Identity Provider Proxy | SAML Resources

Customer Metadata

Cirrus will generate customer specific SAML Metadata for certain services. 


Metadata

Cirrus will publish your metadata bundle at https://md.cirrusidentity.com/metadata/_NAME_/cirrus-metadata-signed.xml where _NAME_ is a customer specific identifier. Cirrus will provide the value to use for _NAME_

The metadata bundle can contains an EntitiesDescriptor element with multiple EntityDescriptor child elements. Not all SAML software can consume a bundle of metadata. If you need individual files, please contact Cirrus support.

For an example Shibboleth SP configuration to automatically consume the metadata bundle, see “Enabling Shibboleth service provider to consume Cirrus Proxy metadata”.

Signature Verification

Customer metadata is signed by Cirrus. If your SAML software supports signature verification, then you can use the public key to verify the download.

# Retrieve the certificate
$ /usr/bin/curl --silent \
https://md.cirrusidentity.com/metadata/metadata-signing.crt \
> /tmp/metadata-signing.crt
# Validate the certificates fingerprint
$ openssl x509 -noout -in /tmp/metadata-signing.crt  -fingerprint -sha1

    SHA1 Fingerprint=56:C4:D7:77:8D:9F:C8:03:40:E4:B4:9F:77:67:57:A1:F4:52:91:1D