How to create SAML Metadata XML for ServiceProvider

by System Administrator

The Service Provider (SP) receives metadata from the Identity Provider (IdP), parses it and sends back SP Metadata XML to the IdP. The SP Metadata XML contains information of binding location, organization, contact person, etc. It is signed with a private key and the IdP needs a corresponding public key to decrypt it. You can use the following code in conjunction with the code in the previous post to make a connection between your IdP and SP. This makes use of the EntityDescriptor class to construct a response message sending back to the IdP. When the message is needed to be signed, we use the KeyDescriptor class to add X509 certificate's data. The AssertionConsumerService class and some other informative classes such as ContactPerson and Organization are to store user information.

In addition to creating the metadata for Service Provider, Ultimate SAML also helps you create Metadata for Identity Provider.

C#:

// Load your certificate.
X509Certificate2 x509Certificate = new X509Certificate2(@"..\..\Pkey.pfx", "password");

// Create Entity Descriptor with ID received from the IdP.
EntityDescriptor descriptor = new EntityDescriptor();
descriptor.Id = "84CCAA9F05EE4BA1B13F8943FDF1D320";
SpSsoDescriptor spd = new SpSsoDescriptor();
spd.Id = "someid";
spd.AuthnRequestsSigned = true;
spd.ProtocolSupportEnumeration = "urn:oasis:names:tc:SAML:2.0:protocol";

// Creating a key descriptor.
KeyDescriptor keyDescriptor = new KeyDescriptor();
keyDescriptor.Use = "signing";
KeyInfoX509Data keyData = new KeyInfoX509Data(x509Certificate);

// Create KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyData);
keyDescriptor.KeyInfo = keyInfo.GetXml();
// Add KeyDescriptor.
spd.KeyDescriptors.Add(keyDescriptor);

// Assign assertion service URL.
AssertionConsumerService consumerService = new AssertionConsumerService();
consumerService.Index = 0;
consumerService.IsDefault = true;
consumerService.Location = "http://www.test.com/AssertionService.aspx";
consumerService.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
spd.AssertionConsumerServices.Add(consumerService);

descriptor.SpSsoDescriptors.Add(spd);

// Add some information.
// Organization information
descriptor.Organization = new Organization();
descriptor.Organization.OrganizationNames
    .Add(new OrganizationName("Company - some name", "en"));
descriptor.Organization.OrganizationDisplayNames
    .Add(new OrganizationDisplayName("Company", "en"));
descriptor.Organization.OrganizationUrls.Add(new OrganizationUrl("https://www.company.be", "en"));

// Add contact person info.
ContactPerson person = new ContactPerson();
person.Company = "Company";
person.EmailAddresses.Add("helpdesk@company.be");
// Contact information
descriptor.ContactPeople.Add(person);
// Sign metadata with service provider key
descriptor.Sign(x509Certificate);

// Get XML element and its content.
XmlElement xml = descriptor.GetXml();

// Print out
System.Diagnostics.Trace.WriteLine(xml.OuterXml);

//XmlDocument document = xml.OwnerDocument;

//context.Response.ContentType = "text/xml";
//context.Response.ContentEncoding = System.Text.Encoding.UTF8;
//document.Save(context.Response.Output);
//context.Response.End();

VB.NET:

' Load your certificate.
Dim x509Certificate As New X509Certificate2("..\..\Pkey.pfx", "password")

' Create Entity Descriptor with ID received from the IdP.
Dim descriptor As New EntityDescriptor()
descriptor.Id = "84CCAA9F05EE4BA1B13F8943FDF1D320"
Dim spd As New SpSsoDescriptor()
spd.Id = "someid"
spd.AuthnRequestsSigned = True
spd.ProtocolSupportEnumeration = "urn:oasis:names:tc:SAML:2.0:protocol"

' Creating a signing key.
Dim signingKey As New KeyDescriptor()
signingKey.Use = "signing"
Dim keyData As New KeyInfoX509Data(x509Certificate)
signingKey.KeyInfo = keyData.GetXml()
spd.KeyDescriptors.Add(signingKey)

' Assign assertion service URL.
Dim consumerService As New AssertionConsumerService()
consumerService.Index = 0
consumerService.IsDefault = True
consumerService.Location = "http://www.test.com/AssertionService.aspx"
consumerService.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
spd.AssertionConsumerServices.Add(consumerService)

descriptor.SpSsoDescriptors.Add(spd)

' Add some information.
' Organization information
descriptor.Organization = New Organization()
descriptor.Organization.OrganizationNames.Add(New OrganizationName("Company - some name", "en"))
descriptor.Organization.OrganizationDisplayNames.Add(New OrganizationDisplayName("Company", "en"))
descriptor.Organization.OrganizationUrls.Add(New OrganizationUrl("https://www.company.be", "en"))

' Add contact person info.
Dim person As New ContactPerson()
person.Company = "Company"
person.EmailAddresses.Add("helpdesk@company.be")
' Contact information
descriptor.ContactPeople.Add(person)
' Sign metadata with service provider key
descriptor.Sign(x509Certificate)

' Get the XML element and its content.
Dim xml As XmlElement = descriptor.GetXml()

' Print out
System.Diagnostics.Trace.WriteLine(xml.OuterXml)

'XmlDocument document = xml.OwnerDocument;

'context.Response.ContentType = "text/xml";
'context.Response.ContentEncoding = System.Text.Encoding.UTF8;
'document.Save(context.Response.Output);
'context.Response.End();

All Blog Posts

45-Day Money Back Guarantee

We will refund your full money in 45 days
if you are not satisfied with our products

Buy Now

How to create SAML Metadata XML for ServiceProvider

45-Day Money Back Guarantee

We will refund your full money in 45 days if you are not satisfied with our products

Dont miss out Get update on new articles and other opportunities

Related Posts

We will refund your full money in 45 days
if you are not satisfied with our products