Gateway | Configuring a Service Provider

Social Provider Metadata Configuration

In the Cirrus Gateway, each social provider has its own SAML metadata endpoint. We take each of these endpoints and put them into a metadata bundle. You will need to configure your SAML SP to consume metadata for the social provider IdP endpoints. Since we may add a new social provider to the service at any time, it is best if you refresh the metadata on a daily basis.

NOTE - Customers using the Cirrus Identity Provider Proxy

If you are integrating your SP with the Cirrus Identity Provider Proxy then you probably want to be consuming the metadata for your specific proxy, not the Gateway bundle. Proxies are customer specific and you'll want to follow our instructions on consuming customer metadata.

Social Provider Metadata

An aggregate of the social provider metadata is available at the following URL:

You can also find per entity metadata for each IdP endpoint for the social providers.


Metadata Configuration - Shibboleth SP

Metadata for the Shibboleth Service Provider is configured in the shibboleth2.xml file. An example configuration for the Gateway metadata bundle is as follows:

<MetadataProvider type="XML" url="" backingFilePath="/<path to local file>/CirrusIdentitySocialProviders-metadata.xml" reloadInterval="86400">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>

Replace <path to local file> with the actual path to a file on your server. This file must be writable by the Shibboleth process.

For details on all of the available configuration options, please see the Shibboleth NativeSPMetadataProvider documentation.

Metadata Configuration - SimpleSAMLphp Service Provider

Metadata for SimpleSAMLphp is best configured using the metarefresh module. An example configuration for the Gateway metadata bundle is as follows:

$config = array(
    'sets' => array(
        'incommon' => array(
            'cron'      => array('daily'),
            'sources'   => array(
                    'src' => '',
            'expireAfter'       => 60*60*24*4, // Maximum 4 days cache time.
            'outputDir'     => '<path to local directory>',
            'outputFormat' => 'serialize',

Replace <path to local directory> with the actual path to a directory on your server. This directory must be writable by the web server process.

For details on using the metarefresh module, please see the SimpleSAMLphp Automated Metadata Management documentation.