In the Cirrus Gateway, each social provider has its own SAML metadata endpoint. We take each of these endpoints and put them into a metadata bundle. You will need to configure your SAML SP to consume metadata for the social provider IdP endpoints. Since we may add a new social provider to the service at any time, it is best if you refresh the metadata on a daily basis.
An XML version of the social provider metadata bundle is available at the following URL:
You can also find per entity metadata for each IdP endpoint for the social providers.
Metadata Configuration - Shibboleth SP
Metadata for the Shibboleth Service Provider is configured in the
shibboleth2.xml file. An example configuration for the Gateway metadata bundle is as follows:
<MetadataProvider type="XML" url="https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml" backingFilePath="/<path to local file>/CirrusIdentitySocialProviders-metadata.xml" reloadInterval="86400"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/> </MetadataProvider>
<path to local file> with the actual path to a file on your server. This file must be writable by the Shibboleth process.
For details on all of the available configuration options, please see the Shibboleth NativeSPMetadataProvider documentation.
Metadata Configuration - SimpleSAMLphp Service Provider
A PHP version of the social provider metadata bundle that is suitable for
saml20-idp-remote.php is available here. Although it is acceptable to configure the metadata directly in
saml20-idp-remote.php, it is best to use the
metarefresh module. An example configuration for the Gateway metadata bundle is as follows:
<path to local directory> with the actual path to a directory on your server. This directory must be writable by the web server process.
For details on using the
metarefresh module, please see the SimpleSAMLphp Automated Metadata Management documentation.