Shibboleth Developers

[Tom Scavo <>]

On 8/10/05, Nate Klingenstein 
<>
 wrote:
> I have no idea how to do this.  Tell me the modifications necessary or
> point me towards a good example and it's done.

The opening <EntityDescriptor> tag would look something like this:

  <md:EntityDescriptor 
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
    entityID="[INSERT PROVIDERID HERE]">

I think the md: prefix should be explicit, but I know there's not
universal agreement on that, so you and Scott can decide.  The other
namespace prefixes are required, except the saml: prefix, which is
only needed for  and saml:AttributeValue (which are not used right
now, but hopefully will be some day).

> The reason the AA descriptor element was all screwed up was because of
> the presumed need to include a second copy of the certificate there; I
> probably didn't write the concatenation right.  I took this assumption
> from example-metadata.xml; is it valid?

example-metadata.xml is valid, but the output of the generator is not
(but only when an optional cert is input).

Tom