Shibboleth Developers

a sample v2 metadata file can be viewed here:

http://anoncvs.internet2.edu/cgi-bin/viewcvs.cgi/*checkout*/shibboleth/c/configs/IQ-sites.xml.in?rev=HEAD&content-type=text/plain

the full schema can be viewed here:

http://anoncvs.internet2.edu/cgi-bin/viewcvs.cgi/*checkout*/shibboleth/c/schemas/sstc-saml-schema-metadata-2.0.xsd?rev=HEAD&content-type=text/plain

Here's a first cut at the set of elements the the application  would 
display, allow people to enter and edit:

EntityDescriptor/entityId -- the unique name of the entity. So far, 
we've been using a syntax of urn:mace:[federation name]:[org name]

the app would allow people to register IdP's (creating 
IDPSSODescriptor and AttributeAuthorityDescriptor elements) , and SPs 
(creating an SPSSODescriptor element).

(Question -- is there a need to let people create 
AuthnAuthorityDescriptor elements? )

1) Within the IDPSSODescriptor element, people would enter:

-- domain (eg example.edu) one value
-- KeyDescriptor (paste in the self-signed cert)
-- SingleSignOnService -- the url  value of the  Location  attribute

the program would assign default values to:

-- NameIDFormat
-- SingleSignOnService/Binding attribute

2) Within the AttributeAuthorityDescriptor element, people would enter:

-- domain (same value as for IDSSO)
-- AttributeService, url value for Location attribute

the program would enter default  values for:

-- AttributeService/Binding attribute
-- NameIDFormat

3) Within the SPSSODescriptor element, people would enter:

-- KeyDescriptor (paste  in a self-signed cert?)
-- AssertionConsumerService, a url value for the Location attribute

the program would provide default values for:

-- SPSSODescriptor/protocolSupportEnumeration attribute
-- NameIDFormat
-- AssertionConsumerService/ Binding attribute

4) Within an Organization element, people would enter:

-- OrganizationName
-- OrganizationDisplayName
-- OrganizationURL (optional)
-- ContactPerson (only one of these elements)