Updated connect SP:s tomd-2023-06-22-v01

* correct EC + RequestedAttribute * correct Organization / ContactPerson
author: Björn Mattsson <bjorn@sunet.se> 2023-06-22 13:14:05 +0200
committer: Björn Mattsson <bjorn@sunet.se> 2023-06-22 13:14:05 +0200
commit: 3ba44360056408519d50b677794625413a4b81fe (patch)
tree: c378d83ac4d7f7b7844613cd4724413428e1a420
parent: e19f3b340949f54d617629bb59a0037fb59819c1 (diff)
4 files changed, 62 insertions, 23 deletions
diff --git a/metadata/swamid-2.0/connect.dev.eduid.se-eduidsp.xml b/metadata/swamid-2.0/connect.dev.eduid.se-eduidsp.xml
index ef3773bf..418c546c 100644
--- a/metadata/swamid-2.0/connect.dev.eduid.se-eduidsp.xml
+++ b/metadata/swamid-2.0/connect.dev.eduid.se-eduidsp.xml
@@ -4,7 +4,6 @@
     <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2022-12-09T09:36:19Z">
       <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy>
     </mdrpi:RegistrationInfo>
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
     <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
     <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
@@ -18,7 +17,6 @@
     <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
     <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
     <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"/>
     <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"/>
     <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
     <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"/>
@@ -26,24 +24,28 @@
     <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
     <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
     <mdattr:EntityAttributes>
+      <samla:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>
+        <samla:AttributeValue>https://refeds.org/sirtfi2</samla:AttributeValue>
+      </samla:Attribute>
       <samla:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-        <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
+        <samla:AttributeValue>https://refeds.org/category/code-of-conduct/v2</samla:AttributeValue>
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
   <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false" WantAssertionsSigned="true">
     <md:Extensions>
       <mdui:UIInfo>
-        <mdui:Description xml:lang="en">SP for connect.dev.eduid.se</mdui:Description>
-        <mdui:Description xml:lang="sv">SP för connect.dev.eduid.se</mdui:Description>
-        <mdui:DisplayName xml:lang="en">eduID Proxy SP Sweden</mdui:DisplayName>
-        <mdui:DisplayName xml:lang="sv">eduID Proxy SP Sverige</mdui:DisplayName>
-        <mdui:InformationURL xml:lang="en">https://eduid.se</mdui:InformationURL>
-        <mdui:InformationURL xml:lang="sv">https://eduid.se</mdui:InformationURL>
+        <mdui:DisplayName xml:lang="en">eduID Connect dev</mdui:DisplayName>
+        <mdui:DisplayName xml:lang="sv">eduID Connect dev</mdui:DisplayName>
         <mdui:Logo xml:lang="en" height="120" width="350">https://eduid.se/static/img/ds-eduID-logo-black350x120px.png</mdui:Logo>
         <mdui:Logo xml:lang="sv" height="120" width="350">https://eduid.se/static/img/ds-eduID-logo-black350x120px.png</mdui:Logo>
-        <mdui:PrivacyStatementURL xml:lang="en">https://eduid.se/faq.html</mdui:PrivacyStatementURL>
+        <mdui:Description xml:lang="en">eduID Connect Proxy dev</mdui:Description>
+        <mdui:Description xml:lang="sv">eduID Connect Proxy dev</mdui:Description>
+        <mdui:InformationURL xml:lang="sv">https://wiki.sunet.se/pages/viewpage.action?pageId=112171991</mdui:InformationURL>
+        <mdui:InformationURL xml:lang="en">https://wiki.sunet.se/pages/viewpage.action?pageId=112171991</mdui:InformationURL>
         <mdui:PrivacyStatementURL xml:lang="sv">https://eduid.se/faq.html</mdui:PrivacyStatementURL>
+        <mdui:PrivacyStatementURL xml:lang="en">https://eduid.se/faq.html</mdui:PrivacyStatementURL>
       </mdui:UIInfo>
     </md:Extensions>
     <md:KeyDescriptor use="signing">
@@ -61,29 +63,43 @@
       </ds:KeyInfo>
     </md:KeyDescriptor>
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://connect.dev.eduid.se/EduidSP/acs/post" index="1"/>
+    <md:AttributeConsumingService index="1">
+      <md:ServiceName xml:lang="en">eduID Connect</md:ServiceName>
+      <md:ServiceName xml:lang="sv">eduID Connect</md:ServiceName>
+      <md:RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonAssurance" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonOrcid" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="personalIdentityNumber" Name="urn:oid:1.2.752.29.4.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+    </md:AttributeConsumingService>
   </md:SPSSODescriptor>
   <md:Organization>
     <md:OrganizationName xml:lang="en">The Swedish Research Council</md:OrganizationName>
     <md:OrganizationName xml:lang="sv">Vetenskapsrådet</md:OrganizationName>
     <md:OrganizationDisplayName xml:lang="en">Sunet</md:OrganizationDisplayName>
     <md:OrganizationDisplayName xml:lang="sv">Sunet</md:OrganizationDisplayName>
-    <md:OrganizationURL xml:lang="en">https://www.sunet.se</md:OrganizationURL>
