Old REFEDS Advice:

  • Logo: “specifies the external location of a localized logo fit for display to users. This element extends the anyURI schema type with the following attributes: 

height [Required]: The rendered height of the logo measured in pixels.
width [Required]: The rendered width of the logo measured in pixels.
xml:lang: Optional language specifier.

  • In order to facilitate the usage of logos within a user interface, logos SHOULD:
    • Use a transparent background where appropriate
    • Use PNG, or GIF (less preferred), images
    • Use HTTPS URLs in order to avoid mixed-content warnings within browsers.
  • As mentioned in the specification (and above), these should be protected by an https URL so as to avoid mixed content warning.
  • Sites (particularly) should be encouraged to avoid hosting their logos on a (Java) servlet container. Apart from the additional load on a (usually) scarce resource, such containers usually push a cookie with every request. Thus, such URLs when rendered by other sites, will be pushing third party cookies.


[SDP-MD09] Metadata MUST include an <mdui:UIInfo> element as defined in [MetaUI] containing at least the child elements <mdui:DisplayName> and <mdui:Logo>. An SP’s metadata MUST include the child element <PrivacyStatementURL> [SDP-MD10] The content of the <mdui:Logo> element MUST be either an https URL or an in-line image embedded in a data URI element. The size of the data URI used in a <mdui:Logo> element is not limited to 256 characters.

eduGAIN SAML Profile:

If an <mdui:Logo> element is present, the logo MUST be expressed as a Data URI(embedded logo) or an https URL. URLs used for this element MUST be publicly accessible.

  • No labels