summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjörn Mattsson <Bjorn.Mattsson@bth.se>2019-11-14 09:54:37 +0100
committerBjörn Mattsson <Bjorn.Mattsson@bth.se>2019-11-14 09:54:37 +0100
commitadbc0de1bc468f47a51f69e170242474e25b8ffb (patch)
tree71c2273ac9287732592a43bc041ed3f79b4d2b0f
parent4606fc192429900bb4419832f0bc7d013bb83f53 (diff)
Resolved SWMID-2521
-rw-r--r--swamid-2.0/weblogin.test.uu.se-idp-shibboleth.xml86
1 files changed, 65 insertions, 21 deletions
diff --git a/swamid-2.0/weblogin.test.uu.se-idp-shibboleth.xml b/swamid-2.0/weblogin.test.uu.se-idp-shibboleth.xml
index 10d6414d..02388aa6 100644
--- a/swamid-2.0/weblogin.test.uu.se-idp-shibboleth.xml
+++ b/swamid-2.0/weblogin.test.uu.se-idp-shibboleth.xml
@@ -4,6 +4,17 @@
<mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
<mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>
+ <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
+ <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue>
+ <saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue>
+ <saml:AttributeValue>https://refeds.org/sirtfi</saml:AttributeValue>
+ </saml:Attribute>
+ <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
+ <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
+ <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue>
+ </samla:Attribute>
+ </mdattr:EntityAttributes>
</md:Extensions>
<IDPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
<Extensions>
@@ -11,21 +22,35 @@
<mdui:UIInfo>
<mdui:DisplayName xml:lang="sv">Uppsala universitet TEST</mdui:DisplayName>
<mdui:DisplayName xml:lang="en">Uppsala University TEST</mdui:DisplayName>
- <mdui:Description xml:lang="sv">Gemensam webbinloggning för anställda, studenter och övriga verksamma vid Uppsala universitet. TEST</mdui:Description>
- <mdui:Description xml:lang="en">The Uppsala University Identity Provider is used by employees and students at the university. TEST</mdui:Description>
+ <mdui:Description xml:lang="sv">Gemensam webbinloggning TEST för anställda, studenter och övriga verksamma vid Uppsala universitet.</mdui:Description>
+ <mdui:Description xml:lang="en">The Uppsala University TEST Identity Provider is used by employees and students at the university.</mdui:Description>
<mdui:InformationURL xml:lang="sv">https://weblogin.test.uu.se</mdui:InformationURL>
<mdui:InformationURL xml:lang="en">https://weblogin.test.uu.se/english.html</mdui:InformationURL>
<mdui:Logo height="50" width="50">https://weblogin.test.uu.se/idp/images/logga-50.png</mdui:Logo>
<mdui:Logo xml:lang="sv" height="50" width="50">https://weblogin.test.uu.se/idp/images/logga-50.png</mdui:Logo>
<mdui:Logo xml:lang="en" height="50" width="50">https://weblogin.test.uu.se/idp/images/logga-50.png</mdui:Logo>
- <mdui:PrivacyStatementURL xml:lang="sv">https://weblogin.test.uu.se/</mdui:PrivacyStatementURL>
- <mdui:PrivacyStatementURL xml:lang="en">https://weblogin.test.uu.se/english.html</mdui:PrivacyStatementURL>
+ <mdui:PrivacyStatementURL xml:lang="sv">https://weblogin.test.uu.se/#2</mdui:PrivacyStatementURL>
+ <mdui:PrivacyStatementURL xml:lang="en">https://weblogin.test.uu.se/english.html#2</mdui:PrivacyStatementURL>
