「[[マイクロソフト系技術情報 Wiki>http://techinfoofmicrosofttech.osscons.jp/]]」は、「[[Open棟梁Project>https://github.com/OpenTouryoProject/]]」,「[[OSSコンソーシアム .NET開発基盤部会>https://www.osscons.jp/dotNetDevelopmentInfrastructure/]]」によって運営されています。 -[[戻る>SAMLの仕様を読む。]] * 目次 [#hdb24505] #contents *概要 [#v2b74a1f] *詳細 [#z380f13f] *例 [#v92b9691] **Google [#l7748072] IDPSSODescriptor <?xml version="1.0" encoding="UTF-8" standalone="no"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2" validUntil="2022-02-28T14:34:20.000Z"> <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>CERTIFICATE</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp"/> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp"/> </md:IDPSSODescriptor> </md:EntityDescriptor> -G suiteのSAML認証の設定方法 – サポート~ SSO/IDaaSならトラスト・ログイン by GMO【旧SKUID(スクイド)】~ https://support.trustlogin.com/hc/ja/articles/115003760514-G-suite%E3%81%AESAML%E8%AA%8D%E8%A8%BC%E3%81%AE%E8%A8%AD%E5%AE%9A%E6%96%B9%E6%B3%95 **Azure [#p90e6f3c] IDPSSODescriptor <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ceca4e9c-2656-40c1-8e83-cce46b99284a" entityID="https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/"> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate> ... </X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate> ... </X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/> </IDPSSODescriptor> </EntityDescriptor> -https://docs.microsoft.com/ja-jp/azure/active-directory/develop/active-directory-saml-protocol-reference -https://docs.microsoft.com/ja-jp/azure/active-directory/develop/azure-ad-federation-metadata -https://login.microsoftonline.com/contoso.com/FederationMetadata/2007-06/FederationMetadata.xml **ADFD [#wec052a4] <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_5197a745-3513-4b82-a809-92269b4dbb18" entityID="http://fs.customer.com/adfs/services/trust"> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>...</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>...</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/> </IDPSSODescriptor> </EntityDescriptor> -Starmind Docs - Single-Sign-On Metadata~ https://docs.starmind.com/authentication/sso/metadata/ **Cybozu [#cdd51854] SPSSODescriptor <md:EntityDescriptor entityID="https://(sub_domain).cybozu.com"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified </md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://(sub_domain).cybozu.com/saml/acs" index="0"/> </md:SPSSODescriptor> </md:EntityDescriptor> -SAML認証ができるまで - Cybozu Inside Out | サイボウズエンジニアのブログ~ https://blog.cybozu.io/entry/4224 *参考 [#ta9f6981] -SAML2.0サービスプロバイダーのメタデータ - Qiita~ https://qiita.com/oTsogbadrakhChinzorig/items/c5210e548b6ff02281d2 **Complete documentation and samples [#y5517ad2] -SAML 2.0 saml-schema-metadata-2.0.xsd~ http://www.datypic.com/sc/saml2/s-saml-schema-metadata-2.0.xsd.html --SAML 2.0 md:IDPSSODescriptor~ http://www.datypic.com/sc/saml2/e-md_IDPSSODescriptor.html --SAML 2.0 md:SPSSODescriptor~ http://www.datypic.com/sc/saml2/e-md_SPSSODescriptor.html ---- Tags: [[:IT国際標準]], [[:認証基盤]], [[:クレームベース認証]], [[:SAML]]