「[[マイクロソフト系技術情報 Wiki>http://techinfoofmicrosofttech.osscons.jp/]]」は、「[[Open棟梁Project>https://github.com/OpenTouryoProject/]]」,「[[OSSコンソーシアム .NET開発基盤部会>https://www.osscons.jp/dotNetDevelopmentInfrastructure/]]」によって運営されています。 -[[戻る>SAMLの仕様を読む。]] * 目次 [#hdb24505] #contents *概要 [#v2b74a1f] *詳細 [#z380f13f] *例 [#v92b9691] **Google [#l7748072] IDPSSODescriptor <?xml version="1.0" encoding="UTF-8" standalone="no"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2" validUntil="2022-02-28T14:34:20.000Z"> <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>CERTIFICATE</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp"/> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp"/> </md:IDPSSODescriptor> </md:EntityDescriptor> **Azure [#p90e6f3c] IDPSSODescriptor -https://docs.microsoft.com/ja-jp/azure/active-directory/develop/active-directory-saml-protocol-reference -https://docs.microsoft.com/ja-jp/azure/active-directory/develop/azure-ad-federation-metadata -https://login.microsoftonline.com/contoso.com/FederationMetadata/2007-06/FederationMetadata.xml <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ceca4e9c-2656-40c1-8e83-cce46b99284a" entityID="https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/"> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate> ... </X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate> ... </X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/> </IDPSSODescriptor> </EntityDescriptor> **Cybozu [#cdd51854] SPSSODescriptor <md:EntityDescriptor entityID="https://(sub_domain).cybozu.com"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified </md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://(sub_domain).cybozu.com/saml/acs" index="0"/> </md:SPSSODescriptor> </md:EntityDescriptor> *参考 [#ta9f6981] -SAML2.0サービスプロバイダーのメタデータ - Qiita~ https://qiita.com/oTsogbadrakhChinzorig/items/c5210e548b6ff02281d2 **Complete documentation and samples [#y5517ad2] -SAML 2.0 saml-schema-metadata-2.0.xsd~ http://www.datypic.com/sc/saml2/s-saml-schema-metadata-2.0.xsd.html --SAML 2.0 md:IDPSSODescriptor~ http://www.datypic.com/sc/saml2/e-md_IDPSSODescriptor.html --SAML 2.0 md:SPSSODescriptor~ http://www.datypic.com/sc/saml2/e-md_SPSSODescriptor.html ---- Tags: [[:IT国際標準]], [[:認証基盤]], [[:クレームベース認証]], [[:SAML]]