Gateway | Configuring a Service Provider
Social Provider Metadata Configuration
In the Cirrus Gateway, each social provider has its own SAML metadata endpoint. We take each of these endpoints and put them into a metadata bundle. You will need to configure your SAML SP to consume metadata for the social provider IdP endpoints. Since we may add a new social provider to the service at any time, it is best if you refresh the metadata on a daily basis.
NOTE - Customers using the Cirrus Identity Provider Proxy
If you are integrating your SP with the Cirrus Identity Provider Proxy then you probably want to be consuming the metadata for your specific proxy, not the Gateway bundle. Proxies are customer specific and you'll want to follow our instructions on consuming customer metadata.
Social Provider Metadata
An aggregate of the social provider metadata is available at the following URL:
You can also find per entity metadata for each IdP endpoint for the social providers.
Metadata Configuration - Shibboleth SP
Metadata for the Shibboleth Service Provider is configured in the
shibboleth2.xml file. An example configuration for the Gateway metadata bundle is as follows:
<MetadataProvider type="XML" url="https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml" backingFilePath="/<path to local file>/CirrusIdentitySocialProviders-metadata.xml" reloadInterval="86400"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/> </MetadataProvider>
<path to local file> with the actual path to a file on your server. This file must be writable by the Shibboleth process.
For details on all of the available configuration options, please see the Shibboleth NativeSPMetadataProvider documentation.
Metadata Configuration - SimpleSAMLphp Service Provider
Metadata for SimpleSAMLphp is best configured using the
metarefresh module. An example configuration for the Gateway metadata bundle is as follows:
$config = array( 'sets' => array( 'incommon' => array( 'cron' => array('daily'), 'sources' => array( array( 'src' => 'https://md.cirrusidentity.com/metadata/CirrusIdentitySocialProviders-metadata.xml', ), ), 'expireAfter' => 60*60*24*4, // Maximum 4 days cache time. 'outputDir' => '<path to local directory>', 'outputFormat' => 'serialize', ), ) );
<path to local directory> with the actual path to a directory on your server. This directory must be writable by the web server process.
For details on using the
metarefresh module, please see the SimpleSAMLphp Automated Metadata Management documentation.