INESC-ID | SAML 2.0 IdP Metadata

SAML 2.0 IdP Metadata

Here is the metadata that SimpleSAMLphp has generated for you. You may send this metadata document to trusted partners to setup a trusted federation.

You can get the metadata xml on a dedicated URL:

https://id.inesc-id.pt/saml/saml2/idp/metadata.php

Metadata

In SAML 2.0 Metadata XML format:

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://id.inesc-id.pt/saml">
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:Extensions>
      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">inesc-id.pt</shibmd:Scope>
      <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:DisplayName xml:lang="en">INESC ID Identity Provider</mdui:DisplayName>
        <mdui:DisplayName xml:lang="pt">Fornecedor de Identidade do INESC ID</mdui:DisplayName>
        <mdui:Description xml:lang="en">INESC ID Identity Provider</mdui:Description>
        <mdui:Description xml:lang="pt">Fornecedor de Identidade do INESC ID</mdui:Description>
        <mdui:Keywords xml:lang="en">Lisboa INESC INESC+ID</mdui:Keywords>
      </mdui:UIInfo>
    </md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIFuTCCA6GgAwIBAgIUMVeEJuiNX2EMobZ+sBa/hHWydpcwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCUFQxDzANBgNVBAgMBkxpc2JvbjERMA8GA1UECgwISU5FU0MgSUQxFzAVBgNVBAMMDmlkLmluZXNjLWlkLnB0MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBpbmVzYy1pZC5wdDAeFw0yMTA0MjkxMTA4MjhaFw0zMTA0MjkxMTA4MjhaMGwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib24xETAPBgNVBAoMCElORVNDIElEMRcwFQYDVQQDDA5pZC5pbmVzYy1pZC5wdDEgMB4GCSqGSIb3DQEJARYRYWRtaW5AaW5lc2MtaWQucHQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMTCZpSMadAeVYTocwSuBggVKivOhSyNQLM9kStIrUH/G+/zeW1ozz9G6S1lT6bOOb4T30lFXv1V2j/1/FZd8DxIRjzF15TbRlKMXEqk8QtFxg5tSveC/EMYjZYO0eOQcavpSQyppg4TeY71w0d700q6z4p6KFzeqzlVyAE/w7eYVY5NFHjRt7RyPdgNMEY5QDao//zEU7OeaNMvoRWl+75BMpfdr74efALl9mXQphdTeevTz5xlZYXs6Ml4mnniqP2z3lGOG8vAIWFQPM7Wq0EjtsOA+lDkyjLkEZfgI6/oQIV8ItGhK7WiPR5JTYamoJ0kIcUUdOGmVk2CqL00Ijo5YaSZtRZAHyzB9U1VWfnMJu6aL7DpUVESnijjLLOluvlHVyi6opGkbHDqaTFqiJpQK/BC/sQUhKaoAHiTgjLKBCkRG2D9MIPuQSFWtf/Qg7gs1WopOxCdY65baxP/PqQDsvb03dmaZS7VND7iMmCUlpBKfpYSVVfyAg1kFqmoQDoJcRS8+awFP/cUu/t3s1hxWYmyk90vSXzFCdWefCeBIPxYSL3B/jXHrslvKDXYpLcUjy+1+pVrG3NBCVb0YiSjbyCOTf9eYNN6u+jSL1iW4O6vW335eszCF+teiFs7LCNOco0vW5+MNnjsfOAH3VUYp3rwpgdbovR+9/TcYBZwIDAQABo1MwUTAdBgNVHQ4EFgQUpDT6KbaLvxGz6vC5QXMksR+A58wwHwYDVR0jBBgwFoAUpDT6KbaLvxGz6vC5QXMksR+A58wwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAQdNuiHCT+OkUNf1Y9Vx/vuS6sVSIaa1//Ab83E0+9vHUYV76hR2YGvhSCDguqP1B9zwKajGa9sPKyBqW889aoLYCFsSks9NXjdKKBa9c4Zz3BF7BeRAquC1B9K6F1sHdi/u0IDr2vzS+wzPKE32sK9MJEGetH5wpqdspVqn3pNX3TxvWW5uG0L3EW1k3l9P6CzJD5EZqrn8XSfG85O/dHqEG5quZyJ3iaMz3MIalEeBy3y+WjqRyzYJk5BLTGQl84ZBK/iIrrDTYACn05R9xYhRAaqt05e/XZs62nNSIWFzTdqX2i4WiMlNOcRjNmYZ6bol6rES35wGi1/yOWKaz4l7lOoCGz8J8DGVfw8BRJh5x3IwDSPyLnbdJLM9okiEQoBEdqepVf0oDPy4AdMGXwKLUyxR7moaqdVkyAzlyM3Jbq7HX1TuSM25g4etZCRtzroFw5qm3dTAbwoGAWFDFHZ13jxdRgesYOrxFjjUt4Zk7+n2GA4OwLjlNtA2DLIezs5EuBkduInQ9wzfk6p7QUmTK/bO6HuIyFm3kIonw5Pi55WG94TuTcJksX5hte+KddxIAFPtJWCQz08C7JpwfRxbDH2SjaGirPHnQ251DD043K3GCGS28kNb19R/tq02gxi586RP5iZpStTuWWMSQyvxOyd0KxoRdpolnUMQcgxA=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIFuTCCA6GgAwIBAgIUMVeEJuiNX2EMobZ+sBa/hHWydpcwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCUFQxDzANBgNVBAgMBkxpc2JvbjERMA8GA1UECgwISU5FU0MgSUQxFzAVBgNVBAMMDmlkLmluZXNjLWlkLnB0MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBpbmVzYy1pZC5wdDAeFw0yMTA0MjkxMTA4MjhaFw0zMTA0MjkxMTA4MjhaMGwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib24xETAPBgNVBAoMCElORVNDIElEMRcwFQYDVQQDDA5pZC5pbmVzYy1pZC5wdDEgMB4GCSqGSIb3DQEJARYRYWRtaW5AaW5lc2MtaWQucHQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMTCZpSMadAeVYTocwSuBggVKivOhSyNQLM9kStIrUH/G+/zeW1ozz9G6S1lT6bOOb4T30lFXv1V2j/1/FZd8DxIRjzF15TbRlKMXEqk8QtFxg5tSveC/EMYjZYO0eOQcavpSQyppg4TeY71w0d700q6z4p6KFzeqzlVyAE/w7eYVY5NFHjRt7RyPdgNMEY5QDao//zEU7OeaNMvoRWl+75BMpfdr74efALl9mXQphdTeevTz5xlZYXs6Ml4mnniqP2z3lGOG8vAIWFQPM7Wq0EjtsOA+lDkyjLkEZfgI6/oQIV8ItGhK7WiPR5JTYamoJ0kIcUUdOGmVk2CqL00Ijo5YaSZtRZAHyzB9U1VWfnMJu6aL7DpUVESnijjLLOluvlHVyi6opGkbHDqaTFqiJpQK/BC/sQUhKaoAHiTgjLKBCkRG2D9MIPuQSFWtf/Qg7gs1WopOxCdY65baxP/PqQDsvb03dmaZS7VND7iMmCUlpBKfpYSVVfyAg1kFqmoQDoJcRS8+awFP/cUu/t3s1hxWYmyk90vSXzFCdWefCeBIPxYSL3B/jXHrslvKDXYpLcUjy+1+pVrG3NBCVb0YiSjbyCOTf9eYNN6u+jSL1iW4O6vW335eszCF+teiFs7LCNOco0vW5+MNnjsfOAH3VUYp3rwpgdbovR+9/TcYBZwIDAQABo1MwUTAdBgNVHQ4EFgQUpDT6KbaLvxGz6vC5QXMksR+A58wwHwYDVR0jBBgwFoAUpDT6KbaLvxGz6vC5QXMksR+A58wwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAQdNuiHCT+OkUNf1Y9Vx/vuS6sVSIaa1//Ab83E0+9vHUYV76hR2YGvhSCDguqP1B9zwKajGa9sPKyBqW889aoLYCFsSks9NXjdKKBa9c4Zz3BF7BeRAquC1B9K6F1sHdi/u0IDr2vzS+wzPKE32sK9MJEGetH5wpqdspVqn3pNX3TxvWW5uG0L3EW1k3l9P6CzJD5EZqrn8XSfG85O/dHqEG5quZyJ3iaMz3MIalEeBy3y+WjqRyzYJk5BLTGQl84ZBK/iIrrDTYACn05R9xYhRAaqt05e/XZs62nNSIWFzTdqX2i4WiMlNOcRjNmYZ6bol6rES35wGi1/yOWKaz4l7lOoCGz8J8DGVfw8BRJh5x3IwDSPyLnbdJLM9okiEQoBEdqepVf0oDPy4AdMGXwKLUyxR7moaqdVkyAzlyM3Jbq7HX1TuSM25g4etZCRtzroFw5qm3dTAbwoGAWFDFHZ13jxdRgesYOrxFjjUt4Zk7+n2GA4OwLjlNtA2DLIezs5EuBkduInQ9wzfk6p7QUmTK/bO6HuIyFm3kIonw5Pi55WG94TuTcJksX5hte+KddxIAFPtJWCQz08C7JpwfRxbDH2SjaGirPHnQ251DD043K3GCGS28kNb19R/tq02gxi586RP5iZpStTuWWMSQyvxOyd0KxoRdpolnUMQcgxA=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://id.inesc-id.pt/saml/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://id.inesc-id.pt/saml/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en">Instituto de Engenharia de Sistemas e Computadores, Investiga&#xE7;&#xE3;o e Desenvolvimento</md:OrganizationName>
    <md:OrganizationName xml:lang="pt">Instituto de Engenharia de Sistemas e Computadores, Investiga&#xE7;&#xE3;o e Desenvolvimento</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">INESC ID</md:OrganizationDisplayName>
    <md:OrganizationDisplayName xml:lang="pt">INESC ID</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">https://www.inesc-id.pt/</md:OrganizationURL>
    <md:OrganizationURL xml:lang="pt">https://www.inesc-id.pt/</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="technical">
    <md:GivenName>Administrator</md:GivenName>
    <md:EmailAddress>mailto:admin@inesc-id.pt</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

