SAML entities of eduID.cz members provide their metadata conforming to Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 and OASIS SAML V2.0 Metadata Interoperability Profile Version 1.0. In addition, their metadata must fulfill to the requirements specified in this document.
XML namespaces used
Prefix | Namespace URL |
---|---|
md | urn:oasis:names:tc:SAML:2.0:metadata |
mdrpi | urn:oasis:names:tc:SAML:metadata:rpi |
mdui | urn:oasis:names:tc:SAML:metadata:ui |
shibmd | urn:mace:shibboleth:metadata:1.0 |
md:EntityDescriptor
must contain the entityID
attributeentityID
must be defined as a URL with https
schemeentityID
URL must be a fully qualified domain name (IP address, “localhost” and other reserved domain names according to RFC 2606 are not acceptable)https
schememd:Organization
md:EntityDescriptor
must contain exactly one md:Organization
elementmd:Organization
describes organization operating the Entity, not project names, department names - for those use mdui elementsmd:Organization
must contain element md:OrganizationName
with the official name of the organization operating the Entity in English and in Czech, usage of abreviation is strongly unrecommendedmd:Organization
must contain element md:OrganizationDisplayName
with the commonly recognized name of the organization operating the Entity in English and in Czech, usage of abreviation and legal form is strongly unrecommended md:Organization
must contain element md:OrganizationURL
specifying the location with additional information about the organization operating the Entity in English and in Czechmd:ContactPerson
md:EntityDescriptor
must contain at least one element md::ContactPerson
with contactType=“technical”
containing md:GivenName
, md:SurName
and md:EmailAddress
refering to a technical contact person with a working email addressmd:IDPSSODescriptor
, md:SPSSODescriptor
, md:AttributeAuthorityDescriptor
should contain md:Extensions
with mdui:UIInfo
containing at least the following elements:mdui:DisplayName
with the display name of the entity in English and in Czech, usage of abreviation and legal form is strongly unrecommendedmdui:Description
with the description name of the entity in English and in Czechmd:IDPSSODescriptor
md:Extensions
containing shibmd:Scope
shibmd:Scope
must be unique - preferably the main registered DNS domain of the organization operating the pertinent IdPmd:NameIDFormat
md:NameIDFormat
must be urn:oasis:names:tc:SAML:2.0:nameid-format:transient
md:NameIDFormat
should be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
, it is strogly advised to support persistent NameIDFormatmd:Extensions
with mdui:UIInfo
containingmdui:DisplayName
with the commonly recognized name of the organization operating the Entity in English and in Czechmdui:Description
with short description of the purpose of IdP in English and in Czechmdui:InformationURL
with URL holding more informations about the IdP in English and in Czech, not about the organization running the IdPmdui:Logo
with HTTPS (!) URL holding logo of the organization operating the Entitymd:SPSSODescriptor
md:Extensions
with mdui:UIInfo
containingmdui:DisplayName
with the display name of the entity in English and in Czech, ussage of abreviation and legal form is strongly unrecommendedmdui:Description
with the description of the entity in English and in Czechmdui:InformationURL
with URL holding more informations about the SP in English and in Czech, not about the organization running the SP md:SPSSODescriptor
should contain md:AttributeConsumingService
that lists all attributes requested by this SP as md:RequestedAttribute
element with isRequired=“true”
for required attributes and isRequired=“false”
for just usefull attributes
CESNET, z. s. p. o.
Generála Píky 26
16000 Praha 6
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
support@cesnet.cz