md:EntityDescriptor(entityID = https://sso.example.org/idp
validUntil = 2017-08-30T19:10:29Z
xmlns:md = urn:oasis:names:tc:SAML:2.0:metadata
xmlns:saml = urn:oasis:names:tc:SAML:2.0:assertion
xmlns:mdrpi = urn:oasis:names:tc:SAML:metadata:rpi
xmlns:mdattr = urn:oasis:names:tc:SAML:metadata:attribute
xmlns:mdui = urn:oasis:names:tc:SAML:metadata:ui
xmlns:ds = http://www.w3.org/2000/09/xmldsig#)
{
// insert ds:Signature element (omitted)
md:Extensions {
mdrpi:RegistrationInfo(registrationAuthority = https://registrar.example.net)
mdrpi:PublicationInfo(creationInstant = 2017-08-16T19:10:29Z
publisher = https://registrar.example.net)
mdattr:EntityAttributes {
saml:Attribute(Name = http://registrar.example.net/entity-category
NameFormat = urn:oasis:names:tc:SAML:2.0:attrname-format:uri)
{
saml:AttributeValue = https://registrar.example.net/category/self-certified
}
}
}
md:IDPSSODescriptor(protocolSupportEnumeration = urn:oasis:names:tc:SAML:2.0:protocol)
{
md:Extensions {
mdui:UIInfo {
mdui:DisplayName(xml:lang = en) = Example.org
mdui:Description(xml:lang = en) = 'The identity provider at Example.org'
mdui:Logo(height = 32
width = 32
xml:lang = en) = https://idp.example.org/myicon.png
}
}
md:KeyDescriptor(use = signing)
{
ds:KeyInfo = ...
}
md:SingleSignOnService(Binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Location = https://idp.example.org/SAML2/SSO/Redirect)
md:SingleSignOnService(Binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Location = https://idp.example.org/SAML2/SSO/POST)
}
md:Organization {
md:OrganizationName(xml:lang = en) = 'Example.org Non-Profit Org'
md:OrganizationDisplayName(xml:lang = en) = Example.org
md:OrganizationURL(xml:lang = en) = https://www.example.org/
}
md:ContactPerson(contactType = technical)
{
md:SurName = 'SAML Technical Support'
md:EmailAddress = mailto:technical-support@example.org
}
}