summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjörn Mattsson <bjorn@sunet.se>2021-08-27 11:49:45 +0200
committerBjörn Mattsson <bjorn@sunet.se>2021-08-27 11:49:45 +0200
commit053b1c1f34b3552a126599fadd2508671118e277 (patch)
treec90cd7e1720a2609f7a3e8d88664125f48fcf62a
parent28d7b3a3c166f7a16ec4e91514ca183eba2de84d (diff)
SWAMID-358, cert roll on Fs.uka.se
-rwxr-xr-xscripts/get-metadata.sh2
-rw-r--r--swamid-2.0/fs.uka.se-adfs-services-trust.xml89
2 files changed, 49 insertions, 42 deletions
diff --git a/scripts/get-metadata.sh b/scripts/get-metadata.sh
index 053a0a8e..49a43d54 100755
--- a/scripts/get-metadata.sh
+++ b/scripts/get-metadata.sh
@@ -45,7 +45,7 @@ else
if [ -s "${metadataurl}" ]; then
metadata=`cat "$metadataurl"`
else
- urls="https://${metadataurl}/idp/shibboleth https://${metadataurl}/Shibboleth.sso/Metadata https://${metadataurl}/saml/index/sp-metadata https://${metadataurl}/saml/metadata"
+ urls="https://${metadataurl}/idp/shibboleth https://${metadataurl}/Shibboleth.sso/Metadata https://${metadataurl}/saml/index/sp-metadata https://${metadataurl}/saml/metadata https://${metadataurl}/federationmetadata/2007-06/federationmetadata.xml"
for i in ${urls}; do
metadata=`curl -L -s -k -f "${i}"`
[ -n "${metadata}" ] && break
diff --git a/swamid-2.0/fs.uka.se-adfs-services-trust.xml b/swamid-2.0/fs.uka.se-adfs-services-trust.xml
index 110f64f1..a172900b 100644
--- a/swamid-2.0/fs.uka.se-adfs-services-trust.xml
+++ b/swamid-2.0/fs.uka.se-adfs-services-trust.xml
@@ -5,18 +5,18 @@
<mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
- <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue>
- <saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue>
- </saml:Attribute>
- <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
+ <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue>
+ <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue>
+ </samla:Attribute>
+ <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
<samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue>
</samla:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
- <IDPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" errorURL="https://error.swamid.se/?errorurl_code=ERRORURL_CODE&amp;errorurl_ts=ERRORURL_TS&amp;errorurl_rp=ERRORURL_RP&amp;errorurl_tid=ERRORURL_TID&amp;errorurl_ctx=ERRORURL_CTX&amp;entityid=http://fs.uka.se/adfs/services/trust">
- <Extensions>
+ <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" errorURL="https://error.swamid.se/?errorurl_code=ERRORURL_CODE&amp;errorurl_ts=ERRORURL_TS&amp;errorurl_rp=ERRORURL_RP&amp;errorurl_tid=ERRORURL_TID&amp;errorurl_ctx=ERRORURL_CTX&amp;entityid=http://fs.uka.se/adfs/services/trust">
+ <md:Extensions>
<shibmd:Scope regexp="false">uka.se</shibmd:Scope>
<mdui:UIInfo>
<mdui:DisplayName xml:lang="sv">Universitetskanslersämbetet</mdui:DisplayName>
@@ -27,40 +27,53 @@
<mdui:InformationURL xml:lang="en">https://english.uka.se</mdui:InformationURL>
<mdui:PrivacyStatementURL xml:lang="sv">https://www.uka.se/om-oss/om-webbplatsen/personuppgifter-gdpr.html</mdui:PrivacyStatementURL>
<mdui:PrivacyStatementURL xml:lang="en">https://english.uka.se/about-us/about-the-website/personal-data-gdpr.html</mdui:PrivacyStatementURL>
- <mdui:Logo height="93" width="350">https://www.uka.se/images/18.e228ffb1791280da932464/1620053792429/UKA-logotyp-sve-350x93.png</mdui:Logo>
+ <mdui:Logo xml:lang="sv" height="93" width="350">https://www.uka.se/images/18.e228ffb1791280da932464/1620053792429/UKA-logotyp-sve-350x93.png</mdui:Logo>
+ <mdui:Logo xml:lang="en" height="93" width="350">https://www.uka.se/images/18.e228ffb1791280da932464/1620053792429/UKA-logotyp-sve-350x93.png</mdui:Logo>
</mdui:UIInfo>
- </Extensions>
- <KeyDescriptor use="encryption">
- <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
- <X509Data>
- <X509Certificate>MIIC1DCCAbygAwIBAgIQdAEWuGqyPKRHYdm8KxSN+zANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwHhcNMTgwOTExMTIwNDI0WhcNMjEwOTEwMTIwNDI0WjAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd/ZulnbcTmVx3fiybun+gQ6RCvthwmF3QfazlkKV6hI+DEH1DwdRlcx4anaZNxBTJHj1zuKz2jvDuHjYAXdv6flfKWw/OrPaggIjdEF9rMpuqJusPDlpETBjQkYAlOkTo56QRGum6/LG9wAAUK4nGN6Lx3+XepL5f6L5LKTRc7Uj2SBTtejLUUZ0HRodL5LBrEi1ghB86+0pWnBw7m1d5uwwZffIaLxH6AwOpwzKuzwhF8MmzERQZ8N7UTC7fjvtGy14jC1YiuPfO1pJtGyIqBQwjSR1ypkZYwmsLJ68YQiE4GXi6T9ybQ6GeExUR+OqVxp+7vJtC67j0LLbqsZ6HAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABFTj/p3NOmT/KkAt9+U2EXhskQ7pmK0UnwsJP1NicdYNZeKDg7BYRLfvkc4UmBh6jMmm7qJ0LBaS23Stn9kBKZnY+oHbOfUBxQQYyltmjRrIJucCpxy/TdhXuJt7JeQyrgok1ByWF70jSpwemE6809qBmyqzZfvvu4PfzAZf+Vii8d/tw9oesop/WLMuGyGmE+TW2YZ+0H6lr2N4Uig+pSX+8gxAI+e1reTj0c+0NKC89pBgDxwurQigQo+qwKX+OV8TTmW81lqd/ESNp7gEjmtX70Tw56qUciF5RTo/Ev3M/FaPV3HdLUGmzcE/pcXigPv84BW4AH/FyIsZhFTm0o=</X509Certificate>
- </X509Data>
- </KeyInfo>
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
- <X509Data>
- <X509Certificate>MIICzjCCAbagAwIBAgIQeWddhTmnlppBUeQJ7HNuSDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwHhcNMTgwOTExMTIwNDI1WhcNMjEwOTEwMTIwNDI1WjAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw18xQKEBs4mFxxmeEX8h4yRsk9H/uGraNXWvQ9Q63eHAKbKgGyMYuO+b9xhcc3zZxvU0sQ1Gl4YOarH2kWUsQFvii5xJpaRuMgZzO342Zww/+DGeVOl4LkHoyYBB0JTHrvS+i+BDKbqHElzMDCkmnCWKOkE5HNOGmdU70RW8qWyn4yAIrhXb2H3rI25DdZai5c0WttWxukW9z9krME6VVchwx5eMnuSSyUTYVwfbeOfv57M6sqkU2KStV93AK4pwRr+X68h535nlkZVG/JBL99R25GQ6d7VDkjI3asydELnUesWBGwxWGpznSuHSxU6uHdOTVF28GIeBzHUVeF15nAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHZLtfV1eErD7p1S1GPMsyLONWyu02X3SaYv8h2EOdCa0y1Qt+88CKbyux93Q42DUUvA+BGAI1iUkd97VXZNsCrtTeOUzrRKyEh4mftJbKoteLH/EeEQG2iwm3n0B9rr5xTFAQfWtYSRRTI3XwpV0ymOfSxNYonIQO5WQvmsCU84dFaSbb90TrMR3TCYZVHZ1oWsuObGBaQrPITKqjRKqLxlCkzNoQZhCJr/TBCXdqzxLzYXCkZgZWkPE2BCdsdiEGD7U3psduoaDPAzDHo9Fd9QDfDMH1yGQPLMHNVxvqf2UpqnF04dfvDk3yooP6RvWyQwVBrTmw5RHbchBvE+bmY=</X509Certificate>
