Created
May 8, 2015 20:21
-
-
Save koliber/8dcaaea7fe90d1b9a7cf to your computer and use it in GitHub Desktop.
SAML Sample Config - Azure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<EntityDescriptor ID="_9785a1c6-d7ef-429d-895c-74380d2b2f81" entityID="https://sts.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> | |
<RoleDescriptor xsi:type="fed:SecurityTokenServiceType" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
<KeyDescriptor use="signing"> | |
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> | |
<X509Data> | |
<X509Certificate>MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ</X509Certificate> | |
</X509Data> | |
</KeyInfo> | |
</KeyDescriptor> | |
<fed:ClaimTypesOffered> | |
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Name</auth:DisplayName> | |
<auth:Description>The mutable display name of the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Subject</auth:DisplayName> | |
<auth:Description>An immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Given Name</auth:DisplayName> | |
<auth:Description>First name of the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Surname</auth:DisplayName> | |
<auth:Description>Last name of the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/displayname" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Display Name</auth:DisplayName> | |
<auth:Description>Display name of the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/nickname" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Nick Name</auth:DisplayName> | |
<auth:Description>Nick name of the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Authentication Instant</auth:DisplayName> | |
<auth:Description>The time (UTC) when the user is authenticated to Windows Azure Active Directory.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Authentication Method</auth:DisplayName> | |
<auth:Description>The method that Windows Azure Active Directory uses to authenticate users.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/objectidentifier" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>ObjectIdentifier</auth:DisplayName> | |
<auth:Description>Primary identifier for the user in the directory. Immutable, globally unique, non-reusable.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/tenantid" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>TenantId</auth:DisplayName> | |
<auth:Description>Identifier for the user's tenant.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/identityprovider" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>IdentityProvider</auth:DisplayName> | |
<auth:Description>Identity provider for the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Email</auth:DisplayName> | |
<auth:Description>Email address of the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>Groups</auth:DisplayName> | |
<auth:Description>Groups of the user.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/accesstoken" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>External Access Token</auth:DisplayName> | |
<auth:Description>Access token issued by external OAuth2 identity provider.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>External Access Token Expiration</auth:DisplayName> | |
<auth:Description>UTC expiration time of access token issued by external OAuth2 identity provider.</auth:Description> | |
</auth:ClaimType> | |
<auth:ClaimType Uri="http://schemas.microsoft.com/claims/groups.link" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"> | |
<auth:DisplayName>GroupsOverageClaim</auth:DisplayName> | |
<auth:Description>Issued when number of user's group claims exceeds return limit.</auth:Description> | |
</auth:ClaimType> | |
</fed:ClaimTypesOffered> | |
<fed:SecurityTokenServiceEndpoint> | |
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> | |
<Address>https://login.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/wsfed</Address> | |
</EndpointReference> | |
</fed:SecurityTokenServiceEndpoint> | |
<fed:PassiveRequestorEndpoint> | |
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> | |
<Address>https://login.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/wsfed</Address> | |
</EndpointReference> | |
</fed:PassiveRequestorEndpoint> | |
</RoleDescriptor> | |
<RoleDescriptor xsi:type="fed:ApplicationServiceType" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
<KeyDescriptor use="signing"> | |
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> | |
<X509Data> | |
<X509Certificate>MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ</X509Certificate> | |
</X509Data> | |
</KeyInfo> | |
</KeyDescriptor> | |
<fed:TargetScopes> | |
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> | |
<Address>https://sts.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/</Address> | |
</EndpointReference> | |
</fed:TargetScopes> | |
<fed:ApplicationServiceEndpoint> | |
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> | |
<Address>https://login.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/wsfed</Address> | |
</EndpointReference> | |
</fed:ApplicationServiceEndpoint> | |
<fed:PassiveRequestorEndpoint> | |
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> | |
<Address>https://login.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/wsfed</Address> | |
</EndpointReference> | |
</fed:PassiveRequestorEndpoint> | |
</RoleDescriptor> | |
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | |
<KeyDescriptor use="signing"> | |
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> | |
<X509Data> | |
<X509Certificate>MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ</X509Certificate> | |
</X509Data> | |
</KeyInfo> | |
</KeyDescriptor> | |
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/saml2" /> | |
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/saml2" /> | |
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.windows.net/0ac53016-3006-4227-9eeb-89d63f8055b6/saml2" /> | |
</IDPSSODescriptor> | |
</EntityDescriptor> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment