summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjörn Mattsson <Bjorn.Mattsson@bth.se>2019-06-05 07:55:07 +0200
committerBjörn Mattsson <Bjorn.Mattsson@bth.se>2019-06-05 07:55:07 +0200
commit7442a1b929f82fcdd5a9b8e4f392b9f5c2fe1de1 (patch)
treedf80f925bce5e96dceb2674d7b7c17c383202d5b
parent758704981ca582878bed12222275c0a73278227c (diff)
Resolved SWAMID-2243
-rw-r--r--swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml (renamed from swamid-2.0/idp-test.it.su.se.xml)64
-rw-r--r--swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml46
-rw-r--r--swamid-idp-2.0.mxml1
-rw-r--r--swamid-testing-idp-1.0.mxml1
4 files changed, 25 insertions, 87 deletions
diff --git a/swamid-2.0/idp-test.it.su.se.xml b/swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml
index 68a376c0..0a16d5fc 100644
--- a/swamid-2.0/idp-test.it.su.se.xml
+++ b/swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idp-test.it.su.se/idp/shibboleth">
- <Extensions>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://idp-test.it.su.se/idp/shibboleth">
+ <md:Extensions>
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
<saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
<saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
- </Extensions>
- <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+ </md:Extensions>
+ <IDPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions>
- <shibmd:Scope regexp="false">su.se</shibmd:Scope>
- <mdui:UIInfo>
+ <shibmd:Scope xmlns="" regexp="false">su.se</shibmd:Scope>
+ <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:DisplayName xml:lang="sv">Stockholms universitet (test)</mdui:DisplayName>
<mdui:DisplayName xml:lang="en">Stockholm University (test)</mdui:DisplayName>
<mdui:Description xml:lang="sv">Identity Provider för medarbetare och studenter vid Stockholms universitet.</mdui:Description>
@@ -23,13 +23,13 @@
<mdui:PrivacyStatementURL xml:lang="sv">https://www.su.se/medarbetare/it/it-tj%C3%A4nster/universitetskonto/policy-f%C3%B6r-hantering-av-personuppgifter-inom-ramen-f%C3%B6r-identitetsutgivaren-identity-provider-idp-1.383506</mdui:PrivacyStatementURL>
<mdui:PrivacyStatementURL xml:lang="en">https://www.su.se/english/staff/it/it-services/policy-for-the-management-of-personal-information-within-the-scope-of-the-identity-provider-idp-1.384218</mdui:PrivacyStatementURL>
</mdui:UIInfo>
- <mdui:DiscoHints>
+ <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:DomainHint>su.se</mdui:DomainHint>
<mdui:GeolocationHint>geo:59.3625,18.0586</mdui:GeolocationHint>
</mdui:DiscoHints>
</Extensions>
<KeyDescriptor>
- <ds:KeyInfo>
+ <ds:KeyInfo xmlns="">
<ds:X509Data>
<ds:X509Certificate>
MIIC+jCCAeKgAwIBAgIJAKvigKUJvExYMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV
@@ -52,69 +52,33 @@ UebM+vdVeYb0JLMqQevfKMQVbhC3sLuZEGHLh0VE/ZSY5GQGDAshuw0e7Xfrxcd6
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
- <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-test.it.su.se:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
- <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-test.it.su.se:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp-test.it.su.se/idp/profile/Shibboleth/SSO"/>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-test.it.su.se/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-test.it.su.se/idp/profile/SAML2/Redirect/SSO"/>
</IDPSSODescriptor>
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
- <Extensions>
- <shibmd:Scope regexp="false">su.se</shibmd:Scope>
- </Extensions>
- <KeyDescriptor>
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIC+jCCAeKgAwIBAgIJAKvigKUJvExYMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV
-BAMTEWlkcC10ZXN0Lml0LnN1LnNlMB4XDTEwMTEwOTA4NTAxNVoXDTIwMTEwNjA4
-NTAxNVowHDEaMBgGA1UEAxMRaWRwLXRlc3QuaXQuc3Uuc2UwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDiy33V1Re/N5Wih2L/TFGyAvHhzmOvT2BS3z6s
-Gtum+WYGbVaGrJK6fD+HG89KoMtbbo8uAW0HJfhnOdbbUL2OEUo8quKbJSq5A/+0
-d7zCxteeZOBZ9yQF/cTNtgwVdreYitKD8E0LsTUBnpmomGS4icR3b3KyDVdgexof
-85boL4QYGtDvvBLAR67YHnzFl6sMYY46/ptThge8FrRYE4IzMT7JiOzakrCje8tI
-dDHjLFgIjR4e/oOD/qe/VQBBx+BXYOGK80iq5Q1I/MCIcYPNgu4QRaBM6sgCEbzZ
-BAKvKUwOUG6ISQMClGjpzgGd22OClxXcjakMFuWHEDCh13IdAgMBAAGjPzA9MBwG
-A1UdEQQVMBOCEWlkcC10ZXN0Lml0LnN1LnNlMB0GA1UdDgQWBBTENxJoYSkc0MtD
-9crsO+Sb8o1vmTANBgkqhkiG9w0BAQUFAAOCAQEATQcvg19g3IBDwwTVfMFTVfFc
-ltpedRKvdiS2XNq2jy+/97n2M2Xc4vpUqKJayxwpkN180VCV873zbI81MRCApeJH
-wFYke5r9OSwriiTPgijAAOm6K8++PfNfYOOoo/G/7akcL4dmeu8vKzwE67GAPm+N
-+uRvOFivpJ137xlATclXtP4riW0fqagqQDKwJVULLfyeve8+mDlpYg2/dz5hqb6V
-UebM+vdVeYb0JLMqQevfKMQVbhC3sLuZEGHLh0VE/ZSY5GQGDAshuw0e7Xfrxcd6
-0P3iPg1br/W070Wfs66Q90o0xXbVvA/HJyxelHanrZszCvDN6RzhhDYA3jlqzw==
-</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-test.it.su.se:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-test.it.su.se:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
- </AttributeAuthorityDescriptor>
- <Organization>
+ <Organization xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<OrganizationName xml:lang="en">SU</OrganizationName>
<OrganizationDisplayName xml:lang="sv">Stockholms universitet (test)</OrganizationDisplayName>
<OrganizationDisplayName xml:lang="en">Stockholm University (test)</OrganizationDisplayName>
<OrganizationURL xml:lang="en">http://www.su.se</OrganizationURL>
</Organization>
- <ContactPerson contactType="administrative">
+ <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="administrative">
<Company>Stockholm University</Company>
<SurName>Helpdesk</SurName>
<EmailAddress>mailto:helpdesk@su.se</EmailAddress>
<TelephoneNumber>+46 8 16 1999</TelephoneNumber>
</ContactPerson>
- <ContactPerson contactType="technical">
+ <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="technical">
<Company>Stockholm University</Company>
<SurName>Helpdesk</SurName>
<EmailAddress>mailto:helpdesk@su.se</EmailAddress>
<TelephoneNumber>+46 8 16 1999</TelephoneNumber>
</ContactPerson>
- <ContactPerson contactType="support">
+ <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="support">
<Company>Stockholm University</Company>
<SurName>Helpdesk</SurName>
<EmailAddress>mailto:helpdesk@su.se</EmailAddress>
<TelephoneNumber>+46 8 16 1999</TelephoneNumber>
</ContactPerson>
-</EntityDescriptor>
+</md:EntityDescriptor>
diff --git a/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml b/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml
index e4391d0c..2c95ae5e 100644
--- a/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml
+++ b/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml
@@ -8,40 +8,17 @@
</samla:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
- <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF" index="1"/>
<DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF-test" index="2"/>
- <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/wavelan" index="3"/>
- <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/wavelan-test" index="4"/>
- <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/SWAMID" index="5"/>
+ <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/SWAMID" index="3"/>
+ <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/NORDUnet-DS" index="4"/>
+ <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/SWAMID-ONLY-DS" index="5"/>
+ <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/skolfederation-prod-ds" index="6"/>
