In the Cirrus Gateway, each social provider has its own SAML metadata endpoint. We take each of these endpoints and put them into a metadata bundle. You will need to configure your SAML SP to consume metadata for the social provider IdP endpoints. Since we may add a new social provider to the service at any time, it is best if you refresh the metadata on a daily basis.


Using the Cirrus SAML Proxy?

If you are integrating your SP with the Cirrus SAML Proxy then you probably want to be consuming the proxy metadata bundle, not the gateway bundle. Proxies are customer specific and you'll want to follow our instructions on consuming customer metadata.


XML Metadata

An XML version of the social provider metadata bundle is available at the following URL:


You can also find per entity metadata for each IdP endpoint for the social providers. 


Provider
Metadata
Facebook
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Facebook-metadata.xml
Google
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Google-metadata.xml
Instagram
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Instagram-metadata.xml
LinkedIn
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-LinkedIn-metadata.xml
Twitter
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Twitter-metadata.xml
Microsofthttps://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Live-metadata.xml
Weibo
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Weibo-metadata.xml
Yahoo!
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Yahoo-metadata.xml



Metadata Configuration - Shibboleth SP

Metadata for the Shibboleth Service Provider is configured in the shibboleth2.xml file. An example configuration for the Gateway metadata bundle is as follows:

<MetadataProvider type="XML" url="https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml" backingFilePath="/<path to local file>/CirrusIdentitySocialProviders-metadata.xml" reloadInterval="86400">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
</MetadataProvider>


Replace <path to local file> with the actual path to a file on your server. This file must be writable by the Shibboleth process.


For details on all of the available configuration options, please see the Shibboleth NativeSPMetadataProvider documentation.


Metadata Configuration - SimpleSAMLphp Service Provider

A PHP version of the social provider metadata bundle that is suitable for saml20-idp-remote.php is available here. Although it is acceptable to configure the metadata directly in saml20-idp-remote.php, it is best to use the metarefresh module. An example configuration for the Gateway metadata bundle is as follows:


1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

$config array(

    'sets' => array(

        'incommon' => array(

            'cron'      => array('daily'),

            'sources'   => array(

                array(

                    'src' => 'https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml',

                ),

            ),

            'expireAfter'       => 60*60*24*4, // Maximum 4 days cache time.

            'outputDir'     => '<path to local directory>',

            'outputFormat' => 'serialize',

        ),

    )

);

 

Replace <path to local directory> with the actual path to a directory on your server. This directory must be writable by the web server process.

For details on using the metarefresh module, please see the SimpleSAMLphp Automated Metadata Management documentation.