Maintaining SAML Metadata that establishes a Trust Federation -- Fall 2013 corrections

Owned by SM
Oct 10, 2013

 

Overview / precondition

Note the section Installation of Shibboleth SP on the wiki documentation page Maintaining SAML Metadata that establishes a Trust Federation -- Fall 2013 corrections.

If steps 5, 6, and 7 of this section of the documentation are followed correctly by the administrator of a client acting as a Shibboleth SP (or if analogous instructions are followed by an administrator of a Shibboleth IdP that is to be trusted to authenticate users in the context of the Bamboo Trust Federation), they will send a properly formatted XML SAML metadata entity descriptor for their SAML SP or Identity Provider to the administrator of the Bamboo Trust Federation.

The administrator's responsibility is then to update the master Bamboo Trust Federation metadata file and repost it. To do so, follow the steps given below.

Though Project Bamboo no longer maintains a Trust Federation, a copy of the master metadata file in use during the active period of the Bamboo Technology Project – ProjectBambooSaml2Metadata.xml – is versioned in the project's code repository, at the following URL:

http://svn.code.sf.net/p/projectbamboo/code/platform-config/trunk/saml-metadata/ProjectBambooSaml2Metadata.xml

This reference is offered in the hope that the example might prove helpful.

 

Instructions for custodian of Bamboo Trust Federation SAML2 Metadata file

 

Entity descriptor metadata snippet

First copy and paste the entity descriptor metadata snippet sent by the administrator of the Relying Party or Identity Provider into the then-current version of the published Bamboo Federation SAML Metadata file at the bottom, just above the final two lines:

<!-- End of Metadata for ProjectBamboo.org -->
</EntitiesDescriptor>

 

Add comment line at end of new entity descriptor

Next, add a comment line at the end of the newly pasted-in entity descriptor just above the two lines shown above. If the SP entity descriptor is https://foo.bar.edu/shibboleth-sp, and the date is 27-May-2013, add the line:

<!-- SP metadata for foo.bar.edu 27-May-2013 -->

 

Add comment line at start of new entity descriptor

Next, add a comment line at the top of the newly pasted-in entity descriptor. Continuing the previous example, add:

<!-- end SP metadata for foo.bar.edu 27-May-2013 -->

 

Save, version control, and publish updated metadata

Finally, save the file, commit the new version to the source control repository in use for your project (cf. location in the Project Bamboo source code repository on Sourceforge, above), and publish the metadata file to the publicly accessible and appropriately-referenced metadata location under the standard filename, e.g., ProjectBambooSaml2Metadata.xml.

Note that this file contains no 'secrets' and is intended to be made public. Only public keys are included in the entity descriptors. During the active period of the Bamboo Technology Project, an interim location was used during development, while the intended location of record was intended to be:  http://trust.projectbamboo.org/metadata/.