Summary of the requirements for metadata in Kalmar Union

This document summarises the Appendix A of Kalmar Union Charter and Memorandum of Understanding.

For all providers:

• Follow SAML2 metadata interoperability profile
• Ensure the Provider's entityID is in a controlled namespace
• Have a ValidUntil value between 6-96 hours
• if Single logout is supported, register endpoints for redirect binding

For Identity Providers:

• have a Shibboleth-style list of allowed "scopes" for scoped attributes
• have an embedded certificate for signing SAML assertions

For Service Providers:

• have a list of requestedAttributes (including NameFormat=uri)
• if the AssertionConsumerService endpoint is not https, have an embedded certificate for excypting SAML assertions