescriptor>
</EntityDescriptor>

Starmind Docs - Single-Sign-On Metadata
https://docs.starmind.com/authentication/sso/metadata/

↑

Cybozu †

SPSSODescriptor

<md:EntityDescriptor entityID="https://(sub_domain).cybozu.com">
  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:NameIDFormat>
      urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
    </md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://(sub_domain).cybozu.com/saml/acs" index="0"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

SAML認証ができるまで - Cybozu Inside Out | サイボウズエンジニアのブログ
https://blog.cybozu.io/entry/4224

↑

参考 †

SAML2.0サービスプロバイダーのメタデータ - Qiita
https://qiita.com/oTsogbadrakhChinzorig/items/c5210e548b6ff02281d2

↑

oasis-open.org †

https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf

↑

Complete documentation and samples †

SAML 2.0 saml-schema-metadata-2.0.xsd
http://www.datypic.com/sc/saml2/s-saml-schema-metadata-2.0.xsd.html

SAML 2.0 md:IDPSSODescriptor
http://www.datypic.com/sc/saml2/e-md_IDPSSODescriptor.html

SAML 2.0 md:SPSSODescriptor
http://www.datypic.com/sc/saml2/e-md_SPSSODescriptor.html

Tags: :IT国際標準, :認証基盤, :クレームベース認証, :SAML