updated SAML metadata examples

saml/advanced_settings.json

@@ -1,29 +0,0 @@
-{
-    "security": {
-        "nameIdEncrypted": false,
-        "authnRequestsSigned": false,
-        "logoutRequestSigned": false,
-        "logoutResponseSigned": false,
-        "signMetadata": false,
-        "wantMessagesSigned": true,
-        "wantAssertionsSigned": true,
-        "wantNameIdEncrypted": false
-    },
-    "contactPerson": {
-        "technical": {
-            "givenName": "ahd Service Operation Center",
-            "emailAddress": "servicedesk@ahd.de"
-        },
-        "support": {
-            "givenName" : "ahd Service Operation Center",
-            "emailAddress": "servicedesk@ahd.de"
-        }
-    },
-    "organization": {
-        "en-US": {
-            "name": "PowerDNS-Admin",
-            "displayname": "PowerDNS-Admin",
-            "url": "https://10.12.95.95"
-        }
-    }
-}

saml/settings.json

@@ -1,30 +0,0 @@
-{
-    "strict": true,
-    "debug": true,
-    "sp": {
-        "entityId": "http://10.12.95.95",
-        "assertionConsumerService": {
-            "url": "https://10.12.95.95/saml/authorized",
-            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-        },
-        "singleLogoutService": {
-            "url": "https://10.12.95.95/saml/sls",
-            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-        },
-        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
-        "x509cert": "",
-        "privateKey": ""
-    },
-    "idp": {
-        "entityId": "http://fs.ahd-vcloud.biz/adfs/services/trust",
-        "singleSignOnService": {
-            "url": "https://fs.ahd-vcloud.biz/adfs/ls/",
-            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-        },
-        "singleLogoutService": {
-            "url": "https://fs.ahd-vcloud.biz/adfs/ls/",
-            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-        },
-        "x509cert": "-----BEGIN CERTIFICATE-----MIIC3jCCAcagAwIBAgIQPD7o11EBtLZDvWevCYeIGjANBgkqhkiG9w0BAQsFADArMSkwJwYDVQQDEyBBREZTIFNpZ25pbmcgLSBmcy5haGQtdmNsb3VkLmJpejAeFw0xNzAyMjQwOTI5MTBaFw0xODAyMjQwOTI5MTBaMCsxKTAnBgNVBAMTIEFERlMgU2lnbmluZyAtIGZzLmFoZC12Y2xvdWQuYml6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8c+Yde1AQpBSikjKMXRY3FmvG64YT8MgJGPJ0CuTr0jyvsARvK51v0FiMsQh48uQ+KtXWNfBTrFee1CkpHQHw1UVRWQVToZzhiTgVBWc3XXzjfxThUe5IGfSQa11+s+/qxlfQZi2V1JhKUpXfYehbQIEJ5n0kzRzGfmZwZ8/A4gSOJGvFOLx0QTQ6scRUvgsDKJbmD3YWDweZwUGZkKSjKDbyNNNQKhwmpwFT2BLNadlscrgxjzDUQIaLnMQabE+DlQqYkxhM4LPvWcwL23dBIRRxIZlJ4oE/ZohtWtaHJewUTtWT3yfeDRD4d4Gxr5cgczwDhhlJtcrcmEmpHzkwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBU0ADCWI+W1uwXUPL7OXw90VHHQMxuMdClIK2Bwc0De0eaFFHvKWCk3mkdNf+SwxtPHnfAWDO7daxnY6HrqQbcO66gcMgDvgFkC3o5Ml9LBsFv/NmNCeB7+9xxkiYiCe68oitN5iR50JcwhZekpM9MtH8t36p6AWmnhfBt8LMxreuWobDRefx4aIIst8SPP13p4AOk5gTz07YbdMLYsUiTImBbLCcbqdFNMYPiZmUo7jEUnax05oh9vruFj3SltsR21S78ifUN/AmlpYvm+q3mW1q6ikltp6/HoVNMOCsEJqq7VL5jtdOmj2YpFf/twZF5pnbSqe3AZClBp4BufsKp-----END CERTIFICATE-----"
-    }
-}

saml/template_advanced_settings.json

@@ -5,25 +5,25 @@
         "logoutRequestSigned": false,
         "logoutResponseSigned": false,
         "signMetadata": false,
-        "wantMessagesSigned": false,
-        "wantAssertionsSigned": false,
+        "wantMessagesSigned": true,
+        "wantAssertionsSigned": true,
         "wantNameIdEncrypted": false
     },
     "contactPerson": {
         "technical": {
-            "givenName": "technical_name",
-            "emailAddress": "technical@example.com"
+            "givenName": "<Contact Person>",
+            "emailAddress": "<contact email>"
         },
         "support": {
-            "givenName": "support_name",
-            "emailAddress": "support@example.com"
+            "givenName" : "<Contact Person>",
+            "emailAddress": "<contact email>"
         }
     },
     "organization": {
         "en-US": {
-            "name": "sp_test",
-            "displayname": "SP test",
-            "url": "http://sp.example.com"
+            "name": "PowerDNS-Admin",
+            "displayname": "PowerDNS-Admin",
+            "url": "https://<powerdnsadmin-url>"
         }
     }
 }

saml/template_settings.json

@@ -2,29 +2,29 @@
     "strict": true,
     "debug": true,
     "sp": {
-        "entityId": "http://127.0.0.1/saml/metadata",
+        "entityId": "http://<powerdns hostname>",
         "assertionConsumerService": {
-            "url": "http://127.0.0.1/saml/authorized",
+            "url": "https://<powerdns hostname>/saml/authorized",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
         },
         "singleLogoutService": {
-            "url": "https://127.0.0.1/saml/sls",
+            "url": "https://<powerdns hostname>/saml/sls",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
         },
-        "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified",
+        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
         "x509cert": "",
         "privateKey": ""
     },
     "idp": {
-        "entityId": "https://app.onelogin.com/saml/metadata",
+        "entityId": "http://<adfs hostname>/adfs/services/trust",
         "singleSignOnService": {
-            "url": "https://app.onelogin.com/trust/saml2/http-post/sso/",
+            "url": "https://<adfs hostname>/adfs/ls/",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
         },
         "singleLogoutService": {
-            "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/",
+            "url": "https://<adfs hostname>/adfs/ls/",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
         },
-        "x509cert": ""
+        "x509cert": "<certificate data directly without linebreaks in pem-format>"
     }
 }