Cirrus Identity Support Center

In the Cirrus Gateway, each social provider has its own SAML metadata endpoint. We take each of these endpoints and put them into a metadata bundle. You will need to configure your SAML SP to consume metadata for the social provider IdP endpoints. Since we may add a new social provider to the service at any time, it is best if you refresh the metadata on a daily basis.

Using the Cirrus SAML Proxy?

If you are integrating your SP with the Cirrus SAML Proxy then you probably want to be consuming the proxy metadata bundle, not the gateway bundle. Proxies are customer specific and you'll want to follow our instructions on consuming customer metadata.

XML Metadata

An XML version of the social provider metadata bundle is available at the following URL:

• https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml

You can also find per entity metadata for each IdP endpoint for the social providers. 

Metadata Configuration - Shibboleth SP

Metadata for the Shibboleth Service Provider is configured in the shibboleth2.xml file. An example configuration for the Gateway metadata bundle is as follows:

<MetadataProvider type="XML" url="https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml" backingFilePath="/<path to local file>/CirrusIdentitySocialProviders-metadata.xml" reloadInterval="86400">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
</MetadataProvider>

Replace <path to local file> with the actual path to a file on your server. This file must be writable by the Shibboleth process.

For details on all of the available configuration options, please see the Shibboleth NativeSPMetadataProvider documentation.

Replace <path to local directory> with the actual path to a directory on your server. This directory must be writable by the web server process.

For details on using the metarefresh module, please see the SimpleSAMLphp Automated Metadata Management documentation.