From 1b979c75dd0f50c8fdc1d3e04f76fbe1e094ea41 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Wed, 12 Feb 2020 11:23:23 +0000
Subject: [PATCH] Rework metadata attributes extensions documentation.

Add a common use case to add entity categories - until now it's
hard for users to find SSP examples for how to do it.
---
 ...esamlphp-metadata-extensions-attributes.md | 54 ++++++++++++++-----
 1 file changed, 42 insertions(+), 12 deletions(-)

diff --git a/docs/simplesamlphp-metadata-extensions-attributes.md b/docs/simplesamlphp-metadata-extensions-attributes.md
index 832bc9c7d..aac564cea 100644
--- a/docs/simplesamlphp-metadata-extensions-attributes.md
+++ b/docs/simplesamlphp-metadata-extensions-attributes.md
@@ -1,5 +1,5 @@
-SAML V2.0 Metadata Extensions for Login and Discovery User Interface
-=============================
+SAML V2.0 Metadata Attribute Extensions
+=======================================
 
 <!--
 	This file is written in Markdown syntax.
@@ -7,16 +7,16 @@ SAML V2.0 Metadata Extensions for Login and Discovery User Interface
 	http://daringfireball.net/projects/markdown/syntax
 -->
 
-  * Author: Timothy Ace [tace@synacor.com](mailto:tace@synacor.com)
-
 <!-- {{TOC}} -->
 
-This is a reference for the SimpleSAMLphp implemenation of the [SAML
+This is a reference for the SimpleSAMLphp implementation of the [SAML
 V2.0 Attribute Extensions](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-attribute-ext.pdf)
-defined by OASIS.
+defined by OASIS. A common use case is adding entity attributes
+to the generated metadata.
 
-The `metadata/saml20-idp-hosted.php` entries are used to define the
-metadata extension items. An example of this is:
+For an IdP `metadata/saml20-idp-hosted.php` entries are used to define the
+metadata extension items; for an SP they can be added to `config/authsources.php`.
+An example of this is:
 
     <?php
     $metadata['entity-id-1'] = [
@@ -29,13 +29,13 @@ metadata extension items. An example of this is:
     ];
 
 The OASIS specification primarily defines how to include arbitrary
-`Attribute` and `Assertion` elements within the metadata for an IdP.
+`Attribute` and `Assertion` elements within the metadata for an entity.
 
 *Note*: SimpleSAMLphp does not support `Assertion` elements within the
 metadata at this time.
 
 Defining Attributes
---------------
+-------------------
 
 The `EntityAttributes` key is used to define the attributes in the
 metadata. Each item in the `EntityAttributes` array defines a new
@@ -71,8 +71,8 @@ This generates:
 When the curly braces are omitted, the NameFormat is automatically set
 to "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
 
-Generated XML Metadata Examples
-----------------
+Examples
+--------
 
 If given the following configuration...
 
@@ -110,3 +110,33 @@ If given the following configuration...
 			<ds:X509Data>
             ...
 
+
+An example configuration to declare GĂ©ant Data Protection Code of Conduct
+entity category support for a service provider in `authsources.php`:
+
+    'saml:SP' => [
+        ...
+        'EntityAttributes' => [
+            'http://macedir.org/entity-category' => [
+                'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'
+            ]
+        ],
+        'UIInfo' =>[
+                'DisplayName' => [
+                    'en' => 'English name',
+                    'es' => 'Nombre en Español',
+                ],
+                'Description' => [
+                    'en' => 'English description',
+                    'es' => 'Descripción en Español',
+                ],
+                'InformationURL' => [
+                    'en' => 'http://example.com/info/en',
+                    'es' => 'http://example.com/info/es',
+                ],
+                'PrivacyStatementURL' => [
+                    'en' => 'http://example.com/privacy/en',
+                    'es' => 'http://example.com/privacy/es',
+                ],
+        ]
+    ],
-- 
GitLab