- 追加された行はこの色です。
- 削除された行はこの色です。
「[[マイクロソフト系技術情報 Wiki>http://techinfoofmicrosofttech.osscons.jp/]]」は、「[[Open棟梁Project>https://github.com/OpenTouryoProject/]]」,「[[OSSコンソーシアム .NET開発基盤部会>https://www.osscons.jp/dotNetDevelopmentInfrastructure/]]」によって運営されています。
-[[戻る>SAMLの仕様を読む。]]
* 目次 [#hdb24505]
#contents
*概要 [#v2b74a1f]
*詳細 [#z380f13f]
*例 [#v92b9691]
**Google [#l7748072]
IDPSSODescriptor
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2" validUntil="2022-02-28T14:34:20.000Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>CERTIFICATE</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
-G suiteのSAML認証の設定方法 – サポート~
SSO/IDaaSならトラスト・ログイン by GMO【旧SKUID(スクイド)】~
https://support.trustlogin.com/hc/ja/articles/115003760514-G-suite%E3%81%AESAML%E8%AA%8D%E8%A8%BC%E3%81%AE%E8%A8%AD%E5%AE%9A%E6%96%B9%E6%B3%95
**Azure [#p90e6f3c]
IDPSSODescriptor
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ceca4e9c-2656-40c1-8e83-cce46b99284a" entityID="https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/">
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
...
</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
...
</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/saml2"/>
</IDPSSODescriptor>
</EntityDescriptor>
-https://docs.microsoft.com/ja-jp/azure/active-directory/develop/active-directory-saml-protocol-reference
-https://docs.microsoft.com/ja-jp/azure/active-directory/develop/azure-ad-federation-metadata
-https://login.microsoftonline.com/contoso.com/FederationMetadata/2007-06/FederationMetadata.xml
**ADFD [#wec052a4]
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_5197a745-3513-4b82-a809-92269b4dbb18" entityID="http://fs.customer.com/adfs/services/trust">
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="encryption">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.customer.com/adfs/ls/"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.customer.com/adfs/ls/"/>
</IDPSSODescriptor>
</EntityDescriptor>
-Starmind Docs - Single-Sign-On Metadata~
https://docs.starmind.com/authentication/sso/metadata/
**Cybozu [#cdd51854]
SPSSODescriptor
<md:EntityDescriptor entityID="https://(sub_domain).cybozu.com">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://(sub_domain).cybozu.com/saml/acs" index="0"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
-SAML認証ができるまで - Cybozu Inside Out | サイボウズエンジニアのブログ~
https://blog.cybozu.io/entry/4224
*参考 [#ta9f6981]
-SAML2.0サービスプロバイダーのメタデータ - Qiita~
https://qiita.com/oTsogbadrakhChinzorig/items/c5210e548b6ff02281d2
**oasis-open.org [#q644c0f3]
https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
**Complete documentation and samples [#y5517ad2]
-SAML 2.0 saml-schema-metadata-2.0.xsd~
http://www.datypic.com/sc/saml2/s-saml-schema-metadata-2.0.xsd.html
--SAML 2.0 md:IDPSSODescriptor~
http://www.datypic.com/sc/saml2/e-md_IDPSSODescriptor.html
--SAML 2.0 md:SPSSODescriptor~
http://www.datypic.com/sc/saml2/e-md_SPSSODescriptor.html
----
Tags: [[:IT国際標準]], [[:認証基盤]], [[:クレームベース認証]], [[:SAML]]
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