- </X509Data>
- </KeyInfo>
- </KeyDescriptor>
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/>
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/>
- <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/>
- </IDPSSODescriptor>
- <!-- för SIRTFI -->
+ </md:Extensions>
+ <md:KeyDescriptor use="encryption">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIC1DCCAbygAwIBAgIQfpjLJV0NBr1L4zMudbj7MjANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwHhcNMjEwODIxMjIwMDEzWhcNMjQwODIwMjIwMDEzWjAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOMC8O9mcEE0RGNHMgpOCtYi9A8Wiq6tNVNi4qt72Vhi74YMBBbwYSBwkpHZkYn6HkLepPyW8aqh4CPVUJF2d34sEVAC2GgQe+omA7WghekOWP6V13tIbml4lKOQZ2oPZoKEYtq558a5S0oHJ2RiXPOp4j1yA8897q7nTmtFmJSZwdNk4ZUJH2qL0vgULWj9dzL9LnUEgFFvK6XIL8fXU3mUZ3C9gFgWfGTZRRGKxaKhtEeiuFs/+3vK8NeRxJ61l8oK8D+2K00/G8dBHv+Nx8lhzxiUeZA53ipIqZvRBXddIGCiGVe1lb5Q7XtARnOCeoGI5/NhdhbwUzvoVSJmn5AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGotDUzzdRde3BeIAN+ZfLqe8fkwj12LWIoR3ZmLqKVAqyrxMH0FQG+JaEYlwQd9IIlGZYi7nSBD5yzj5Whhyc9bSJ5RT88+Y8IHZNsdAqzbX8qwNry+cZePrHl8xX4TJZ/5kGGZ5IX93adkbUq0jBHCS5OECSvcJ7ZMgey0b5jbHV82DraunPVKpVTA3PdAFsNoMw+hPUn1nl93fyUbTloXLD03MpirwczPyRgy8EFaymSHcuXQ/Zcy38vk7zg/wmks4L0yxFAV3+xFaIuJoC6qGFv/1hHT+ga9Qvbbcbbq4DwAx7FO8MqaWBRzE5jxPibLpPFyA6OxSS5usVWfaeQ=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIICzjCCAbagAwIBAgIQeWddhTmnlppBUeQJ7HNuSDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwHhcNMTgwOTExMTIwNDI1WhcNMjEwOTEwMTIwNDI1WjAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw18xQKEBs4mFxxmeEX8h4yRsk9H/uGraNXWvQ9Q63eHAKbKgGyMYuO+b9xhcc3zZxvU0sQ1Gl4YOarH2kWUsQFvii5xJpaRuMgZzO342Zww/+DGeVOl4LkHoyYBB0JTHrvS+i+BDKbqHElzMDCkmnCWKOkE5HNOGmdU70RW8qWyn4yAIrhXb2H3rI25DdZai5c0WttWxukW9z9krME6VVchwx5eMnuSSyUTYVwfbeOfv57M6sqkU2KStV93AK4pwRr+X68h535nlkZVG/JBL99R25GQ6d7VDkjI3asydELnUesWBGwxWGpznSuHSxU6uHdOTVF28GIeBzHUVeF15nAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHZLtfV1eErD7p1S1GPMsyLONWyu02X3SaYv8h2EOdCa0y1Qt+88CKbyux93Q42DUUvA+BGAI1iUkd97VXZNsCrtTeOUzrRKyEh4mftJbKoteLH/EeEQG2iwm3n0B9rr5xTFAQfWtYSRRTI3XwpV0ymOfSxNYonIQO5WQvmsCU84dFaSbb90TrMR3TCYZVHZ1oWsuObGBaQrPITKqjRKqLxlCkzNoQZhCJr/TBCXdqzxLzYXCkZgZWkPE2BCdsdiEGD7U3psduoaDPAzDHo9Fd9QDfDMH1yGQPLMHNVxvqf2UpqnF04dfvDk3yooP6RvWyQwVBrTmw5RHbchBvE+bmY=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIICzjCCAbagAwIBAgIQe5WAgGWAvolPeWAFtpf5djANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwHhcNMjEwODIxMjIwMDE0WhcNMjQwODIwMjIwMDE0WjAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCj0sst3IXNOpgQVs8oMdZ/iTAILw0V4O0nO6y2ohjpDApb2MolJJ+v3P/xpk0DVC+Py2z3S0e/uL2TubI9+YImfW0HhSGcoK3KHHj9EhUIZKbD9OFYGqtP+7Cap+pQlImuBt58GnoaE04mnO+M2Y6oD81JwMwRP6PS1XQ/fpAaeMkUdjDiyW3kmzxS+SQyYdquq0yYuvSgMfEK+5/cp0os72x3ct3rutxYWEANJcaA9QzsIYjO8nlLVBp2OZmvAdBNNS7pBzOlR0UhOxTZfYbgHwrB0JjIfyQ+vdq5PpUutKdiZ/D8RsOITTWqfi8pc/eeTOo71Ei6YcQLpxOUXCNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGBNMCTS82+Bjn4sPOsxEVYR9pSTjfKX4ikufiKbZZoYOBfhA2DVe7Vvx8LdLAhH9XeJv6LsRXVxKKgtc8Wy7gDIuqlhmQVaYebXNIEHjG4sloTwgbG+TprJcNa7h+xMXxe5fbWWh3d+5CrX9nkm0sUCH8ya/5JL/YMboWnFPFcLCgGOt4uBoAfULWerwyMG9ZggVNzkGtsGQodDMYMKv0r/kWZCYNnQ6rhAo5QsgatEZClyZMKAgpxjZTGuQgLlqI5vGKXlA/IUo9+H7cnBsAVM97LnHghVQW/XAeP36izATFNpPx33ezmENzN2QjbgKY0SQoaYgyJ7LzstO9K2adc=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/>
+ <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/>
+ </md:IDPSSODescriptor>
<md:Organization>
- <md:OrganizationName xml:lang="sv">UKÄ</md:OrganizationName>
<md:OrganizationName xml:lang="en">UKA</md:OrganizationName>
- <md:OrganizationDisplayName xml:lang="sv">Universitetskanslersämbetet</md:OrganizationDisplayName>
+ <md:OrganizationName xml:lang="sv">UKÄ</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Swedish Higher Education Authority</md:OrganizationDisplayName>
- <md:OrganizationURL xml:lang="sv">https://www.uka.se</md:OrganizationURL>
+ <md:OrganizationDisplayName xml:lang="sv">Universitetskanslersämbetet</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">https://english.uka.se</md:OrganizationURL>
+ <md:OrganizationURL xml:lang="sv">https://www.uka.se</md:OrganizationURL>
</md:Organization>
+ <md:ContactPerson contactType="support">
+ <md:Company>Universitetskanslersämbetet</md:Company>
+ <md:GivenName>IT-support</md:GivenName>
+ <md:EmailAddress>mailto:support@uka.se</md:EmailAddress>
+ <md:TelephoneNumber>+46 8 563 088 80</md:TelephoneNumber>
+ </md:ContactPerson>
<md:ContactPerson contactType="administrative">
<md:Company>Universitetskanslersämbetet</md:Company>
<md:GivenName>IT-contact</md:GivenName>
@@ -73,12 +86,6 @@
<md:EmailAddress>mailto:drift@uka.se</md:EmailAddress>
<md:TelephoneNumber>+46 8 563 085 55</md:TelephoneNumber>
</md:ContactPerson>
- <md:ContactPerson contactType="support">
- <md:Company>Universitetskanslersämbetet</md:Company>
- <md:GivenName>IT-support</md:GivenName>
- <md:EmailAddress>mailto:support@uka.se</md:EmailAddress>
- <md:TelephoneNumber>+46 8 563 088 80</md:TelephoneNumber>
- </md:ContactPerson>
<md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
<md:GivenName>Security Response Team</md:GivenName>
<md:EmailAddress>mailto:abuse@uka.se</md:EmailAddress>