...
See also the SAML V2.0 Metadata Interoperability Profile.
Encryption certificate
Within SURFconext assertions are not encrypted. However, in eduGAIN, many IdPs will only release attributes to SPs that support encryption. For compatibility, therefore you SHOULD publish an encryption certificate in your metadata (or have a certificate that can be used both for signing and encryption). Most standard SP software can do this by default.
Information for your organisation
Your SP metadata SHOULD contain:
<md:Organization>with values in English and as appropriate also values in the service's native languages for the elements<md:OrganizationName><md:OrganizationDisplayName><md:OrganizationURL><md:ContactPerson>with contactType="technical" and contactType="support".
If present, <md:EmailAddress> SHOULD not be a personal address but a role address to get in contact with the entity's responsible persons.
| Note |
|---|
Please note! Each email address in your metadata must contain the "mailto:" prefix. |
User Interface extension
<md:SPSSODescriptor> SHOULD contain the elements:
<mdui:DisplayName>with a value in English and as appropriate also values in the languages supported by the service<mdui:Description>with a value in English and as appropriate also values in the languages supported by the service
Sirtfi extension
We strongly recommend to comply with the Sirtfi extension which means you assert that you can handle security incidents properly and that you provide a contact point for these issues. There's an instruction on the REFEDS wiki of what to do.
Template
You can use this eduGAIN metadata template as an example.
Send your Metadata URL to SURFconext
Next, please contact support@surfconext.nl and send them your metadata URL. SURFconext will (re)publish your metadata to the eduGAIN feed.
After this step, you can continue to Consume metadata.