diff options
author | Björn Mattsson <bjorn@sunet.se> | 2022-04-05 08:33:43 +0200 |
---|---|---|
committer | Björn Mattsson <bjorn@sunet.se> | 2022-04-05 08:33:43 +0200 |
commit | 2262d03a2e3593100ae503133c9f8f6dea672e5e (patch) | |
tree | 4c9f2506a35937c3fae086824be037be8751ec7d | |
parent | a45acff4921d99e12ef297f88f36dec3676a26cc (diff) |
SWAMID-541, SWAMID-743 Added AL3 for LiU and eduID + fixed Makefile to allow AL3
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | swamid-2.0/fs.liu.se-adfs-services-trust.xml | 1 | ||||
-rw-r--r-- | swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml | 1 | ||||
-rw-r--r-- | swamid-2.0/idp.dev.eduid.se-idp.xml.xml | 1 | ||||
-rw-r--r-- | swamid-2.0/login.idp.eduid.se-idp.xml.xml | 1 |
5 files changed, 7 insertions, 1 deletions
@@ -231,7 +231,7 @@ testEntCat: @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement" @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://www.swamid.se/assurance-requirement"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://www.swamid.se/assurance-requirement"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute urn:oasis:names:tc:SAML:attribute:assurance-certification" - @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true + @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/assurance/al3<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true testValidContact: @echo "Checking for valid Contact Information" @@ -245,6 +245,8 @@ testSimpleSign: @for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || exit 0 testALlevel: + @echo "Check for IdP:s with AL3 without AL2" + @for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al3 $$x && ! grep -q http://www.swamid.se/policy/assurance/al2 $$x ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done @echo "Check for IdP:s with AL2 without AL1" @for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al2 $$x && ! grep -q http://www.swamid.se/policy/assurance/al1 $$x ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done diff --git a/swamid-2.0/fs.liu.se-adfs-services-trust.xml b/swamid-2.0/fs.liu.se-adfs-services-trust.xml index 396cfe7d..28fdce4a 100644 --- a/swamid-2.0/fs.liu.se-adfs-services-trust.xml +++ b/swamid-2.0/fs.liu.se-adfs-services-trust.xml @@ -8,6 +8,7 @@ <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue> <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue> <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue> </samla:Attribute> <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> diff --git a/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml b/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml index da42ca93..e1db4430 100644 --- a/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml +++ b/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml @@ -8,6 +8,7 @@ <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue> <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue> <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue> </samla:Attribute> <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> diff --git a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml index cef2d597..ac5b8dfc 100644 --- a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml +++ b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml @@ -8,6 +8,7 @@ <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue> <saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue> + <saml:AttributeValue>http://www.swamid.se/policy/assurance/al3</saml:AttributeValue> <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</saml:AttributeValue> <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</saml:AttributeValue> </saml:Attribute> diff --git a/swamid-2.0/login.idp.eduid.se-idp.xml.xml b/swamid-2.0/login.idp.eduid.se-idp.xml.xml index 27a40240..a7cc4d79 100644 --- a/swamid-2.0/login.idp.eduid.se-idp.xml.xml +++ b/swamid-2.0/login.idp.eduid.se-idp.xml.xml @@ -8,6 +8,7 @@ <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue> <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue> <samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</samla:AttributeValue> <samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</samla:AttributeValue> <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue> |