diff options
author | Björn Mattsson <Bjorn.Mattsson@bth.se> | 2019-06-05 07:55:07 +0200 |
---|---|---|
committer | Björn Mattsson <Bjorn.Mattsson@bth.se> | 2019-06-05 07:55:07 +0200 |
commit | 7442a1b929f82fcdd5a9b8e4f392b9f5c2fe1de1 (patch) | |
tree | df80f925bce5e96dceb2674d7b7c17c383202d5b | |
parent | 758704981ca582878bed12222275c0a73278227c (diff) |
Resolved SWAMID-2243
-rw-r--r-- | swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml (renamed from swamid-2.0/idp-test.it.su.se.xml) | 64 | ||||
-rw-r--r-- | swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml | 46 | ||||
-rw-r--r-- | swamid-idp-2.0.mxml | 1 | ||||
-rw-r--r-- | swamid-testing-idp-1.0.mxml | 1 |
4 files changed, 25 insertions, 87 deletions
diff --git a/swamid-2.0/idp-test.it.su.se.xml b/swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml index 68a376c0..0a16d5fc 100644 --- a/swamid-2.0/idp-test.it.su.se.xml +++ b/swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml @@ -1,17 +1,17 @@ <?xml version="1.0" encoding="UTF-8"?> -<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idp-test.it.su.se/idp/shibboleth"> - <Extensions> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://idp-test.it.su.se/idp/shibboleth"> + <md:Extensions> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue> <saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> - </Extensions> - <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> + </md:Extensions> + <IDPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> - <shibmd:Scope regexp="false">su.se</shibmd:Scope> - <mdui:UIInfo> + <shibmd:Scope xmlns="" regexp="false">su.se</shibmd:Scope> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> <mdui:DisplayName xml:lang="sv">Stockholms universitet (test)</mdui:DisplayName> <mdui:DisplayName xml:lang="en">Stockholm University (test)</mdui:DisplayName> <mdui:Description xml:lang="sv">Identity Provider för medarbetare och studenter vid Stockholms universitet.</mdui:Description> @@ -23,13 +23,13 @@ <mdui:PrivacyStatementURL xml:lang="sv">https://www.su.se/medarbetare/it/it-tj%C3%A4nster/universitetskonto/policy-f%C3%B6r-hantering-av-personuppgifter-inom-ramen-f%C3%B6r-identitetsutgivaren-identity-provider-idp-1.383506</mdui:PrivacyStatementURL> <mdui:PrivacyStatementURL xml:lang="en">https://www.su.se/english/staff/it/it-services/policy-for-the-management-of-personal-information-within-the-scope-of-the-identity-provider-idp-1.384218</mdui:PrivacyStatementURL> </mdui:UIInfo> - <mdui:DiscoHints> + <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> <mdui:DomainHint>su.se</mdui:DomainHint> <mdui:GeolocationHint>geo:59.3625,18.0586</mdui:GeolocationHint> </mdui:DiscoHints> </Extensions> <KeyDescriptor> - <ds:KeyInfo> + <ds:KeyInfo xmlns=""> <ds:X509Data> <ds:X509Certificate> MIIC+jCCAeKgAwIBAgIJAKvigKUJvExYMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV @@ -52,69 +52,33 @@ UebM+vdVeYb0JLMqQevfKMQVbhC3sLuZEGHLh0VE/ZSY5GQGDAshuw0e7Xfrxcd6 </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> - <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-test.it.su.se:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/> - <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-test.it.su.se:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/> - <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp-test.it.su.se/idp/profile/Shibboleth/SSO"/> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-test.it.su.se/idp/profile/SAML2/POST/SSO"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-test.it.su.se/idp/profile/SAML2/Redirect/SSO"/> </IDPSSODescriptor> - <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> - <Extensions> - <shibmd:Scope regexp="false">su.se</shibmd:Scope> - </Extensions> - <KeyDescriptor> - <ds:KeyInfo> - <ds:X509Data> - <ds:X509Certificate> -MIIC+jCCAeKgAwIBAgIJAKvigKUJvExYMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV -BAMTEWlkcC10ZXN0Lml0LnN1LnNlMB4XDTEwMTEwOTA4NTAxNVoXDTIwMTEwNjA4 -NTAxNVowHDEaMBgGA1UEAxMRaWRwLXRlc3QuaXQuc3Uuc2UwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDiy33V1Re/N5Wih2L/TFGyAvHhzmOvT2BS3z6s -Gtum+WYGbVaGrJK6fD+HG89KoMtbbo8uAW0HJfhnOdbbUL2OEUo8quKbJSq5A/+0 -d7zCxteeZOBZ9yQF/cTNtgwVdreYitKD8E0LsTUBnpmomGS4icR3b3KyDVdgexof -85boL4QYGtDvvBLAR67YHnzFl6sMYY46/ptThge8FrRYE4IzMT7JiOzakrCje8tI -dDHjLFgIjR4e/oOD/qe/VQBBx+BXYOGK80iq5Q1I/MCIcYPNgu4QRaBM6sgCEbzZ -BAKvKUwOUG6ISQMClGjpzgGd22OClxXcjakMFuWHEDCh13IdAgMBAAGjPzA9MBwG -A1UdEQQVMBOCEWlkcC10ZXN0Lml0LnN1LnNlMB0GA1UdDgQWBBTENxJoYSkc0MtD -9crsO+Sb8o1vmTANBgkqhkiG9w0BAQUFAAOCAQEATQcvg19g3IBDwwTVfMFTVfFc -ltpedRKvdiS2XNq2jy+/97n2M2Xc4vpUqKJayxwpkN180VCV873zbI81MRCApeJH -wFYke5r9OSwriiTPgijAAOm6K8++PfNfYOOoo/G/7akcL4dmeu8vKzwE67GAPm+N -+uRvOFivpJ137xlATclXtP4riW0fqagqQDKwJVULLfyeve8+mDlpYg2/dz5hqb6V -UebM+vdVeYb0JLMqQevfKMQVbhC3sLuZEGHLh0VE/ZSY5GQGDAshuw0e7Xfrxcd6 -0P3iPg1br/W070Wfs66Q90o0xXbVvA/HJyxelHanrZszCvDN6RzhhDYA3jlqzw== -</ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </KeyDescriptor> - <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-test.it.su.se:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> - <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-test.it.su.se:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> - <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - </AttributeAuthorityDescriptor> - <Organization> + <Organization xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <OrganizationName xml:lang="en">SU</OrganizationName> <OrganizationDisplayName xml:lang="sv">Stockholms universitet (test)</OrganizationDisplayName> <OrganizationDisplayName xml:lang="en">Stockholm University (test)</OrganizationDisplayName> <OrganizationURL xml:lang="en">http://www.su.se</OrganizationURL> </Organization> - <ContactPerson contactType="administrative"> + <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="administrative"> <Company>Stockholm University</Company> <SurName>Helpdesk</SurName> <EmailAddress>mailto:helpdesk@su.se</EmailAddress> <TelephoneNumber>+46 8 16 1999</TelephoneNumber> </ContactPerson> - <ContactPerson contactType="technical"> + <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="technical"> <Company>Stockholm University</Company> <SurName>Helpdesk</SurName> <EmailAddress>mailto:helpdesk@su.se</EmailAddress> <TelephoneNumber>+46 8 16 1999</TelephoneNumber> </ContactPerson> - <ContactPerson contactType="support"> + <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="support"> <Company>Stockholm University</Company> <SurName>Helpdesk</SurName> <EmailAddress>mailto:helpdesk@su.se</EmailAddress> <TelephoneNumber>+46 8 16 1999</TelephoneNumber> </ContactPerson> -</EntityDescriptor> +</md:EntityDescriptor> diff --git a/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml b/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml index e4391d0c..2c95ae5e 100644 --- a/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml +++ b/swamid-2.0/sp-test.it.su.se-shibboleth.sso.xml @@ -8,40 +8,17 @@ </samla:Attribute> </mdattr:EntityAttributes> </md:Extensions> - <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:2.0:protocol"> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:Extensions> <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF" index="1"/> <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF-test" index="2"/> - <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/wavelan" index="3"/> - <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/wavelan-test" index="4"/> - <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/SWAMID" index="5"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/SWAMID" index="3"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/NORDUnet-DS" index="4"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/SWAMID-ONLY-DS" index="5"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/skolfederation-prod-ds" index="6"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.it.su.se/Shibboleth.sso/WAYF/skolfederation-trial-ds" index="7"/> </md:Extensions> - <md:KeyDescriptor