Versions Compared

Old Version 8

changes.mady.by.user Ray Lee

Saved on

compared with

New Version 9

changes.mady.by.user Ray Lee

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
<?xml version="1.0" encoding="UTF-8"?>

<svc:service-config
    xmlns:svc='http://collectionspace.org/services/config'
    xmlns:merge='http://xmlmerge.el4j.elca.ch'
>
    <security>
        <sso>
            <saml>
                <single-logout />

                <relying-party-registrations>
                    <relying-party id="auth0">
                        <name>Auth0</name>
                        <icon location="https://cdn.auth0.com/manhattan/versions/1.4478.0/assets/badge.png" />
                        <metadata location="https://dev-vynkcnqhac3c0s10.us.auth0.com/samlp/metadata/aiXoltFSsQymeHorBxWM5pGLxnslocpe" />

                        <signing-x509-credentials>
                            <x509-credential>
                                <private-key location="file:///home/collectionspace/tomcat/cspace/services/credentials/private.key" />
                                <x509-certificate location="file:///home/collectionspace/tomcat/cspace/services/credentials/certificate.crt" />
                            </x509-credential>
                        </signing-x509-credentials>

                        <decryption-x509-credentials>
                            <x509-credential>
                                <private-key location="file:///home/collectionspace/tomcat/cspace/services/credentials/private.key" />
                                <x509-certificate location="file:///home/collectionspace/tomcat/cspace/services/credentials/certificate.crt" />
                            </x509-credential>
                        </decryption-x509-credentials>
                    </relying-party>
                </relying-party-registrations>
            </saml>
        </sso>
    </security>
</svc:service-config>

...

A list of credentials to use for signing SAML requests issued by CollectionSpace. Typically, you will only specify a single credential (private key and certificate pair). A credential is required if the identity provider requires login requests to be signed (as reported in its metadata), or if single logout is enabled. Otherwise, signing credentials are optional.

...

For an example, see: https://github.com/spring-projects/spring-security-samples/blob/5.8.x/servlet/xml/java/saml2/login-logout/src/main/resources/credentials/rp-certificate.crt

decryption-x509-credentials

A list of credentials to use for encrypting and decrypting SAML assertions issued by the IdP. Typically, you will only specify a single credential (private key and certificate pair). A credential is required if the identity provider requires its assertions to be encrypted. Otherwise, decryption credentials are optional. The content of decryption-x509-credentials has the same structure as signing-x509-credentials, but the decryption and signing credentials may differ.

Retrieving CollectionSpace SAML Metadata

...