Metadata

You can get the metadata xml on a dedicated URL:

https://sso.mta.hu/simplesaml/saml2/idp/metadata.php

SAML Metadata

In SAML 2.0 Metadata XML format:

<?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.mta.hu/idp"> <md:Extensions> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://refeds.org/category/hide-from-discovery</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> </md:Extensions> <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIC7zCCAdegAwIBAgIUFrha7vQlc+/PiGD9NQapYBnAfRcwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHdGVzdC1jYTAeFw0yMDEwMDEwODQ4MTRaFw0zMDA5MjkwODQ4MTRaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc4+29KxcB6Q7/YfBoHakRDIfYUWQPabS17CVVbFm57QrjgrCV9SgAZJqJ59doZLeBRMd/7yBLBH+BOICyLZBXMkHukbJxFM/cyqw4Nn8TVhg74PcC0A82JRHwqF2pZd73olzt5xBRAVJi4/fs7PteFbG5+FKfTR35eh/5BQPAlcGcob9rccFDccJO+8fy9r7UH04+ZuOO0/EnvX+fN72ljX+CKJi27b8EtYQzSeFJLkYuWpSH59qyw8948N80O12eF1/N8dj/yX/TjMM6YTt5MykEf0CityiFJ+3pY+xL+52+hTCMbR3xtLQ4/jZv6vaJrhYCwyryxtrrre4hhnUQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAJx+9S/WsUGCzw74PXjsXsuWoqhCshnwZKd8w3CHw0toA706V9SQKm/XlvV9D38sf+pufrXPUHdcZfuyjKTW0/fuWJiOEbVDcP3RY0j6tgSWPSMhvlzDKGFwFdC/w3RJ6pi0DmJbt9lpBTK2CDj1FRi/nufC0bS+5yHufP0AcYOc9rZPFDXsj8IUzkxfqzFGEHNblK5CyHqck3g6IcMb4ECGuv7x9mQxcm2m2ja1M+2NeXuFq5VJy64hWBCjfTEDajRZp9VGLK1CJNaldzIHMC2pimj/hyK5chUXDvc+NKRU6k+QrkqiqPXWE8Ddf8Jx/pAURYY6CBIlAkTzP1GA4Uk=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIC7zCCAdegAwIBAgIUFrha7vQlc+/PiGD9NQapYBnAfRcwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHdGVzdC1jYTAeFw0yMDEwMDEwODQ4MTRaFw0zMDA5MjkwODQ4MTRaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc4+29KxcB6Q7/YfBoHakRDIfYUWQPabS17CVVbFm57QrjgrCV9SgAZJqJ59doZLeBRMd/7yBLBH+BOICyLZBXMkHukbJxFM/cyqw4Nn8TVhg74PcC0A82JRHwqF2pZd73olzt5xBRAVJi4/fs7PteFbG5+FKfTR35eh/5BQPAlcGcob9rccFDccJO+8fy9r7UH04+ZuOO0/EnvX+fN72ljX+CKJi27b8EtYQzSeFJLkYuWpSH59qyw8948N80O12eF1/N8dj/yX/TjMM6YTt5MykEf0CityiFJ+3pY+xL+52+hTCMbR3xtLQ4/jZv6vaJrhYCwyryxtrrre4hhnUQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAJx+9S/WsUGCzw74PXjsXsuWoqhCshnwZKd8w3CHw0toA706V9SQKm/XlvV9D38sf+pufrXPUHdcZfuyjKTW0/fuWJiOEbVDcP3RY0j6tgSWPSMhvlzDKGFwFdC/w3RJ6pi0DmJbt9lpBTK2CDj1FRi/nufC0bS+5yHufP0AcYOc9rZPFDXsj8IUzkxfqzFGEHNblK5CyHqck3g6IcMb4ECGuv7x9mQxcm2m2ja1M+2NeXuFq5VJy64hWBCjfTEDajRZp9VGLK1CJNaldzIHMC2pimj/hyK5chUXDvc+NKRU6k+QrkqiqPXWE8Ddf8Jx/pAURYY6CBIlAkTzP1GA4Uk=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.mta.hu/simplesaml/saml2/idp/SingleLogoutService.php"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.mta.hu/simplesaml/saml2/idp/SSOService.php"/> </md:IDPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>aai</md:GivenName> <md:SurName>team</md:SurName> <md:EmailAddress>mailto:aai@titkarsag.mta.local</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor>

SimpleSAMLphp Metadata

Use this if you are using a SimpleSAMLphp entity on the other side:

$metadata['https://sso.mta.hu/idp'] = array ( 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'https://sso.mta.hu/idp', 'SingleSignOnService' => array ( 0 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://sso.mta.hu/simplesaml/saml2/idp/SSOService.php', ), ), 'SingleLogoutService' => array ( 0 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://sso.mta.hu/simplesaml/saml2/idp/SingleLogoutService.php', ), ), 'certData' => 'MIIC7zCCAdegAwIBAgIUFrha7vQlc+/PiGD9NQapYBnAfRcwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHdGVzdC1jYTAeFw0yMDEwMDEwODQ4MTRaFw0zMDA5MjkwODQ4MTRaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc4+29KxcB6Q7/YfBoHakRDIfYUWQPabS17CVVbFm57QrjgrCV9SgAZJqJ59doZLeBRMd/7yBLBH+BOICyLZBXMkHukbJxFM/cyqw4Nn8TVhg74PcC0A82JRHwqF2pZd73olzt5xBRAVJi4/fs7PteFbG5+FKfTR35eh/5BQPAlcGcob9rccFDccJO+8fy9r7UH04+ZuOO0/EnvX+fN72ljX+CKJi27b8EtYQzSeFJLkYuWpSH59qyw8948N80O12eF1/N8dj/yX/TjMM6YTt5MykEf0CityiFJ+3pY+xL+52+hTCMbR3xtLQ4/jZv6vaJrhYCwyryxtrrre4hhnUQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAJx+9S/WsUGCzw74PXjsXsuWoqhCshnwZKd8w3CHw0toA706V9SQKm/XlvV9D38sf+pufrXPUHdcZfuyjKTW0/fuWJiOEbVDcP3RY0j6tgSWPSMhvlzDKGFwFdC/w3RJ6pi0DmJbt9lpBTK2CDj1FRi/nufC0bS+5yHufP0AcYOc9rZPFDXsj8IUzkxfqzFGEHNblK5CyHqck3g6IcMb4ECGuv7x9mQxcm2m2ja1M+2NeXuFq5VJy64hWBCjfTEDajRZp9VGLK1CJNaldzIHMC2pimj/hyK5chUXDvc+NKRU6k+QrkqiqPXWE8Ddf8Jx/pAURYY6CBIlAkTzP1GA4Uk=', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'EntityAttributes' => array ( 'http://macedir.org/entity-category' => array ( 0 => 'http://refeds.org/category/hide-from-discovery', ), ), 'hide.from.discovery' => true, 'contacts' => array ( 0 => array ( 'emailAddress' => 'aai@titkarsag.mta.local', 'contactType' => 'technical', 'givenName' => 'aai', 'surName' => 'team', ), ), );

Certificates

Download the X509 certificates as PEM-encoded files.

• idp.crt.pem