- <!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->
- <LogoutInitiator type="Chaining" Location="/Logout">
- <LogoutInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
- <LogoutInitiator type="Local"/>
- </LogoutInitiator>
+ <!-- An example supporting the new-style of discovery service. -->
+ <SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
+ <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" defaultACSIndex="5"/>
+ <SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS"/>
+ </SessionInitiator>
+
+ <!--
+ md:AssertionConsumerService locations handle specific SSO protocol bindings,
+ such as SAML 2.0 POST or SAML 1.1 Artifact. The isDefault and index attributes
+ are used when sessions are initiated to determine how to tell the IdP where and
+ how to return the response.
+ -->
+ <md:AssertionConsumerService Location="/SAML2/POST" index="1"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+ <md:AssertionConsumerService Location="/SAML2/POST-SimpleSign" index="2"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
+ <md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+ <md:AssertionConsumerService Location="/SAML2/ECP" index="4"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"/>
+ <md:AssertionConsumerService Location="/SAML/POST" index="5"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
+ <md:AssertionConsumerService Location="/SAML/Artifact" index="6"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>