51 lines
3.5 KiB
Plaintext
51 lines
3.5 KiB
Plaintext
<cfsilent>
|
|
<!---when generating metadata, use HTTPS! --->
|
|
|
|
<!--- set in applicaion.cfc --->
|
|
<cfinclude template="app_saml_config.cfm"/>
|
|
|
|
<cfset ksFile = CreateObject("Java", "java.io.File").init(request.SAML.KEYSTORE_FILE_NAME) />
|
|
<cfset ksInputStream = CreateObject("Java", "java.io.FileInputStream").init(ksFile) />
|
|
<cfset keystore = CreateObject("Java" , "java.security.KeyStore").getInstance("JKS") />
|
|
<cfset keystore.load(ksInputStream, request.SAML.KEYSTORE_PASS.toCharArray()) />
|
|
<cfset certificate = keystore.getCertificate(request.SAML.CERTIFICATE_ALIAS) />
|
|
<!---<cfset privatekey = keystore.getkey(request.saml.certificate_alias, request.saml.key_pass.tochararray()) />--->
|
|
<cfset signingCertString = binaryEncode(certificate.getEncoded(),"base64") />
|
|
<cfset encryptionCertString = signingCertString/>
|
|
|
|
<cfset currentPageUrl = "#request.SAML.baseUrl##GetFileFromPath(CGI.script_name)#"/>
|
|
<cfset IdFromCurrentPageUrl = replace(replace(currentPageUrl, "/", "_", "ALL"), ":", "_", "ALL")/>
|
|
|
|
<cfset validUntilUTC = DateConvert("local2UTC", DateAdd( "d", 2, Now() ))/> <!--- 2 days literal --->
|
|
<!--- ------------------------------------------------------------------------------------ --->
|
|
<!--- ------------------------------------------------------------------------------------ --->
|
|
<!--- ------------------------------------------------------------------------------------ --->
|
|
|
|
</cfsilent><cfcontent type="text/xml"/><?xml version="1.0" encoding="UTF-8"?><cfoutput>
|
|
<md:EntityDescriptor ID="#IdFromCurrentPageUrl#" entityID="#currentPageUrl#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="#DateFormat(validUntilUTC,"yyyy-mm-dd")#T#TimeFormat(validUntilUTC,"HH:MM:ss")#Z" cacheDuration="PT604800S">
|
|
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
<md:KeyDescriptor use="signing">
|
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig##">
|
|
<ds:X509Data>
|
|
<ds:X509Certificate>#signingCertString#</ds:X509Certificate>
|
|
</ds:X509Data>
|
|
</ds:KeyInfo>
|
|
</md:KeyDescriptor>
|
|
<md:KeyDescriptor use="encryption">
|
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig##">
|
|
<ds:X509Data>
|
|
<ds:X509Certificate>#encryptionCertString#</ds:X509Certificate>
|
|
</ds:X509Data>
|
|
</ds:KeyInfo>
|
|
</md:KeyDescriptor>
|
|
<!--- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="#baseUrl#logout.cfm"/>--->
|
|
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="#request.SAML.baseUrl#logout.cfm"/>
|
|
<!--- <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
|
|
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
|
|
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>--->
|
|
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
|
|
<!--- <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat>--->
|
|
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="#request.SAML.baseUrl#sso.cfm" index="0" isDefault="true"/>
|
|
<!--- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Location="#baseUrl#hoksso.cfm" hoksso:ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" index="1" xmlns:hoksso="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser"/>--->
|
|
</md:SPSSODescriptor>
|
|
</md:EntityDescriptor></cfoutput> |