The SAML2 IdP and SP requirements have been updated to clarify certificate expectations. …

Changes to the Requirements for SAML2 Service Providers that are purely technical must reach rough consensus/no opposition among SAFIRE’s service advisory group. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on 30 November 2023. The following describes the technical and administrative checks made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for service provider operators for assessing their readiness to participate. …

Following a period of consultation and starting from 31 March 2021, we’ve made several changes to SAFIRE’s idp- & sp-requirements and to the minimum attributes required for participation. …

Changes to the Requirements for SAML2 Service Providers that are purely technical must reach rough consensus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on 31 March 2021. The following describes the technical and administrative checks made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for service provider operators for assessing their readiness to participate. …

Changes to the Requirements for SAML2 Service Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on 18 Sept 2018, and was subsequently amended to incorporate updates from the MRPS. The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for service provider operators for assessing their readiness to participate. …

Changes to the Requirements for SAML2 Service Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on …. The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for service provider operators for assessing their readiness to participate. …

Changes to the Requirements for SAML2 Service Providers that are purely technical in nature must reach rough consenus/no opposition at the SAFIRE Participants’ Forum. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. This version reached rough consensus on …. The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for service provider operators for assessing their readiness to participate. …

The following describes the technical and administrative checks that will be made before a service provider is admitted into the SAFIRE federation within the SAML2 Technology Profile. It also serves as a checklist for service provider operators for assessing their readiness to participate. Metadata MUST1 have an entityID that is a URL (well-known location). The URL SHOULD use the https scheme and it is RECOMMENDED that valid metadata be available at this URL. MUST use secure (https) end-points for any or . MUST contain an element, where: MUST reflect the legal name of the juristic person. MAY reflect a commonly known or shortened version of the organisation’s name SHOULD contain the organisation’s web site address. MUST contain at least one of contactType="technical" and SHOULD contain one of contactType="support". Where is given this SHOULD be a role account rather than an individual. MUST contain an , with at least the following elements set: — meaningful name for service. — short (max 140 chars) explanation of the purpose of the service, such that it is reasonably obvious why the attributes requested are required. — web site containing a copy of the service provider’s privacy policy. It is RECOMMENDED that a be provided. Any logo MUST be served from a secure (https) server. Logos SHOULD have an aspect ratio as close to 1:1 as possible and SHOULD be at least 100x100 pixels (although 300x300 is RECOMMENDED). SHOULD NOT contain a element (any existing one SHALL be removed by the federation agregator) MUST contain entries. SAML certificates included in metadata SHOULD be self-signed. web server certificates used for end-points MUST use PKI that is reasonably likely to be embedded in the browser of all users of the service. Unless an explanation is provided, these SHALL be tested against the root CA lists of common browsers. Language and Localisation The SAML metadata specification allows display elements such as to be localised by using the xml:lang attribute to specify a BCP 47 language code. In common with other federations worldwide, English (xml:lang="en") MUST always be included and will be used as the default when no localised version is available. …

This page documents the history of SAFIRE’s Requirements for SAML2 Service Providers and will display the most recent version. You should always reference this page when linking to the Requirements for SAML2 Service Providers, unless you intend to link to a specific, versioned document. Changes to the Requirements for SAML2 Identity Providers that are purely technical must reach rough consensus/no opposition among SAFIRE’s service advisory group. Changes to the administrative requirements are synchronised with the Metadata Registration Practice Statement. …