<mdui:Keywords xml:lang="sv">uppsala+universitet</mdui:Keywords>
<mdui:Keywords xml:lang="en">uppsala+university</mdui:Keywords>
</mdui:UIInfo>
+ <mdui:DiscoHints>
+ <mdui:DomainHint>uu.se</mdui:DomainHint>
+ <mdui:IPHint>130.238.0.0/18</mdui:IPHint>
+ <mdui:IPHint>130.238.64.0/19</mdui:IPHint>
+ <mdui:IPHint>130.238.128.0/17</mdui:IPHint>
+ <mdui:IPHint>130.242.96.0/20</mdui:IPHint>
+ <mdui:IPHint>130.243.128.0/17</mdui:IPHint>
+ <mdui:IPHint>212.25.130.0/24</mdui:IPHint>
+ <mdui:IPHint>212.25.144.0/21</mdui:IPHint>
+ <mdui:IPHint>2001:6b0:B::/48</mdui:IPHint>
+ <mdui:IPHint>2001:6b0:C::/48</mdui:IPHint>
+ <mdui:GeolocationHint>geo:59.857583,17.629500</mdui:GeolocationHint>
+ </mdui:DiscoHints>
</Extensions>
+ <!-- First signing certificate is BackChannel, the Second is FrontChannel -->
<KeyDescriptor use="signing">
- <ds:KeyInfo>
+ <ds:KeyInfo xmlns="">
<ds:X509Data>
<ds:X509Certificate>
MIIDODCCAiCgAwIBAgIVALH78yF625WD24SZwiOcGOOvPZ27MA0GCSqGSIb3DQEB
@@ -46,12 +71,12 @@ z0XSLb/uZVeguusT0lBnVj/4ZChA4nd/JIkTP75XMKJ51b+TS9+i5sQLPVR4D/+e
pFe422nJTV+yciVwKsuHmu3br2DEtgSSFWGilvGDdlfBAYtUDKG1DL2AVdI3ikZa
kCyta/hzhS30XO24ZrWeaPKGQri48PsZufzaHcjcVw8IRY8HI226xFya7F8AbGZQ
qK8gNoxLpQOHlY2i
- </ds:X509Certificate>
+ </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="signing">
- <ds:KeyInfo>
+ <ds:KeyInfo xmlns="">
<ds:X509Data>
<ds:X509Certificate>
MIIDNzCCAh+gAwIBAgIUcIyPpnhtGppaMvJ1n+26SdVOQRkwDQYJKoZIhvcNAQEL
@@ -72,12 +97,12 @@ QHOEryJY6wvvI/zwpyOSkOSTt3qFQ3ZnS40wCs34wP/Hj6cHtkrl2OF0XA5M6yU4
1kAk9gpaiX2Rhapn4W9V3p6CgpXthk+b8nwQeZ22KeG3ompceHJ/+nmS8G63pq56
efRdH5xJNjTPu6mVHW9W+lW83i7mGlmMJAgl+qjTECSKXe9LcyYMsy6IphbVsDbX
zMHQwjf5evdJ6lo=
- </ds:X509Certificate>
+ </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
- <ds:KeyInfo>
+ <ds:KeyInfo xmlns="">
<ds:X509Data>
<ds:X509Certificate>
MIIDODCCAiCgAwIBAgIVAKxjuWw/YZpjuyfHWcbrDOP8tYnkMA0GCSqGSIb3DQEB
@@ -98,7 +123,7 @@ Oktly7qvWX0Qrh0yYfHJaI/WPVxH4jI/1jDwa9Am/jJbOW/uy6s14zjXswi1ZKd0
EPzW8pfIR9H1gDAU5hoLuGjWF7NIqmRCfYE6n9/oEZfET1dG3zUpBG2EacmZDv8o
CIpvN4bSlO9wP5fnymBLt+DxfMdmN973aeU529su8I3uj3Q4qaDBk8zGTKFx82Ae
dqPteAxhBzLEflg+
- </ds:X509Certificate>
+ </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
@@ -109,16 +134,18 @@ dqPteAxhBzLEflg+
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://weblogin.test.uu.se:8443/idp/profile/SAML2/SOAP/SLO"/>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://weblogin.test.uu.se/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://weblogin.test.uu.se/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://weblogin.test.uu.se/idp/profile/SAML2/Redirect/SSO"/>
</IDPSSODescriptor>
<AttributeAuthorityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions>
- <shibmd:Scope regexp="false">test.uu.se</shibmd:Scope>
+ <shibmd:Scope xmlns="" regexp="false">test.uu.se</shibmd:Scope>
</Extensions>
+ <!-- First signing certificate is BackChannel, the Second is FrontChannel -->
<KeyDescriptor use="signing">
- <ds:KeyInfo>
+ <ds:KeyInfo xmlns="">
<ds:X509Data>
<ds:X509Certificate>
MIIDODCCAiCgAwIBAgIVALH78yF625WD24SZwiOcGOOvPZ27MA0GCSqGSIb3DQEB
