In the Cirrus Gateway, each social provider has its own SAML metadata endpoint. We take each of these endpoints and put them into a metadata bundle. You will need to configure your SAML SP to consume metadata for the social provider IdP endpoints. Since we may add a new social provider to the service at any time, it is best if you refresh the metadata on a daily basis.


XML Metadata

An XML version of the social provider metadata bundle is available at the following URL:


You can also find per entity metadata for each IdP endpoint for the social providers. 


Provider Metadata
AOL https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-AOL-metadata.xml
Facebook
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Facebook-metadata.xml
Google
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Google-metadata.xml
Instagram https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Instagram-metadata.xml
LinkedIn
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-LinkedIn-metadata.xml
Twitter https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Twitter-metadata.xml
Windows Live (Hotmail)
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Live-metadata.xml
Weibo https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Weibo-metadata.xml
Yahoo!
https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-Yahoo-metadata.xml



Metadata Configuration - Shibboleth SP

Metadata for the Shibboleth Service Provider is configured in the shibboleth2.xml file. An example configuration for the Gateway metadata bundle is as follows:

<MetadataProvider type="XML" url="https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml" backingFilePath="/<path to local file>/CirrusIdentitySocialProviders-metadata.xml" reloadInterval="86400">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
</MetadataProvider>


Replace <path to local file> with the actual path to a file on your server. This file must be writable by the Shibboleth process.


For details on all of the available configuration options, please see the Shibboleth NativeSPMetadataProvider documentation.


Metadata Configuration - SimpleSAMLphp Service Provider

A PHP version of the social provider metadata bundle that is suitable for saml20-idp-remote.php is available here. Although it is acceptable to configure the metadata directly in saml20-idp-remote.php, it is best to use the metarefresh module. An example configuration for the Gateway metadata bundle is as follows:


1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

$config array(

    'sets' => array(

        'incommon' => array(

            'cron'      => array('daily'),

            'sources'   => array(

                array(

                    'src' => 'https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml',

                ),

            ),

            'expireAfter'       => 60*60*24*4, // Maximum 4 days cache time.

            'outputDir'     => '<path to local directory>',

            'outputFormat' => 'serialize',

        ),

    )

);

 

Replace <path to local directory> with the actual path to a directory on your server. This directory must be writable by the web server process.

For details on using the metarefresh module, please see the SimpleSAMLphp Automated Metadata Management documentation.