use="signing"> - <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> - <ds:KeyName>shib-test-sp1</ds:KeyName> - <ds:X509Data> - <ds:X509SubjectName>CN=shib-test-sp1</ds:X509SubjectName> - <ds:X509Certificate>MIIC7jCCAdagAwIBAgIJAMvj0WHMV86oMA0GCSqGSIb3DQEBBQUAMBgxFjAUBgNV -BAMTDXNoaWItdGVzdC1zcDEwHhcNMTAxMDExMDkzMDE5WhcNMjAxMDA4MDkzMDE5 -WjAYMRYwFAYDVQQDEw1zaGliLXRlc3Qtc3AxMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAwY+eWytRTYPU10j0R+GjbKQzJ09YeYGgSuIzNZhLdH0zy6By -YyEtIITGsTorlL5HBYUtpFugc3jjoBuTv+QZoVnAsNfpbO1KM17cB3iX31drfYyU -XSY20OZEaOuDoaE9Zt7YawDJ39vkwOLKEyglaqVzSdhH6gZoHEPSd0GOE/O5pMsu -igmKs/dWoUhjS/u9R83jen7lOS39NJXKW23ghyZ36lgmSieACWCz5hMOKJ9ZnPys -Va85dCMsNbaSDC/vm++jP7qY2I9aDJJHZhOEso+jqQPbRFjhy+pNSQYx2Z99r6ns -fn1tJEgfKv+xfon4QkrrJ0CEySGVPfcEJw2xgwIDAQABozswOTAYBgNVHREEETAP -gg1zaGliLXRlc3Qtc3AxMB0GA1UdDgQWBBTctR7mjh7i3u2cHU+rm99Fte/SdDAN -BgkqhkiG9w0BAQUFAAOCAQEAFX12BjrajUciwGg79uHajf+oL1hYalnydk5fBqJ3 -WOebDsv/4Z1mcHH1WlT/fHf8KkjETiaAr0uuiLyIvFsMY4WASxZaqa4MTcTtJzHA -9JrpGAscSKg2fIO8T6cmpKCPuMnH+e05NjWTdmxnR0bJGyn87NQdNNdhw9bgmRD4 -B/md9BUYzkXna3WPi1biNcqSgIwevoSb7JRPMu9LhrlkJyK325uGyblVcg0WCeZ0 -ZZ++pFd6COZSWkvz3O0kbDXKOANgr4ZylWIxYz+Fj1y8i5PN5C85ojDAIvzZ93J5 -95GMOhu7uHgsRb4w5VyuXMlgrvHKh2S1C7zrtt86XKW2fw== -</ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </md:KeyDescriptor> - <md:KeyDescriptor use="encryption"> + <md:KeyDescriptor> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:KeyName>shib-test-sp1</ds:KeyName> <ds:X509Data> @@ -75,12 +52,9 @@ ZZ++pFd6COZSWkvz3O0kbDXKOANgr4ZylWIxYz+Fj1y8i5PN5C85ojDAIvzZ93J5 <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sp-test.it.su.se/Shibboleth.sso/NIM/Redirect"/> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.it.su.se/Shibboleth.sso/NIM/POST"/> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.it.su.se/Shibboleth.sso/NIM/Artifact"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML/POST" index="5"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML/Artifact" index="6"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/POST" index="7"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="8"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/Artifact" index="9"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/ECP" index="10"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://sp-test.it.su.se/Shibboleth.sso/SAML2/ECP" index="4"/> </md:SPSSODescriptor> <md:ContactPerson contactType="technical"> <md:SurName>IT-avdelningen</md:SurName> diff --git a/swamid-idp-2.0.mxml b/swamid-idp-2.0.mxml index c80326ca..b53eabb4 100644 --- a/swamid-idp-2.0.mxml +++ b/swamid-idp-2.0.mxml @@ -13,4 +13,5 @@ <xi:include href="swamid-2.0/idp.umu.se-saml2-idp-metadata.php.xml"/> <xi:include href="swamid-2.0/siths-idp.sunet.se-saml2-idp-metadata.php.xml"/> <xi:include href="swamid-2.0/idp.hv.se-idp-shibboleth.xml"/> + <xi:include href="swamid-2.0/idp-test.it.su.se-idp-shibboleth.xml"/> </md:EntitiesDescriptor> diff --git a/swamid-testing-idp-1.0.mxml b/swamid-testing-idp-1.0.mxml index bd0cfa20..d0994f46 100644 --- a/swamid-testing-idp-1.0.mxml +++ b/swamid-testing-idp-1.0.mxml @@ -53,7 +53,6 @@ <xi:include href="swamid-2.0/login1.fhs.se-adfs-services-trust.xml"/> <xi:include href="swamid-2.0/idp.dev.eduid.se-idp.xml.xml"/> <xi:include href="swamid-2.0/testidpv3.lu.se-idp-shibboleth.xml"/> - <xi:include href="swamid-2.0/idp-test.it.su.se.xml"/> <xi:include href="swamid-2.0/adfs.test.umu.se-adfs-services-trust.xml"/> <xi:include href="swamid-2.0/tsidp1.test.bth.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/hbidp-test.test.hb.se-idp-shibboleth.xml"/> |