Adding more example metadata

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@922 44740490-163a-0410-bde0-09ae8108e29a

Adding more example metadata
28910bef · Andreas Åkre Solberg · 4dc2728a · 28910bef
Commit 28910bef authored 16 years ago by Andreas Åkre Solberg
--- a/docs/source/simplesamlphp-sp.xml
+++ b/docs/source/simplesamlphp-sp.xml
@@ -379,6 +379,55 @@
 ),</programlisting>
      </example>
+      <example>
+        <title>More complex example</title>
+        <para>Here is an example with more configuration:</para>
+        <programlisting>	/*
+	 * Example simpleSAMLphp SAML 2.0 IdP
+	 */
+	'idp-entity-id' =&gt;  array(
+		'name'					=&gt;	'Test',
+		'description'			=&gt; 'Description of this example entry',
+		'SingleSignOnService'	=&gt;	'https://idp.example.org/simplesaml/saml2/idp/SSOService.php',
+		'SingleLogoutService'	=&gt;	'https://idp.example.org/simplesaml/saml2/idp/SingleLogoutService.php',
+		'certFingerprint'		=&gt;	'3fa158e8abfd4b5203315b08c0b791b6ee4715f6',
+		'base64attributes'		=&gt;	true,
+		 /*
+		 * When request.signing is true the certificate of the IdP will be used
+		 * to verify all messages received with the HTTPRedirect binding.
+		 * 
+		 * The certificate from the IdP must be installed in the cert directory 
+		 * before verification can be done.  
+		 */
+		'request.signing' =&gt; false,
+		'certificate' =&gt; "idp.example.org.crt",
+		/*
+		 * It is possible to relax some parts of the validation of SAML2 messages.
+		 * To relax a part, add the id to the 'saml2.relaxvalidation' array.
+		 *
+		 * Valid ids:
+		 * - 'unknowncondition'         Disables errors when encountering unknown &lt;Condition&gt; nodes.
+		 * - 'nosubject'                Ignore missing &lt;Subject&gt; in &lt;Assertion&gt;.
+		 * - 'noconditions'             Ignore missing &lt;Conditions&gt; in &lt;Assertion&gt;.
+		 * - 'noauthnstatement'         Ignore missing &lt;AuthnStatement&gt; in &lt;Assertion&gt;.
+		 * - 'noattributestatement'     Ignore missing &lt;AttributeStatement&gt; in &lt;Assertion&gt;.
+		 *
+		 * Example:
+		 * 'saml2.relaxvalidation' =&gt; array('unknowncondition', 'noattributestatement'),
+		 *
+		 * Default:
+		 * 'saml2.relaxvalidation' =&gt; array(),
+		 */
+		'saml2.relaxvalidation' =&gt; array(),
+	),</programlisting>
+      </example>
      <section>
        <title>Mandatory metadata fields</title>
@@ -397,7 +446,7 @@
            <glossterm>name</glossterm>
            <glossdef>
-              <para>A textual name of the IdP.  This can contain a string or an
+              <para>A textual name of the IdP. This can contain a string or an
              associative array of language code =&gt; translation pairs. This
              name is used in the SAML 2.0 discovery service.</para>
            </glossdef>
@@ -408,8 +457,9 @@
            <glossdef>
              <para>A longer description of the IdP. This can contain a string
-              or an associative array of language code =&gt; translation pairs.
+              or an associative array of language code =&gt; translation
-              The description is used in the SAML 2.0 discovery service.</para>
+              pairs. The description is used in the SAML 2.0 discovery
+              service.</para>
            </glossdef>
          </glossentry>
@@ -449,8 +499,8 @@
              where any fingerprints in that array is accepted as valid. This
              can be used to update the certificate of the IdP without having
              to update every SP at that exact time. Instead, one can update
-              the SPs with the new fingerprint, and only update the certificate
+              the SPs with the new fingerprint, and only update the
-              after every SP is updated.</para>
+              certificate after every SP is updated.</para>
              <para>See <xref linkend="a.fingerprint" /> for an example of how
              to calculate the fingerprint with the <literal>openssl</literal>
@@ -553,11 +603,10 @@
            <glossdef>
              <para>Alternative to certFingerprint. Allows you to specify a
-               file with root certificates, and responses from the service
+              file with root certificates, and responses from the service be
-               be validated against these certificates. Note that
+              validated against these certificates. Note that simpleSAMLphp
-               simpleSAMLphp doesn't support chains with any itermediate
+              doesn't support chains with any itermediate certificates between
-               certificates between the root and the certificate used to sign
+              the root and the certificate used to sign the response.</para>
-               the response.</para>
            </glossdef>
          </glossentry>
@@ -829,10 +878,10 @@
          <glossdef>
            <para>Alternative to certFingerprint. Allows you to specify a file
-             with root certificates, and responses from the service be
+            with root certificates, and responses from the service be
-             validated against these certificates. Note that simpleSAMLphp
+            validated against these certificates. Note that simpleSAMLphp
-             doesn't support chains with any itermediate certificates between
+            doesn't support chains with any itermediate certificates between
-             the root and the certificate used to sign the response.</para>
+            the root and the certificate used to sign the response.</para>
          </glossdef>
        </glossentry>