summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjörn Mattsson <bjorn@sunet.se>2022-04-05 08:33:43 +0200
committerBjörn Mattsson <bjorn@sunet.se>2022-04-05 08:33:43 +0200
commit2262d03a2e3593100ae503133c9f8f6dea672e5e (patch)
tree4c9f2506a35937c3fae086824be037be8751ec7d
parenta45acff4921d99e12ef297f88f36dec3676a26cc (diff)
SWAMID-541, SWAMID-743 Added AL3 for LiU and eduID + fixed Makefile to allow AL3
-rw-r--r--Makefile4
-rw-r--r--swamid-2.0/fs.liu.se-adfs-services-trust.xml1
-rw-r--r--swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml1
-rw-r--r--swamid-2.0/idp.dev.eduid.se-idp.xml.xml1
-rw-r--r--swamid-2.0/login.idp.eduid.se-idp.xml.xml1
5 files changed, 7 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index ce20ed07..a07c10dc 100644
--- a/Makefile
+++ b/Makefile
@@ -231,7 +231,7 @@ testEntCat:
@echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement"
@for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://www.swamid.se/assurance-requirement"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://www.swamid.se/assurance-requirement"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
@echo "Checking for wrong AttributeValue in EntityAttributes/Attribute urn:oasis:names:tc:SAML:attribute:assurance-certification"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/assurance/al3<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
testValidContact:
@echo "Checking for valid Contact Information"
@@ -245,6 +245,8 @@ testSimpleSign:
@for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || exit 0
testALlevel:
+ @echo "Check for IdP:s with AL3 without AL2"
+ @for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al3 $$x && ! grep -q http://www.swamid.se/policy/assurance/al2 $$x ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
@echo "Check for IdP:s with AL2 without AL1"
@for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al2 $$x && ! grep -q http://www.swamid.se/policy/assurance/al1 $$x ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
diff --git a/swamid-2.0/fs.liu.se-adfs-services-trust.xml b/swamid-2.0/fs.liu.se-adfs-services-trust.xml
index 396cfe7d..28fdce4a 100644
--- a/swamid-2.0/fs.liu.se-adfs-services-trust.xml
+++ b/swamid-2.0/fs.liu.se-adfs-services-trust.xml
@@ -8,6 +8,7 @@
<samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue>
<samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue>
+ <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue>
<samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>
</samla:Attribute>
<samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
diff --git a/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml b/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml
index da42ca93..e1db4430 100644
--- a/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml
+++ b/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml
@@ -8,6 +8,7 @@
<samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue>
<samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue>
+ <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue>
<samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>
</samla:Attribute>
<samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
diff --git a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml
index cef2d597..ac5b8dfc 100644
--- a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml
+++ b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml
@@ -8,6 +8,7 @@
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue>
<saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue>
+ <saml:AttributeValue>http://www.swamid.se/policy/assurance/al3</saml:AttributeValue>
<saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</saml:AttributeValue>
<saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</saml:AttributeValue>
</saml:Attribute>
diff --git a/swamid-2.0/login.idp.eduid.se-idp.xml.xml b/swamid-2.0/login.idp.eduid.se-idp.xml.xml
index 27a40240..a7cc4d79 100644
--- a/swamid-2.0/login.idp.eduid.se-idp.xml.xml
+++ b/swamid-2.0/login.idp.eduid.se-idp.xml.xml
@@ -8,6 +8,7 @@
<samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue>
<samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue>
+ <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue>
<samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</samla:AttributeValue>
<samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</samla:AttributeValue>
<samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>