-    <md:OrganizationURL xml:lang="sv">https://www.sunet.se/</md:OrganizationURL>
+    <md:OrganizationURL xml:lang="en">https://sunet.se</md:OrganizationURL>
+    <md:OrganizationURL xml:lang="sv">https://sunet.se</md:OrganizationURL>
   </md:Organization>
-  <md:ContactPerson contactType="administrative">
-    <md:GivenName>Administrative</md:GivenName>
-    <md:EmailAddress>mailto:noc@sunet.se</md:EmailAddress>
-  </md:ContactPerson>
   <md:ContactPerson contactType="technical">
-    <md:GivenName>Technical</md:GivenName>
+    <md:GivenName>SUNET NOC</md:GivenName>
     <md:EmailAddress>mailto:noc@sunet.se</md:EmailAddress>
   </md:ContactPerson>
   <md:ContactPerson contactType="support">
-    <md:GivenName>Support</md:GivenName>
+    <md:GivenName>SUNET NOC</md:GivenName>
+    <md:EmailAddress>mailto:noc@sunet.se</md:EmailAddress>
+  </md:ContactPerson>
+  <md:ContactPerson contactType="administrative">
+    <md:GivenName>SUNET NOC</md:GivenName>
     <md:EmailAddress>mailto:noc@sunet.se</md:EmailAddress>
   </md:ContactPerson>
   <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
-    <md:GivenName>Sunet CERT</md:GivenName>
+    <md:GivenName>SUNET CERT</md:GivenName>
     <md:EmailAddress>mailto:cert@cert.sunet.se</md:EmailAddress>
   </md:ContactPerson>
 </md:EntityDescriptor>
diff --git a/metadata/swamid-2.0/connect.eduid.se-eduidsp.xml b/metadata/swamid-2.0/connect.eduid.se-eduidsp.xml
index e9129491..2a62625c 100644
--- a/metadata/swamid-2.0/connect.eduid.se-eduidsp.xml
+++ b/metadata/swamid-2.0/connect.eduid.se-eduidsp.xml
@@ -26,9 +26,10 @@
     <mdattr:EntityAttributes>
       <samla:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>
+        <samla:AttributeValue>https://refeds.org/sirtfi2</samla:AttributeValue>
       </samla:Attribute>
       <samla:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-        <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
+        <samla:AttributeValue>https://refeds.org/category/code-of-conduct/v2</samla:AttributeValue>
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
@@ -62,6 +63,20 @@
       </ds:KeyInfo>
     </md:KeyDescriptor>
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://connect.eduid.se/EduidSP/acs/post" index="1"/>
+    <md:AttributeConsumingService index="1">
+      <md:ServiceName xml:lang="en">eduID Connect</md:ServiceName>
+      <md:ServiceName xml:lang="sv">eduID Connect</md:ServiceName>
+      <md:RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonAssurance" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonOrcid" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="personalIdentityNumber" Name="urn:oid:1.2.752.29.4.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+    </md:AttributeConsumingService>
   </md:SPSSODescriptor>
   <md:Organization>
     <md:OrganizationName xml:lang="en">The Swedish Research Council</md:OrganizationName>
diff --git a/metadata/swamid-2.0/scim.lab.swamid.se-shibboleth.xml b/metadata/swamid-2.0/scim.lab.swamid.se-shibboleth.xml
index e6804a62..5b665928 100644
--- a/metadata/swamid-2.0/scim.lab.swamid.se-shibboleth.xml
+++ b/metadata/swamid-2.0/scim.lab.swamid.se-shibboleth.xml
@@ -19,7 +19,6 @@
     <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
     <mdattr:EntityAttributes>
       <samla:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-        <samla:AttributeValue>https://refeds.org/category/personalized</samla:AttributeValue>
         <samla:AttributeValue>https://refeds.org/category/code-of-conduct/v2</samla:AttributeValue>
       </samla:Attribute>
     </mdattr:EntityAttributes>
@@ -145,6 +144,9 @@ V1amQU+C/JUYxA0YERnfx8BeDV9QaIU+bU/SjpbozS8PeHpg/hBSD66W2GoR0wcq
       <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="mailLocalAddress" Name="urn:oid:2.16.840.1.113730.3.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
     </md:AttributeConsumingService>
   </md:SPSSODescriptor>
   <md:Organization>
diff --git a/metadata/swamid-2.0/update-connect.sunet.se-shibboleth.xml b/metadata/swamid-2.0/update-connect.sunet.se-shibboleth.xml
index 2f60d998..756271a4 100644
--- a/metadata/swamid-2.0/update-connect.sunet.se-shibboleth.xml
+++ b/metadata/swamid-2.0/update-connect.sunet.se-shibboleth.xml
@@ -139,9 +139,15 @@ poFuABRVWaoZFxw=</ds:X509Certificate>
     <md:AttributeConsumingService index="1">
       <md:ServiceName xml:lang="en">SUNET Update Connect Service</md:ServiceName>
       <md:ServiceName xml:lang="sv">SUNET Update Connect Service</md:ServiceName>
-      <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
-      <md:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonAssurance" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="mailLocalAddress" Name="urn:oid:2.16.840.1.113730.3.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
     </md:AttributeConsumingService>
   </md:SPSSODescriptor>
   <md:Organization>
author	Björn Mattsson <bjorn@sunet.se>	2023-06-22 13:14:05 +0200
committer	Björn Mattsson <bjorn@sunet.se>	2023-06-22 13:14:05 +0200
commit	3ba44360056408519d50b677794625413a4b81fe (patch)
tree	c378d83ac4d7f7b7844613cd4724413428e1a420
parent	e19f3b340949f54d617629bb59a0037fb59819c1 (diff)