+ <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/skolfederation-trial-ds" index="7"/>
</md:Extensions>
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:KeyName>shib-test-sp1</ds:KeyName>
- <ds:X509Data>
- <ds:X509SubjectName>CN=shib-test-sp1</ds:X509SubjectName>
- <ds:X509Certificate>MIIC7jCCAdagAwIBAgIJAMvj0WHMV86oMA0GCSqGSIb3DQEBBQUAMBgxFjAUBgNV
-BAMTDXNoaWItdGVzdC1zcDEwHhcNMTAxMDExMDkzMDE5WhcNMjAxMDA4MDkzMDE5
-WjAYMRYwFAYDVQQDEw1zaGliLXRlc3Qtc3AxMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAwY+eWytRTYPU10j0R+GjbKQzJ09YeYGgSuIzNZhLdH0zy6By
-YyEtIITGsTorlL5HBYUtpFugc3jjoBuTv+QZoVnAsNfpbO1KM17cB3iX31drfYyU
-XSY20OZEaOuDoaE9Zt7YawDJ39vkwOLKEyglaqVzSdhH6gZoHEPSd0GOE/O5pMsu
-igmKs/dWoUhjS/u9R83jen7lOS39NJXKW23ghyZ36lgmSieACWCz5hMOKJ9ZnPys
-Va85dCMsNbaSDC/vm++jP7qY2I9aDJJHZhOEso+jqQPbRFjhy+pNSQYx2Z99r6ns
-fn1tJEgfKv+xfon4QkrrJ0CEySGVPfcEJw2xgwIDAQABozswOTAYBgNVHREEETAP
-gg1zaGliLXRlc3Qtc3AxMB0GA1UdDgQWBBTctR7mjh7i3u2cHU+rm99Fte/SdDAN
-BgkqhkiG9w0BAQUFAAOCAQEAFX12BjrajUciwGg79uHajf+oL1hYalnydk5fBqJ3
-WOebDsv/4Z1mcHH1WlT/fHf8KkjETiaAr0uuiLyIvFsMY4WASxZaqa4MTcTtJzHA
-9JrpGAscSKg2fIO8T6cmpKCPuMnH+e05NjWTdmxnR0bJGyn87NQdNNdhw9bgmRD4
-B/md9BUYzkXna3WPi1biNcqSgIwevoSb7JRPMu9LhrlkJyK325uGyblVcg0WCeZ0
-ZZ++pFd6COZSWkvz3O0kbDXKOANgr4ZylWIxYz+Fj1y8i5PN5C85ojDAIvzZ93J5
-95GMOhu7uHgsRb4w5VyuXMlgrvHKh2S1C7zrtt86XKW2fw==
-</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </md:KeyDescriptor>
- <md:KeyDescriptor use="encryption">
+ <md:KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>shib-test-sp1</ds:KeyName>
<ds:X509Data>
@@ -75,12 +52,9 @@ ZZ++pFd6COZSWkvz3O0kbDXKOANgr4ZylWIxYz+Fj1y8i5PN5C85ojDAIvzZ93J5
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sp-test.it.su.se/Shibboleth.sso/NIM/Redirect"/>
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.it.su.se/Shibboleth.sso/NIM/POST"/>
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.it.su.se/Shibboleth.sso/NIM/Artifact"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML/POST" index="5"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML/Artifact" index="6"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/POST" index="7"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="8"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/Artifact" index="9"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/ECP" index="10"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/POST" index="1"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/ECP" index="4"/>
</md:SPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:SurName>IT-avdelningen</md:SurName>
diff --git a/swamid-idp-2.0.mxml b/swamid-idp-2.0.mxml
index c80326ca..b53eabb4 100644
--- a/swamid-idp-2.0.mxml
+++ b/swamid-idp-2.0.mxml
@@ -13,4 +13,5 @@
<xi:include href="swamid-2.0/idp.umu.se-saml2-idp-metadata.php.xml"/>
<xi:include href="swamid-2.0/siths-idp.sunet.se-saml2-idp-metadata.php.xml"/>
<xi:include href="swamid-2.0/idp.hv.se-idp-shibboleth.xml"/>
+ <xi:include href="swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml"/>
</md:EntitiesDescriptor>
diff --git a/swamid-testing-idp-1.0.mxml b/swamid-testing-idp-1.0.mxml
index bd0cfa20..d0994f46 100644
--- a/swamid-testing-idp-1.0.mxml
+++ b/swamid-testing-idp-1.0.mxml
@@ -53,7 +53,6 @@
<xi:include href="swamid-2.0/login1.fhs.se-adfs-services-trust.xml"/>
<xi:include href="swamid-2.0/idp.dev.eduid.se-idp.xml.xml"/>
<xi:include href="swamid-2.0/testidpv3.lu.se-idp-shibboleth.xml"/>
- <xi:include href="swamid-2.0/idp-test.it.su.se.xml"/>
<xi:include href="swamid-2.0/adfs.test.umu.se-adfs-services-trust.xml"/>
<xi:include href="swamid-2.0/tsidp1.test.bth.se-idp-shibboleth.xml"/>
<xi:include href="swamid-2.0/hbidp-test.test.hb.se-idp-shibboleth.xml"/>