In the Cirrus Gateway, each social provider has its own SAML metadata endpoint. We take each of these endpoints and put them into a metadata bundle. You will need to configure your SAML SP to consume metadata for the social provider IdP endpoints. Since we may add a new social provider to the service at any time, it is best if you refresh the metadata on a daily basis.
Using the Cirrus SAML Proxy?
If you are integrating your SP with the Cirrus SAML Proxy then you probably want to be consuming the proxy metadata bundle, not the gateway bundle. Proxies are customer specific and you'll want to follow our instructions on consuming customer metadata.
An XML version of the social provider metadata bundle is available at the following URL:
You can also find per entity metadata for each IdP endpoint for the social providers.
Metadata Configuration - Shibboleth SP
Metadata for the Shibboleth Service Provider is configured in the
shibboleth2.xml file. An example configuration for the Gateway metadata bundle is as follows:
<MetadataProvider type="XML" url="https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml" backingFilePath="/<path to local file>/CirrusIdentitySocialProviders-metadata.xml" reloadInterval="86400"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/> </MetadataProvider>
<path to local file> with the actual path to a file on your server. This file must be writable by the Shibboleth process.
For details on all of the available configuration options, please see the Shibboleth NativeSPMetadataProvider documentation.
Metadata Configuration - SimpleSAMLphp Service Provider
A PHP version of the social provider metadata bundle that is suitable for
saml20-idp-remote.php is available here. Although it is acceptable to configure the metadata directly in
saml20-idp-remote.php, it is best to use the
metarefresh module. An example configuration for the Gateway metadata bundle is as follows:
<path to local directory> with the actual path to a directory on your server. This directory must be writable by the web server process.
For details on using the
metarefresh module, please see the SimpleSAMLphp Automated Metadata Management documentation.