What is the correct way to create Service Provider SSO metadata

Question

I would like to test my newly written Service Provider (SP), SAML2.0 consuming end-points.

To do so I would like to create a test Identity Provider (IdP), either with TestShib or SSOCircle. Both these services require me to provide the appropriate SP metadata that describes my new SP endpoints.

I know that Shibboleth, once installed, will do this for me using the path:

• [my-domain]/Shibboleth.sso/Metadata

However my confidence in the generated results are shaken by the warning at the top of the file, which states:

This is example metadata only. Do NOT supply it as is without review, and do NOT provide it in real time to your partners.

Also, of course, you need to have Shibboleth installed which may not be possible.

So what is the best way to create / generate the SP metadata?

Answer 1

With Shibboleth SP plugins, the best way to provide metadata is to use the generated version from [my-domain]/Shibboleth.sso/Metadata and make manual changes if required.

Make sure to verify that the URLs it includes are correct, that it includes bindings you would like to support, that certificates are correct, eventually make modifications required by your IDP (like adding contact information). For testing even these parts can typically be skipped.

More details on metadata structure and things which can be changed are in Shibboleth's wiki.