1

I'm writing manually a federation metadata XML for “Relying Party Trust” and “Claims Provider Trusts” for ADFS 2.0 This could be a basic example...

<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor ID="_271f377f-78d8-4133-8c46-a73c4936bb1f" entityID="https://example.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  <RoleDescriptor xsi:type="fed:ApplicationServiceType" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <fed:TargetScopes>
      <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsa:Address>https://example.com/</wsa:Address>
      </wsa:EndpointReference>
    </fed:TargetScopes>
    <fed:PassiveRequestorEndpoint>
      <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsa:Address>https://example.com/</wsa:Address>
      </wsa:EndpointReference>
    </fed:PassiveRequestorEndpoint>
  </RoleDescriptor>
</EntityDescriptor>

There is some way to use something like wild carddomain to auth all my environments (development, integration, preproducction, production.. )

For example...

<EntityDescriptor ID="_271f377f-78d8-4133-8c46-a73c4936bb1f" entityID="https://*.example.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
        <wsa:Address>https://*.example.com/</wsa:Address>

to mach..

https://des.example.com/

https://int.example.com/

https://pre.example.com/

https://pro.example.com/

I already read What to present at SAML EntityID URL? but just in case.

Community
  • 1
  • 1
icalvete
  • 987
  • 2
  • 16
  • 50

1 Answers1

1

You can not use a wild card in the EntityID for a couple of reasons

  • "*" is allowed 1, 2 in a URI but does not operate as a wildcard, so this wouldn't have the effect your are looking for

  • Each Entity (identified by it's EntityID) should have its own endpoints so that other SAML Entities will now where to redirect browsers or issue backchannel requests to and/or where it should listen for requests.

You can simply copy the EntityDescriptor and change values for each of your environment

Community
  • 1
  • 1
Yiannis Kakavas
  • 597
  • 3
  • 9