In SimpleSAMLphp flat file format - use this if you are using a SimpleSAMLphp entity on the other side:

$metadata['https://id.inesc-id.pt/saml'] = [
    'metadata-set' => 'saml20-idp-remote',
    'entityid' => 'https://id.inesc-id.pt/saml',
    'SingleSignOnService' => [
        [
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'https://id.inesc-id.pt/saml/saml2/idp/SSOService.php',
        ],
    ],
    'SingleLogoutService' => [
        [
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'https://id.inesc-id.pt/saml/saml2/idp/SingleLogoutService.php',
        ],
    ],
    'certData' => 'MIIFuTCCA6GgAwIBAgIUMVeEJuiNX2EMobZ+sBa/hHWydpcwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCUFQxDzANBgNVBAgMBkxpc2JvbjERMA8GA1UECgwISU5FU0MgSUQxFzAVBgNVBAMMDmlkLmluZXNjLWlkLnB0MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBpbmVzYy1pZC5wdDAeFw0yMTA0MjkxMTA4MjhaFw0zMTA0MjkxMTA4MjhaMGwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib24xETAPBgNVBAoMCElORVNDIElEMRcwFQYDVQQDDA5pZC5pbmVzYy1pZC5wdDEgMB4GCSqGSIb3DQEJARYRYWRtaW5AaW5lc2MtaWQucHQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMTCZpSMadAeVYTocwSuBggVKivOhSyNQLM9kStIrUH/G+/zeW1ozz9G6S1lT6bOOb4T30lFXv1V2j/1/FZd8DxIRjzF15TbRlKMXEqk8QtFxg5tSveC/EMYjZYO0eOQcavpSQyppg4TeY71w0d700q6z4p6KFzeqzlVyAE/w7eYVY5NFHjRt7RyPdgNMEY5QDao//zEU7OeaNMvoRWl+75BMpfdr74efALl9mXQphdTeevTz5xlZYXs6Ml4mnniqP2z3lGOG8vAIWFQPM7Wq0EjtsOA+lDkyjLkEZfgI6/oQIV8ItGhK7WiPR5JTYamoJ0kIcUUdOGmVk2CqL00Ijo5YaSZtRZAHyzB9U1VWfnMJu6aL7DpUVESnijjLLOluvlHVyi6opGkbHDqaTFqiJpQK/BC/sQUhKaoAHiTgjLKBCkRG2D9MIPuQSFWtf/Qg7gs1WopOxCdY65baxP/PqQDsvb03dmaZS7VND7iMmCUlpBKfpYSVVfyAg1kFqmoQDoJcRS8+awFP/cUu/t3s1hxWYmyk90vSXzFCdWefCeBIPxYSL3B/jXHrslvKDXYpLcUjy+1+pVrG3NBCVb0YiSjbyCOTf9eYNN6u+jSL1iW4O6vW335eszCF+teiFs7LCNOco0vW5+MNnjsfOAH3VUYp3rwpgdbovR+9/TcYBZwIDAQABo1MwUTAdBgNVHQ4EFgQUpDT6KbaLvxGz6vC5QXMksR+A58wwHwYDVR0jBBgwFoAUpDT6KbaLvxGz6vC5QXMksR+A58wwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAQdNuiHCT+OkUNf1Y9Vx/vuS6sVSIaa1//Ab83E0+9vHUYV76hR2YGvhSCDguqP1B9zwKajGa9sPKyBqW889aoLYCFsSks9NXjdKKBa9c4Zz3BF7BeRAquC1B9K6F1sHdi/u0IDr2vzS+wzPKE32sK9MJEGetH5wpqdspVqn3pNX3TxvWW5uG0L3EW1k3l9P6CzJD5EZqrn8XSfG85O/dHqEG5quZyJ3iaMz3MIalEeBy3y+WjqRyzYJk5BLTGQl84ZBK/iIrrDTYACn05R9xYhRAaqt05e/XZs62nNSIWFzTdqX2i4WiMlNOcRjNmYZ6bol6rES35wGi1/yOWKaz4l7lOoCGz8J8DGVfw8BRJh5x3IwDSPyLnbdJLM9okiEQoBEdqepVf0oDPy4AdMGXwKLUyxR7moaqdVkyAzlyM3Jbq7HX1TuSM25g4etZCRtzroFw5qm3dTAbwoGAWFDFHZ13jxdRgesYOrxFjjUt4Zk7+n2GA4OwLjlNtA2DLIezs5EuBkduInQ9wzfk6p7QUmTK/bO6HuIyFm3kIonw5Pi55WG94TuTcJksX5hte+KddxIAFPtJWCQz08C7JpwfRxbDH2SjaGirPHnQ251DD043K3GCGS28kNb19R/tq02gxi586RP5iZpStTuWWMSQyvxOyd0KxoRdpolnUMQcgxA=',
    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
    'OrganizationName' => [
        'en' => 'Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento',
        'pt' => 'Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento',
    ],
    'OrganizationDisplayName' => [
        'en' => 'INESC ID',
        'pt' => 'INESC ID',
    ],
    'OrganizationURL' => [
        'en' => 'https://www.inesc-id.pt/',
        'pt' => 'https://www.inesc-id.pt/',
    ],
    'scope' => [
        'inesc-id.pt',
    ],
    'UIInfo' => [
        'DisplayName' => [
            'en' => 'INESC ID Identity Provider',
            'pt' => 'Fornecedor de Identidade do INESC ID',
        ],
        'Description' => [
            'en' => 'INESC ID Identity Provider',
            'pt' => 'Fornecedor de Identidade do INESC ID',
        ],
        'Keywords' => [
            'en' => [
                'Lisboa',
                'INESC',
                'INESC ID',
            ],
        ],
    ],
    'contacts' => [
        [
            'emailAddress' => 'admin@inesc-id.pt',
            'contactType' => 'technical',
            'givenName' => 'Administrator',
        ],
    ],
];

Certificates

Download the X509 certificates as PEM-encoded files.

idp.crt