Constructing SAML Metadata XML for Single Sign-On Identity Provider

Metadata is used to represent some information of the Identity Provider (IdP) and send to the Service Provider (SP). It's encapsulated in an EntityDescriptor element. The SP receives the Metadata and extracts needed information like ID, Contact Person, Organization, etc. In case you want to create Metadata for the SP, take a look at this article.

The following example demonstrates how to create Metadata, sign it with a public key and private key, and print the XML to the output:

C#

EntityDescriptor entityDescriptor = new EntityDescriptor();
entityDescriptor.Id = "MPCSHKBKAJTWEF5RsrHcS2.R3Fb";
AttributeAuthorityDescriptor attributeAuthorityDescriptor = new AttributeAuthorityDescriptor();
entityDescriptor.AttributeAuthorityDescriptors.Add(attributeAuthorityDescriptor);

AttributeService attributeService = new AttributeService();
attributeService.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
attributeService.Location = "https://xxx.xxxx.xxxx.com/idp/attrsvc.ssaml2";
attributeAuthorityDescriptor.AttributeServices.Add(attributeService);

X509Certificate2 x509Certificate = new X509Certificate2(@"D:\ComponentPro\NetProducts\Branches\2009v4\UltimateSaml\SampleCodes\CSharp\Pkey.pfx", "password");

SpSsoDescriptor ssoDescriptor = new SpSsoDescriptor();

ArtifactResolutionService ars = new ArtifactResolutionService();
ars.IsDefault = true;
ars.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/ARS.ssaml2";
ssoDescriptor.ArtifactResolutionServices.Add(ars);

SingleLogoutService slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.saml2";
ssoDescriptor.SingleLogoutServices.Add(slo);

slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.saml2";
ssoDescriptor.SingleLogoutServices.Add(slo);

slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.saml2";
ssoDescriptor.SingleLogoutServices.Add(slo);

slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.ssaml2";
ssoDescriptor.SingleLogoutServices.Add(slo);

AssertionConsumerService acs = new AssertionConsumerService();
acs.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
acs.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/ACS.saml2";
ssoDescriptor.AssertionConsumerServices.Add(acs);

AttributeConsumingService attcs = new AttributeConsumingService();
attcs.ServiceNames.Add(new ServiceName("AttributeContract", "en"));
attcs.RequestedAttributes.Add(new RequestedAttribute("lname"));
attcs.RequestedAttributes.Add(new RequestedAttribute("mid"));
attcs.RequestedAttributes.Add(new RequestedAttribute("fname"));
ssoDescriptor.AttributeConsumingServices.Add(attcs);

entityDescriptor.SpSsoDescriptors.Add(ssoDescriptor);            

ContactPerson person = new ContactPerson();
person.Company = "Health Dialog";
person.GivenName = "John";
person.Surname = "Brown";
person.EmailAddresses.Add("a@email.com");
person.TelephoneNumbers.Add("12345");

entityDescriptor.ContactPeople.Add(person);

//ssoDescriptor.Sign(x509Certificate); // Sign SSO Descriptor if needed.
entityDescriptor.Sign(x509Certificate); // In this case we sign the entity descriptor.

string xml = entityDescriptor.GetXml().OuterXml;

System.Diagnostics.Trace.WriteLine(xml);

VB.NET:

Dim entityDescriptor As New EntityDescriptor()
entityDescriptor.Id = "MPCSHKBKAJTWEF5RsrHcS2.R3Fb"
Dim attributeAuthorityDescriptor As New AttributeAuthorityDescriptor()
entityDescriptor.AttributeAuthorityDescriptors.Add(attributeAuthorityDescriptor)

Dim attributeService As New AttributeService()
attributeService.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
attributeService.Location = "https://xxx.xxxx.xxxx.com/idp/attrsvc.ssaml2"
attributeAuthorityDescriptor.AttributeServices.Add(attributeService)

Dim x509Certificate As New X509Certificate2("D:\ComponentPro\NetProducts\Branches\2009v4\UltimateSaml\SampleCodes\CSharp\Pkey.pfx", "password")

Dim ssoDescriptor As New SpSsoDescriptor()

Dim ars As New ArtifactResolutionService()
ars.IsDefault = True
ars.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/ARS.ssaml2"
ssoDescriptor.ArtifactResolutionServices.Add(ars)

Dim slo As New SingleLogoutService()
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.saml2"
ssoDescriptor.SingleLogoutServices.Add(slo)

slo = New SingleLogoutService()
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.saml2"
ssoDescriptor.SingleLogoutServices.Add(slo)

slo = New SingleLogoutService()
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.saml2"
ssoDescriptor.SingleLogoutServices.Add(slo)

slo = New SingleLogoutService()
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
slo.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/SLO.ssaml2"
ssoDescriptor.SingleLogoutServices.Add(slo)

Dim acs As New AssertionConsumerService()
acs.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
acs.Location = "https://ssoqa.thedialogcenter.com/hsyeg/sp/ACS.saml2"
ssoDescriptor.AssertionConsumerServices.Add(acs)

Dim attcs As New AttributeConsumingService()
attcs.ServiceNames.Add(New ServiceName("AttributeContract", "en"))
attcs.RequestedAttributes.Add(New RequestedAttribute("lname"))
attcs.RequestedAttributes.Add(New RequestedAttribute("mid"))
attcs.RequestedAttributes.Add(New RequestedAttribute("fname"))
ssoDescriptor.AttributeConsumingServices.Add(attcs)

entityDescriptor.SpSsoDescriptors.Add(ssoDescriptor)

Dim person As New ContactPerson()
person.Company = "Health Dialog"
person.GivenName = "John"
person.Surname = "Brown"
person.EmailAddresses.Add("a@email.com")
person.TelephoneNumbers.Add("12345")

entityDescriptor.ContactPeople.Add(person)

'ssoDescriptor.Sign(x509Certificate); // Sign SSO Descriptor if needed.
entityDescriptor.Sign(x509Certificate) ' In this case we sign the entity descriptor.

Dim xml As String = entityDescriptor.GetXml().OuterXml

System.Diagnostics.Trace.WriteLine(xml)

45-Day Money Back Guarantee

We will refund your full money in 45 days
if you are not satisfied with our products

Buy Now

Dont miss out Get update on new articles and other opportunities