-
Jaime Perez Crespo authored
Change the extension of the documentation files from .txt to .md so that they can processed as markdown and displayed in github.
677c3b0b
SP remote metadata reference
This is a reference for metadata options available for
metadata/saml20-sp-remote.php and metadata/shib13-sp-remote.php.
Both files have the following format:
<?php
/* The index of the array is the entity ID of this SP. */
$metadata['entity-id-1'] = array(
/* Configuration options for the first SP. */
);
$metadata['entity-id-2'] = array(
/* Configuration options for the second SP. */
);
/* ... */Common options
The following options are common between both the SAML 2.0 protocol and Shibboleth 1.3 protocol:
attributes
: This should indicate which attributes an SP should receive. It is
used by for example the consent:Consent module to tell the user
which attributes the SP will receive, and the core:AttributeLimit
module to limit which attributes are sent to the SP.
authproc
: Used to manipulate attributes, and limit access for each SP. See
the authentication processing filter manual.
base64attributes
: Whether attributes sent to this SP should be base64 encoded. The
default is FALSE.
description
: A description of this SP. Will be used by various modules when they
need to show a description of the SP to the user.
: This option can be translated into multiple languages in the same
way as the name-option.
name
: The name of this SP. Will be used by various modules when they need
to show a name of the SP to the user.
: If this option is unset, the organization name will be used instead (if it is available).
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'name' => array(
'en' => 'A service',
'no' => 'En tjeneste',
),OrganizationName
: The name of the organization responsible for this SPP.
This name does not need to be suitable for display to end users.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'OrganizationName' => array(
'en' => 'Example organization',
'no' => 'Eksempel organisation',
),: Note: If you specify this option, you must also specify the OrganizationURL option.
OrganizationDisplayName
: The name of the organization responsible for this IdP.
This name must be suitable for display to end users.
If this option isn't specified, OrganizationName will be used instead.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name.
: Note: If you specify this option, you must also specify the OrganizationName option.
OrganizationURL
: A URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
: Note: If you specify this option, you must also specify the OrganizationName option.
privacypolicy
: This is an absolute URL for where an user can find a privacypolicy
for this SP. If set, this will be shown on the consent page.
%SPENTITYID% in the URL will be replaced with the entity id of
this service provider.
: Note that this option also exists in the IdP-hosted metadata. This entry in the SP-remote metadata overrides the option in the IdP-hosted metadata.
userid.attribute
: The attribute name of an attribute which uniquely identifies
the user. This attribute is used if SimpleSAMLphp needs to generate
a persistent unique identifier for the user. This option can be set
in both the IdP-hosted and the SP-remote metadata. The value in the
sp-remote metadata has the highest priority. The default value is
eduPersonPrincipalName.
: Note that this option also exists in the IdP-hosted metadata. This entry in the SP-remote metadata overrides the option in the IdP-hosted metadata.
SAML 2.0 options
The following SAML 2.0 options are available: