The SAML SP has 2 endpoint profiles:
The following attributes are presented to the SP for the SP_ID profile:
| Attribute | Description | Required? |
|---|---|---|
| persistent SAML nameID | The SAML nameID. We request a persistent NameID | Required |
| eduPersonTargetedID (urn:oid:1.3.6.1.4.1.5923.1.1.1.10) | The above SAML nameID presented in an attribute | Optional, unless eduPersonPrincipleName is provided |
eduPersonPrincipleName | The eduPersonPrincipleName (user@domain) | Optional, Only needed if IdP cannot provide eduPersonTargetedID, or if the NameID is not persistent. |
| eduPersonAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.1) | The persons affiliation with the home institution. Supported values:
| Required |
| schacHomeOrganization (urn:oid:1.3.6.1.4.1.25178.1.2.9) | RFC-1035 domain string | Optional |
The following attributes are requested for the SP_NOID profile:
| Attribute | Description | Required? |
|---|---|---|
| transient SAML nameID | The SAML nameID. We request a transient NameID | Required |
| eduPersonAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.1) | The persons affiliation with the home institution. Supported values:
| Required |
| schacHomeOrganization (urn:oid:1.3.6.1.4.1.25178.1.2.9) | RFC-1035 domain string | Optional |
<?xml version='1.0' encoding='UTF-8'?>
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ns1="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
xmlns:ns2="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#"
entityID="https://inacademia.org/metadata/t01-t-test.xml">
<ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<ns0:Extensions>
<ns1:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Location="https://t01.t.inacademia.org/svs/disco" index="1"/>
<ns2:UIInfo>
<ns2:DisplayName xml:lang="en">InAcademia.org - TEST</ns2:DisplayName>
<ns2:Description xml:lang="en">The InAcademia Simple validation Sevice allows for the easy validation of
affiliation (Student, Faculty, Staff) of a user in Academia. This is a TEST instance
</ns2:Description>
<ns2:Keywords xml:lang="en">Affiliation Validation Eligibility</ns2:Keywords>
<ns2:Logo height="60" width="120" xml:lang="en">https://inacademia.org/static/logo.png</ns2:Logo>
<ns2:InformationURL xml:lang="en">https://inacademia.org/about</ns2:InformationURL>
<ns2:PrivacyStatementURL xml:lang="en">https://inacademia.org/about/privacy</ns2:PrivacyStatementURL>
</ns2:UIInfo>
</ns0:Extensions>
<ns0:KeyDescriptor use="encryption">
<ns3:KeyInfo>
<ns3:X509Data>
<ns3:X509Certificate>MIIEHTCCAwWgAwIBAgIJAN85rXmh2X8PMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD
VQQGEwJFVTETMBEGA1UECAwKU29tZS1TdGF0ZTEQMA4GA1UEBwwHVXRyZWNodDET
MBEGA1UECgwKSW5BY2FkZW1pYTEcMBoGA1UECwwTU2lnbmluZyBDZXJ0aWZpY2F0
ZTEXMBUGA1UEAwwOaW5hY2FkZW1pYS5vcmcxIjAgBgkqhkiG9w0BCQEWE3RlY2hA
aW5hY2FkZW1pYS5vcmcwHhcNMTQxMDMxMTExMTIzWhcNMjQxMDI4MTExMTIzWjCB
pDELMAkGA1UEBhMCRVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAcMB1V0
cmVjaHQxEzARBgNVBAoMCkluQWNhZGVtaWExHDAaBgNVBAsME1NpZ25pbmcgQ2Vy
dGlmaWNhdGUxFzAVBgNVBAMMDmluYWNhZGVtaWEub3JnMSIwIAYJKoZIhvcNAQkB
FhN0ZWNoQGluYWNhZGVtaWEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzGqetfNkkqINY4voyJoSBZ3zKzGcQzC7f9ei9EF2bcBk20YQY8ZTDLY6
BG7TPb0kZQbeFsOLAcup/XZ4+RQiS6WAKmqUQrn7bISn0ayWW3SBO7IBu6mi2Sg0
a+kDyEt/IUL4brUB1Ou5pL9ZYA1sNbfFc+k6PIbphlk4hnoZrdyMymlTXhv00p0S
EaqEBf3kz62yW7dZQNCwmGR6zZMTAEYz5Irrj/99776iqNfOR7upmoeWqD35HkvZ
GiJOzOxHdnabGvlBJrmLrjO4NcHIXcDCoBYfc8jfLprgll/D303f0dG2XhXSowzj
T2vQ4J4EM3Y98Q9s1aqqvzk7A46mIQIDAQABo1AwTjAdBgNVHQ4EFgQUJAE/7/YL
LSZ9qZjnQgiekxqHDwswHwYDVR0jBBgwFoAUJAE/7/YLLSZ9qZjnQgiekxqHDwsw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAV/1tjVGo9EF7rzPwZrTA
aeV/TRshMFlMNyAiElMpQmpkoL79AXP7biNqBJbG5CwpBPwai6PNFkRACKeZT8WT
JsrjNUG9BtKeUxPD45RHAGjZr5UpMe6vNZb12BaUYeCfxlzpOU/7kKK5QvYwFcVY
KL+9MK0bHP0UzkefyyeU+CajYMGJc9fZGWSz3w9vcPAREEVXLc+lmCXT2Y7YoMmX
ZCGGK52oyl1XLxxGngqCUjnNrWfch5JAvq6vF/ci5cIC77ukgZB9FExkC8INwtKC
GFBECWegI4MjC6cgpz+fU28cRQW9okJkE6/ssGfZDXc8k3z1x3NJYI50rbKfCc+y
NA==
</ns3:X509Certificate>
</ns3:X509Data>
</ns3:KeyInfo>
</ns0:KeyDescriptor>
<ns0:KeyDescriptor use="signing">
<ns3:KeyInfo>
<ns3:X509Data>
<ns3:X509Certificate>MIIEHTCCAwWgAwIBAgIJAN85rXmh2X8PMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD
VQQGEwJFVTETMBEGA1UECAwKU29tZS1TdGF0ZTEQMA4GA1UEBwwHVXRyZWNodDET
MBEGA1UECgwKSW5BY2FkZW1pYTEcMBoGA1UECwwTU2lnbmluZyBDZXJ0aWZpY2F0
ZTEXMBUGA1UEAwwOaW5hY2FkZW1pYS5vcmcxIjAgBgkqhkiG9w0BCQEWE3RlY2hA
aW5hY2FkZW1pYS5vcmcwHhcNMTQxMDMxMTExMTIzWhcNMjQxMDI4MTExMTIzWjCB
pDELMAkGA1UEBhMCRVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAcMB1V0
cmVjaHQxEzARBgNVBAoMCkluQWNhZGVtaWExHDAaBgNVBAsME1NpZ25pbmcgQ2Vy
dGlmaWNhdGUxFzAVBgNVBAMMDmluYWNhZGVtaWEub3JnMSIwIAYJKoZIhvcNAQkB
FhN0ZWNoQGluYWNhZGVtaWEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzGqetfNkkqINY4voyJoSBZ3zKzGcQzC7f9ei9EF2bcBk20YQY8ZTDLY6
BG7TPb0kZQbeFsOLAcup/XZ4+RQiS6WAKmqUQrn7bISn0ayWW3SBO7IBu6mi2Sg0
a+kDyEt/IUL4brUB1Ou5pL9ZYA1sNbfFc+k6PIbphlk4hnoZrdyMymlTXhv00p0S
EaqEBf3kz62yW7dZQNCwmGR6zZMTAEYz5Irrj/99776iqNfOR7upmoeWqD35HkvZ
GiJOzOxHdnabGvlBJrmLrjO4NcHIXcDCoBYfc8jfLprgll/D303f0dG2XhXSowzj
T2vQ4J4EM3Y98Q9s1aqqvzk7A46mIQIDAQABo1AwTjAdBgNVHQ4EFgQUJAE/7/YL
LSZ9qZjnQgiekxqHDwswHwYDVR0jBBgwFoAUJAE/7/YLLSZ9qZjnQgiekxqHDwsw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAV/1tjVGo9EF7rzPwZrTA
aeV/TRshMFlMNyAiElMpQmpkoL79AXP7biNqBJbG5CwpBPwai6PNFkRACKeZT8WT
JsrjNUG9BtKeUxPD45RHAGjZr5UpMe6vNZb12BaUYeCfxlzpOU/7kKK5QvYwFcVY
KL+9MK0bHP0UzkefyyeU+CajYMGJc9fZGWSz3w9vcPAREEVXLc+lmCXT2Y7YoMmX
ZCGGK52oyl1XLxxGngqCUjnNrWfch5JAvq6vF/ci5cIC77ukgZB9FExkC8INwtKC
GFBECWegI4MjC6cgpz+fU28cRQW9okJkE6/ssGfZDXc8k3z1x3NJYI50rbKfCc+y
NA==
</ns3:X509Certificate>
</ns3:X509Data>
</ns3:KeyInfo>
</ns0:KeyDescriptor>
<ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns0:NameIDFormat>
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://t01.t.inacademia.org/svs/acs/redirect" index="1"/>
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://t01.t.inacademia.org/svs/acs/post" index="2"/>
<ns0:AttributeConsumingService index="1">
<ns0:ServiceName xml:lang="en">InAcademia.org - TEST</ns0:ServiceName>
<ns0:ServiceDescription xml:lang="en">The InAcademia Simple validation Sevice allows for the easy validation
of affiliation (Student, Faculty, Staff) of a user in Academia. This is a TEST instance
</ns0:ServiceDescription>
<ns0:RequestedAttribute FriendlyName="edupersonaffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
<ns0:RequestedAttribute FriendlyName="schachomeorganization" Name="urn:oid:1.3.6.1.4.1.25178.1.2.9"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
</ns0:AttributeConsumingService>
</ns0:SPSSODescriptor>
<ns0:Organization>
<ns0:OrganizationName xml:lang="en">InAcademia</ns0:OrganizationName>
<ns0:OrganizationDisplayName xml:lang="en">InAcademia</ns0:OrganizationDisplayName>
<ns0:OrganizationURL xml:lang="en">https://inacademia.org/about</ns0:OrganizationURL>
</ns0:Organization>
<ns0:ContactPerson contactType="support">
<ns0:GivenName>InAcademia</ns0:GivenName>
<ns0:SurName>Enduser Support</ns0:SurName>
<ns0:EmailAddress>help@inacademia.org</ns0:EmailAddress>
</ns0:ContactPerson>
<ns0:ContactPerson contactType="technical">
<ns0:GivenName>InAcademia</ns0:GivenName>
<ns0:SurName>Administrative Support</ns0:SurName>
<ns0:EmailAddress>admin@inacademia.org</ns0:EmailAddress>
</ns0:ContactPerson>
<ns0:ContactPerson contactType="technical">
<ns0:GivenName>InAcademia</ns0:GivenName>
<ns0:SurName>Technical Support</ns0:SurName>
<ns0:EmailAddress>tech@inacademia.org</ns0:EmailAddress>
</ns0:ContactPerson>
</ns0:EntityDescriptor> |
Source: SAML2 Service provider
<?xml version='1.0' encoding='UTF-8'?>
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ns1="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
xmlns:ns2="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#"
entityID="https://inacademia.org/metadata/t01-p-test.xml">
<ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<ns0:Extensions>
<ns1:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Location="https://t01.t.inacademia.org/svs/disco" index="1"/>
<ns2:UIInfo>
<ns2:DisplayName xml:lang="en">InAcademia.org - TEST</ns2:DisplayName>
<ns2:Description xml:lang="en">The InAcademia Simple validation Sevice allows for the easy validation of
affiliation (Student, Faculty, Staff) of a user in Academia. This is a TEST instance
</ns2:Description>
<ns2:Keywords xml:lang="en">Affiliation Validation Eligibility</ns2:Keywords>
<ns2:Logo height="60" width="120" xml:lang="en">https://inacademia.org/static/logo.png</ns2:Logo>
<ns2:InformationURL xml:lang="en">https://inacademia.org/about</ns2:InformationURL>
<ns2:PrivacyStatementURL xml:lang="en">https://inacademia.org/about/privacy</ns2:PrivacyStatementURL>
</ns2:UIInfo>
</ns0:Extensions>
<ns0:KeyDescriptor use="encryption">
<ns3:KeyInfo>
<ns3:X509Data>
<ns3:X509Certificate>MIIEHTCCAwWgAwIBAgIJAN85rXmh2X8PMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD
VQQGEwJFVTETMBEGA1UECAwKU29tZS1TdGF0ZTEQMA4GA1UEBwwHVXRyZWNodDET
MBEGA1UECgwKSW5BY2FkZW1pYTEcMBoGA1UECwwTU2lnbmluZyBDZXJ0aWZpY2F0
ZTEXMBUGA1UEAwwOaW5hY2FkZW1pYS5vcmcxIjAgBgkqhkiG9w0BCQEWE3RlY2hA
aW5hY2FkZW1pYS5vcmcwHhcNMTQxMDMxMTExMTIzWhcNMjQxMDI4MTExMTIzWjCB
pDELMAkGA1UEBhMCRVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAcMB1V0
cmVjaHQxEzARBgNVBAoMCkluQWNhZGVtaWExHDAaBgNVBAsME1NpZ25pbmcgQ2Vy
dGlmaWNhdGUxFzAVBgNVBAMMDmluYWNhZGVtaWEub3JnMSIwIAYJKoZIhvcNAQkB
FhN0ZWNoQGluYWNhZGVtaWEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzGqetfNkkqINY4voyJoSBZ3zKzGcQzC7f9ei9EF2bcBk20YQY8ZTDLY6
BG7TPb0kZQbeFsOLAcup/XZ4+RQiS6WAKmqUQrn7bISn0ayWW3SBO7IBu6mi2Sg0
a+kDyEt/IUL4brUB1Ou5pL9ZYA1sNbfFc+k6PIbphlk4hnoZrdyMymlTXhv00p0S
EaqEBf3kz62yW7dZQNCwmGR6zZMTAEYz5Irrj/99776iqNfOR7upmoeWqD35HkvZ
GiJOzOxHdnabGvlBJrmLrjO4NcHIXcDCoBYfc8jfLprgll/D303f0dG2XhXSowzj
T2vQ4J4EM3Y98Q9s1aqqvzk7A46mIQIDAQABo1AwTjAdBgNVHQ4EFgQUJAE/7/YL
LSZ9qZjnQgiekxqHDwswHwYDVR0jBBgwFoAUJAE/7/YLLSZ9qZjnQgiekxqHDwsw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAV/1tjVGo9EF7rzPwZrTA
aeV/TRshMFlMNyAiElMpQmpkoL79AXP7biNqBJbG5CwpBPwai6PNFkRACKeZT8WT
JsrjNUG9BtKeUxPD45RHAGjZr5UpMe6vNZb12BaUYeCfxlzpOU/7kKK5QvYwFcVY
KL+9MK0bHP0UzkefyyeU+CajYMGJc9fZGWSz3w9vcPAREEVXLc+lmCXT2Y7YoMmX
ZCGGK52oyl1XLxxGngqCUjnNrWfch5JAvq6vF/ci5cIC77ukgZB9FExkC8INwtKC
GFBECWegI4MjC6cgpz+fU28cRQW9okJkE6/ssGfZDXc8k3z1x3NJYI50rbKfCc+y
NA==
</ns3:X509Certificate>
</ns3:X509Data>
</ns3:KeyInfo>
</ns0:KeyDescriptor>
<ns0:KeyDescriptor use="signing">
<ns3:KeyInfo>
<ns3:X509Data>
<ns3:X509Certificate>MIIEHTCCAwWgAwIBAgIJAN85rXmh2X8PMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD
VQQGEwJFVTETMBEGA1UECAwKU29tZS1TdGF0ZTEQMA4GA1UEBwwHVXRyZWNodDET
MBEGA1UECgwKSW5BY2FkZW1pYTEcMBoGA1UECwwTU2lnbmluZyBDZXJ0aWZpY2F0
ZTEXMBUGA1UEAwwOaW5hY2FkZW1pYS5vcmcxIjAgBgkqhkiG9w0BCQEWE3RlY2hA
aW5hY2FkZW1pYS5vcmcwHhcNMTQxMDMxMTExMTIzWhcNMjQxMDI4MTExMTIzWjCB
pDELMAkGA1UEBhMCRVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAcMB1V0
cmVjaHQxEzARBgNVBAoMCkluQWNhZGVtaWExHDAaBgNVBAsME1NpZ25pbmcgQ2Vy
dGlmaWNhdGUxFzAVBgNVBAMMDmluYWNhZGVtaWEub3JnMSIwIAYJKoZIhvcNAQkB
FhN0ZWNoQGluYWNhZGVtaWEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzGqetfNkkqINY4voyJoSBZ3zKzGcQzC7f9ei9EF2bcBk20YQY8ZTDLY6
BG7TPb0kZQbeFsOLAcup/XZ4+RQiS6WAKmqUQrn7bISn0ayWW3SBO7IBu6mi2Sg0
a+kDyEt/IUL4brUB1Ou5pL9ZYA1sNbfFc+k6PIbphlk4hnoZrdyMymlTXhv00p0S
EaqEBf3kz62yW7dZQNCwmGR6zZMTAEYz5Irrj/99776iqNfOR7upmoeWqD35HkvZ
GiJOzOxHdnabGvlBJrmLrjO4NcHIXcDCoBYfc8jfLprgll/D303f0dG2XhXSowzj
T2vQ4J4EM3Y98Q9s1aqqvzk7A46mIQIDAQABo1AwTjAdBgNVHQ4EFgQUJAE/7/YL
LSZ9qZjnQgiekxqHDwswHwYDVR0jBBgwFoAUJAE/7/YLLSZ9qZjnQgiekxqHDwsw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAV/1tjVGo9EF7rzPwZrTA
aeV/TRshMFlMNyAiElMpQmpkoL79AXP7biNqBJbG5CwpBPwai6PNFkRACKeZT8WT
JsrjNUG9BtKeUxPD45RHAGjZr5UpMe6vNZb12BaUYeCfxlzpOU/7kKK5QvYwFcVY
KL+9MK0bHP0UzkefyyeU+CajYMGJc9fZGWSz3w9vcPAREEVXLc+lmCXT2Y7YoMmX
ZCGGK52oyl1XLxxGngqCUjnNrWfch5JAvq6vF/ci5cIC77ukgZB9FExkC8INwtKC
GFBECWegI4MjC6cgpz+fU28cRQW9okJkE6/ssGfZDXc8k3z1x3NJYI50rbKfCc+y
NA==
</ns3:X509Certificate>
</ns3:X509Data>
</ns3:KeyInfo>
</ns0:KeyDescriptor>
<ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</ns0:NameIDFormat>
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://t01.t.inacademia.org/svs/acs/redirect" index="1"/>
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://t01.t.inacademia.org/svs/acs/post" index="2"/>
<ns0:AttributeConsumingService index="1">
<ns0:ServiceName xml:lang="en">InAcademia.org - TEST</ns0:ServiceName>
<ns0:ServiceDescription xml:lang="en">The InAcademia Simple validation Sevice allows for the easy validation
of affiliation (Student, Faculty, Staff) of a user in Academia. This is a TEST instance
</ns0:ServiceDescription>
<ns0:RequestedAttribute FriendlyName="edupersonaffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
<ns0:RequestedAttribute FriendlyName="schachomeorganization" Name="urn:oid:1.3.6.1.4.1.25178.1.2.9"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<ns0:RequestedAttribute FriendlyName="edupersontargetedid" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<ns0:RequestedAttribute FriendlyName="edupersonprincipalname" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
</ns0:AttributeConsumingService>
</ns0:SPSSODescriptor>
<ns0:Organization>
<ns0:OrganizationName xml:lang="en">InAcademia</ns0:OrganizationName>
<ns0:OrganizationDisplayName xml:lang="en">InAcademia</ns0:OrganizationDisplayName>
<ns0:OrganizationURL xml:lang="en">https://inacademia.org/about</ns0:OrganizationURL>
</ns0:Organization>
<ns0:ContactPerson contactType="support">
<ns0:GivenName>InAcademia</ns0:GivenName>
<ns0:SurName>Enduser Support</ns0:SurName>
<ns0:EmailAddress>help@inacademia.org</ns0:EmailAddress>
</ns0:ContactPerson>
<ns0:ContactPerson contactType="technical">
<ns0:GivenName>InAcademia</ns0:GivenName>
<ns0:SurName>Administrative Support</ns0:SurName>
<ns0:EmailAddress>admin@inacademia.org</ns0:EmailAddress>
</ns0:ContactPerson>
<ns0:ContactPerson contactType="technical">
<ns0:GivenName>InAcademia</ns0:GivenName>
<ns0:SurName>Technical Support</ns0:SurName>
<ns0:EmailAddress>tech@inacademia.org</ns0:EmailAddress>
</ns0:ContactPerson>
</ns0:EntityDescriptor> |
Source: SAML2 Service provider
=====================
Only deals with 'serialization' of trans
RelayState
It is a requirement to keep the nodes stateless. As such a request from an RP on node 1 could return on node 2. Since no state is shared between nodes via e.g. shared DB or the likes, the state must be transported as part of the transaction. For this we use the SAML relay state, which is filled with a combination of state parametes, which are then encrypted using a symmetric mechanism using keys only known to the nodes. The keys are cycled periodically, e.g. every 10 minutes, and only teh current and 2 historic keys will be accepted. THis gives the user 30 min. to complete the authentication from the time the SP set up the request to the IdP.