VERTRIEB: 1-800-867-1380

SAML Protocol Metadata and Endpoints

Veröffentlicht: April 2013

Letzte Aktualisierung: April 2014

SAML protocol requires the identity provider (Azure Active Directory) and the service provider (the application) to exchange information about themselves. When a service provider is registered with Azure Active Directory, the developer registers federation-related information with Azure Active Directory, including the redirect URI and the metadata URI of the service provider. Azure Active Directory uses the metadata URI of the cloud service to retrieve the signing key and the logout URI of the cloud service. If the service provider does not support a metadata URL, the developer must contact Microsoft support to provide the logout URI and signing key.

Azure Active Directory exposes tenant-specific and common (tenant-independent) single sign-on and single sign-out endpoints. The following table shows the endpoints for each type. The Federation Metadata URLs represent addressable locations -- they are not just an identifiers -- so you can go to the endpoint to read the metadata.

 

Tenant-specific endpoint

https://login.windows.net/<TenantDomainName>/FederationMetadata/2007-06/FederationMetadata.xml

Tenant-independent endpoint

https://login.windows.net/common/FederationMetadata/2007-06/FederationMetadata.xml

The tenant-specific federation metadata is located at the tenant-specific metadata endpoint. The <TenantDomainName> placeholder represents a registered domain name or TenantID GUID of an Azure AD tenant. For example, the federation metadata of the contoso.com tenant is at: https://login.windows.net/contoso.com/FederationMetadata/2007-06/FederationMetadata.xml

The common or tenant-independent federation metadata is located at the tenant-independent metadata endpoint: https://login.windows.net/common/FederationMetadata/2007-06/FederationMetadata.xml. You can go to that location to read the tenant-independent metadata. In this endpoint address, "common" appears, instead of a tenant domain name or ID.

For information about the Federation Metadata documents that Azure Active Directory publishes, see Federation Metadata.

Siehe auch

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.
Microsoft führt eine Onlineumfrage durch, um Ihre Meinung zur MSDN-Website zu erfahren. Wenn Sie sich zur Teilnahme entscheiden, wird Ihnen die Onlineumfrage angezeigt, sobald Sie die MSDN-Website verlassen.

Möchten Sie an der Umfrage teilnehmen?
Anzeigen:
© 2014 Microsoft