@@ -139,12 +166,12 @@ z0XSLb/uZVeguusT0lBnVj/4ZChA4nd/JIkTP75XMKJ51b+TS9+i5sQLPVR4D/+e
pFe422nJTV+yciVwKsuHmu3br2DEtgSSFWGilvGDdlfBAYtUDKG1DL2AVdI3ikZa
kCyta/hzhS30XO24ZrWeaPKGQri48PsZufzaHcjcVw8IRY8HI226xFya7F8AbGZQ
qK8gNoxLpQOHlY2i
- </ds:X509Certificate>
+ </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="signing">
- <ds:KeyInfo>
+ <ds:KeyInfo xmlns="">
<ds:X509Data>
<ds:X509Certificate>
MIIDNzCCAh+gAwIBAgIUcIyPpnhtGppaMvJ1n+26SdVOQRkwDQYJKoZIhvcNAQEL
@@ -165,12 +192,12 @@ QHOEryJY6wvvI/zwpyOSkOSTt3qFQ3ZnS40wCs34wP/Hj6cHtkrl2OF0XA5M6yU4
1kAk9gpaiX2Rhapn4W9V3p6CgpXthk+b8nwQeZ22KeG3ompceHJ/+nmS8G63pq56
efRdH5xJNjTPu6mVHW9W+lW83i7mGlmMJAgl+qjTECSKXe9LcyYMsy6IphbVsDbX
zMHQwjf5evdJ6lo=
- </ds:X509Certificate>
+ </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
- <ds:KeyInfo>
+ <ds:KeyInfo xmlns="">
<ds:X509Data>
<ds:X509Certificate>
MIIDODCCAiCgAwIBAgIVAKxjuWw/YZpjuyfHWcbrDOP8tYnkMA0GCSqGSIb3DQEB
@@ -191,7 +218,7 @@ Oktly7qvWX0Qrh0yYfHJaI/WPVxH4jI/1jDwa9Am/jJbOW/uy6s14zjXswi1ZKd0
EPzW8pfIR9H1gDAU5hoLuGjWF7NIqmRCfYE6n9/oEZfET1dG3zUpBG2EacmZDv8o
CIpvN4bSlO9wP5fnymBLt+DxfMdmN973aeU529su8I3uj3Q4qaDBk8zGTKFx82Ae
dqPteAxhBzLEflg+
- </ds:X509Certificate>
+ </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
@@ -199,15 +226,32 @@ dqPteAxhBzLEflg+
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://weblogin.test.uu.se:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
</AttributeAuthorityDescriptor>
<Organization xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
- <OrganizationName xml:lang="en">Uppsala university</OrganizationName>
+ <OrganizationName xml:lang="sv">Uppsala universitet</OrganizationName>
+ <OrganizationName xml:lang="en">Uppsala University</OrganizationName>
+ <OrganizationDisplayName xml:lang="sv">Uppsala universitet TEST</OrganizationDisplayName>
<OrganizationDisplayName xml:lang="en">Uppsala University TEST</OrganizationDisplayName>
- <OrganizationURL xml:lang="en">http://www.uu.se</OrganizationURL>
+ <OrganizationURL xml:lang="sv">http://www.uu.se/</OrganizationURL>
+ <OrganizationURL xml:lang="en">http://www.uu.se/en/</OrganizationURL>
</Organization>
+ <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="administrative">
+ <Company>Uppsala universitet</Company>
+ <EmailAddress>mailto:drift@uadm.uu.se</EmailAddress>
+ </ContactPerson>
<ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="technical">
<Company>Uppsala universitet</Company>
- <SurName>AKKA SAML2</SurName>
- <EmailAddress>mailto:uadm-team_plattform@lists.uu.se</EmailAddress>
+ <EmailAddress>mailto:drift@uadm.uu.se</EmailAddress>
+ </ContactPerson>
+ <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="support">
+ <Company>Uppsala universitet</Company>
+ <EmailAddress>mailto:servicedesk@uu.se</EmailAddress>
+ <TelephoneNumber>+46184714400</TelephoneNumber>
+ </ContactPerson>
+ <ContactPerson xmlns:remd="http://refeds.org/metadata" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
+ <GivenName>Uppsala University Computer Security Incident Response Team</GivenName>
+ <EmailAddress>mailto:security@uu.se</EmailAddress>
+ <TelephoneNumber>+46184717560</TelephoneNumber>
</ContactPerson>
</md:EntityDescriptor>