diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index ec7c202d873b61b5e9132c57a1880f1733b4eb2d..6ff9771cfa6fe9dd83a9379b79ab03bb2a447ed2 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -125,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
*/
- $objXMLSecDSig->appendSignature($responseroot, false);
+ $objXMLSecDSig->appendSignature($responseroot, true);
$response = $responsedom->saveXML();
diff --git a/metadata-templates/saml20-sp-remote.php b/metadata-templates/saml20-sp-remote.php
index 78fc98b301c723353bdb9e6ca47a0f5a2c048b02..3cf919fb7fd42da943f249dcd2aca961c2643194 100644
--- a/metadata-templates/saml20-sp-remote.php
+++ b/metadata-templates/saml20-sp-remote.php
@@ -22,6 +22,7 @@ $metadata = array(
'dev.andreas.feide.no' => array(
'assertionConsumerServiceURL' => 'http://dev.andreas.feide.no/saml2/sp/AssertionConsumerService.php',
+ 'SingleLogOutUrl' => 'http://dev.andreas.feide.no/saml2/sp/SingleLogoutService.php',
'spNameQualifier' => 'dev.andreas.feide.no',
'ForceAuthn' => 'false',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
@@ -35,7 +36,7 @@ $metadata = array(
* must set the simplesaml.nameidattribute to be the name of an attribute that for this user has the value of 'john'.
*/
'google.com' => array(
- 'assertionConsumerServiceURL' => 'https://www.google.com/a/foo.com/acs',
+ 'assertionConsumerServiceURL' => 'https://www.google.com/a/foo.no/acs',
'spNameQualifier' => 'google.com',
'ForceAuthn' => 'false',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:email',
@@ -45,31 +46,50 @@ $metadata = array(
"feide2.erlang.no" => array(
"assertionConsumerServiceURL" => "https://feide2.erlang.no/saml2/sp/AssertionConsumerService.php",
+ 'SingleLogOutUrl' => 'http://feide2.erlang.no/saml2/sp/SingleLogoutService.php',
"spNameQualifier" => "feide2.erlang.no",
"ForceAuthn" => "false",
"NameIDFormat" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
'simplesaml.nameidattribute' => 'uid',
'simplesaml.attributes' => true
),
+
+ /*
+ * This example is an OpenFM service provider.
+ */
+ 'services.feide.no' => array(
+ "assertionConsumerServiceURL" => 'https://services.feide.no/openfm/Consumer/metaAlias/sp_meta_alias',
+ 'SingleLogOutUrl' => 'https://services.feide.no/openfm/SPSloRedirect/metaAlias/sp_meta_alias',
+ "spNameQualifier" => 'services.feide.no',
+ "ForceAuthn" => 'false',
+ "NameIDFormat" => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
+ 'simplesaml.attributes' => true
+ ),
"feide3.erlang.no" => array(
"assertionConsumerServiceURL" => "https://feide3.erlang.no/saml2/sp/AssertionConsumerService.php", //
+ 'SingleLogOutUrl' => 'https://feide3.erlang.no/saml2/sp/SPSloRedirect/metaAlias/sp_meta_alias',
"spNameQualifier" => "feide3.erlang.no",
"ForceAuthn" => "false",
"NameIDFormat" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
'simplesaml.attributes' => true
),
+ /*
+ * This example is a Shibboleth 2.0 service provider.
+ */
"skjak.uninett.no" => array(
"assertionConsumerServiceURL" => "https://skjak.uninett.no/Shibboleth.sso/SAML2/POST", //
+ 'SingleLogOutUrl' => 'http://skjak.uninett.no/foo',
"spNameQualifier" => "skjak.uninett.no",
"ForceAuthn" => "false",
"NameIDFormat" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
'simplesaml.attributes' => true
),
- "skjak.uninett.no" => array(
+ "skjak2.uninett.no" => array(
// "assertionConsumerServiceURL" => "https://skjak2.uninett.no:443/fam/Consumer/metaAlias/sp_meta_alias", //
"assertionConsumerServiceURL" => "https://skjak.uninett.no/Shibboleth.sso/SAML2/POST", //
+ 'SingleLogOutUrl' => 'http://skjak.uninett.no/foo',
"spNameQualifier" => "skjak.uninett.no",
"ForceAuthn" => "false",
"NameIDFormat" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",