...
Inside the
<ApplicationDefaults>
section should be a<Sessions>
section. In there, add a Single Sign-On entry for SURFconext. This tells Shibboleth that SURFconext users can use Single Sign-On and that authentication information with SURFconext should be exchanged using SAML2.Code Block language xml <SSO entityID="https://engine.surfconext.nl/authentication/idp/metadata">SAML2</SSO>
Inside the
<ApplicationDefaults>
section should be a<Sessions>
section. In that section. aMetadataGenerator
handler should be defined. Here, you need to add additional information about your service and your organization. Edit the section to look like this:Code Block language xml <Handler type="MetadataGenerator" Location="/Metadata" signing="true"> <mdui:UIInfo> <mdui:DisplayName xml:lang="nl">Voorbeelddienst</mdui:DisplayName> <mdui:DisplayName xml:lang="en">Example Service</mdui:DisplayName> <mdui:Description xml:lang="nl">Een mooie voorbeelddienst om te laten zien hoe Shibboleth werktwerkt</mdui:Description> <mdui:Description xml:lang="en">A nice example Service to show how to work with Shibboleth and SURFconext</mdui:Description> <mdui:Logo height="300" width="500">https://plaatjes.example.com/media/plaatje.png</mdui:Logo> </mdui:UIInfo> <md:Organization> <md:OrganizationName xml:lang="nl">Voorbeeld BV</md:OrganizationName> <md:OrganizationName xml:lang="en">Example BV</md:OrganizationName> <md:OrganizationDisplayName xml:lang="nl">Voorbeeld</md:OrganizationDisplayName> <md:OrganizationDisplayName xml:lang="en">Example</md:OrganizationDisplayName> <md:OrganizationURL xml:lang="nl">http://www.example.org</md:OrganizationURL> <md:OrganizationURL xml:lang="en">http://www.exampler.org/en</md:OrganizationURL> </md:Organization> <md:ContactPerson contactType="support"> <md:GivenName>Piet</md:GivenName> <md:SurName>Jansen</md:SurName> <md:EmailAddress>piet.Jansen@example.org</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="technical"> <md:GivenName>Klaas</md:GivenName> <md:SurName>Jansen</md:SurName> <md:EmailAddress>klaas.jansen@example.org</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="administrative"> <md:GivenName>Jans</md:GivenName> <md:SurName>Jansen</md:SurName> <md:EmailAddress>jans.jansen@example.org</md:EmailAddress> </md:ContactPerson> </Handler>
Additionally, make sure the
md
andmdui
xml namespaces are defined in the<SPConfig>
tag on the top ofshibboleth.xml
:Code Block <SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" clockSkew="180">
...