diff options
author | Björn Mattsson <bjorn@sunet.se> | 2021-08-27 11:49:45 +0200 |
---|---|---|
committer | Björn Mattsson <bjorn@sunet.se> | 2021-08-27 11:49:45 +0200 |
commit | 053b1c1f34b3552a126599fadd2508671118e277 (patch) | |
tree | c90cd7e1720a2609f7a3e8d88664125f48fcf62a | |
parent | 28d7b3a3c166f7a16ec4e91514ca183eba2de84d (diff) |
SWAMID-358, cert roll on Fs.uka.se
-rwxr-xr-x | scripts/get-metadata.sh | 2 | ||||
-rw-r--r-- | swamid-2.0/fs.uka.se-adfs-services-trust.xml | 89 |
2 files changed, 49 insertions, 42 deletions
diff --git a/scripts/get-metadata.sh b/scripts/get-metadata.sh index 053a0a8e..49a43d54 100755 --- a/scripts/get-metadata.sh +++ b/scripts/get-metadata.sh @@ -45,7 +45,7 @@ else if [ -s "${metadataurl}" ]; then metadata=`cat "$metadataurl"` else - urls="https://${metadataurl}/idp/shibboleth https://${metadataurl}/Shibboleth.sso/Metadata https://${metadataurl}/saml/index/sp-metadata https://${metadataurl}/saml/metadata" + urls="https://${metadataurl}/idp/shibboleth https://${metadataurl}/Shibboleth.sso/Metadata https://${metadataurl}/saml/index/sp-metadata https://${metadataurl}/saml/metadata https://${metadataurl}/federationmetadata/2007-06/federationmetadata.xml" for i in ${urls}; do metadata=`curl -L -s -k -f "${i}"` [ -n "${metadata}" ] && break diff --git a/swamid-2.0/fs.uka.se-adfs-services-trust.xml b/swamid-2.0/fs.uka.se-adfs-services-trust.xml index 110f64f1..a172900b 100644 --- a/swamid-2.0/fs.uka.se-adfs-services-trust.xml +++ b/swamid-2.0/fs.uka.se-adfs-services-trust.xml @@ -5,18 +5,18 @@ <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> </mdrpi:RegistrationInfo> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> - <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> - <saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue> - <saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue> - </saml:Attribute> - <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue> + </samla:Attribute> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> </samla:Attribute> </mdattr:EntityAttributes> </md:Extensions> - <IDPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" errorURL="https://error.swamid.se/?errorurl_code=ERRORURL_CODE&errorurl_ts=ERRORURL_TS&errorurl_rp=ERRORURL_RP&errorurl_tid=ERRORURL_TID&errorurl_ctx=ERRORURL_CTX&entityid=http://fs.uka.se/adfs/services/trust"> - <Extensions> + <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" errorURL="https://error.swamid.se/?errorurl_code=ERRORURL_CODE&errorurl_ts=ERRORURL_TS&errorurl_rp=ERRORURL_RP&errorurl_tid=ERRORURL_TID&errorurl_ctx=ERRORURL_CTX&entityid=http://fs.uka.se/adfs/services/trust"> + <md:Extensions> <shibmd:Scope regexp="false">uka.se</shibmd:Scope> <mdui:UIInfo> <mdui:DisplayName xml:lang="sv">Universitetskanslersämbetet</mdui:DisplayName> @@ -27,40 +27,53 @@ <mdui:InformationURL xml:lang="en">https://english.uka.se</mdui:InformationURL> <mdui:PrivacyStatementURL xml:lang="sv">https://www.uka.se/om-oss/om-webbplatsen/personuppgifter-gdpr.html</mdui:PrivacyStatementURL> <mdui:PrivacyStatementURL xml:lang="en">https://english.uka.se/about-us/about-the-website/personal-data-gdpr.html</mdui:PrivacyStatementURL> - <mdui:Logo height="93" width="350">https://www.uka.se/images/18.e228ffb1791280da932464/1620053792429/UKA-logotyp-sve-350x93.png</mdui:Logo> + <mdui:Logo xml:lang="sv" height="93" width="350">https://www.uka.se/images/18.e228ffb1791280da932464/1620053792429/UKA-logotyp-sve-350x93.png</mdui:Logo> + <mdui:Logo xml:lang="en" height="93" width="350">https://www.uka.se/images/18.e228ffb1791280da932464/1620053792429/UKA-logotyp-sve-350x93.png</mdui:Logo> </mdui:UIInfo> - </Extensions> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC1DCCAbygAwIBAgIQdAEWuGqyPKRHYdm8KxSN+zANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwHhcNMTgwOTExMTIwNDI0WhcNMjEwOTEwMTIwNDI0WjAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd/ZulnbcTmVx3fiybun+gQ6RCvthwmF3QfazlkKV6hI+DEH1DwdRlcx4anaZNxBTJHj1zuKz2jvDuHjYAXdv6flfKWw/OrPaggIjdEF9rMpuqJusPDlpETBjQkYAlOkTo56QRGum6/LG9wAAUK4nGN6Lx3+XepL5f6L5LKTRc7Uj2SBTtejLUUZ0HRodL5LBrEi1ghB86+0pWnBw7m1d5uwwZffIaLxH6AwOpwzKuzwhF8MmzERQZ8N7UTC7fjvtGy14jC1YiuPfO1pJtGyIqBQwjSR1ypkZYwmsLJ68YQiE4GXi6T9ybQ6GeExUR+OqVxp+7vJtC67j0LLbqsZ6HAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABFTj/p3NOmT/KkAt9+U2EXhskQ7pmK0UnwsJP1NicdYNZeKDg7BYRLfvkc4UmBh6jMmm7qJ0LBaS23Stn9kBKZnY+oHbOfUBxQQYyltmjRrIJucCpxy/TdhXuJt7JeQyrgok1ByWF70jSpwemE6809qBmyqzZfvvu4PfzAZf+Vii8d/tw9oesop/WLMuGyGmE+TW2YZ+0H6lr2N4Uig+pSX+8gxAI+e1reTj0c+0NKC89pBgDxwurQigQo+qwKX+OV8TTmW81lqd/ESNp7gEjmtX70Tw56qUciF5RTo/Ev3M/FaPV3HdLUGmzcE/pcXigPv84BW4AH/FyIsZhFTm0o=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIICzjCCAbagAwIBAgIQeWddhTmnlppBUeQJ7HNuSDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwHhcNMTgwOTExMTIwNDI1WhcNMjEwOTEwMTIwNDI1WjAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw18xQKEBs4mFxxmeEX8h4yRsk9H/uGraNXWvQ9Q63eHAKbKgGyMYuO+b9xhcc3zZxvU0sQ1Gl4YOarH2kWUsQFvii5xJpaRuMgZzO342Zww/+DGeVOl4LkHoyYBB0JTHrvS+i+BDKbqHElzMDCkmnCWKOkE5HNOGmdU70RW8qWyn4yAIrhXb2H3rI25DdZai5c0WttWxukW9z9krME6VVchwx5eMnuSSyUTYVwfbeOfv57M6sqkU2KStV93AK4pwRr+X68h535nlkZVG/JBL99R25GQ6d7VDkjI3asydELnUesWBGwxWGpznSuHSxU6uHdOTVF28GIeBzHUVeF15nAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHZLtfV1eErD7p1S1GPMsyLONWyu02X3SaYv8h2EOdCa0y1Qt+88CKbyux93Q42DUUvA+BGAI1iUkd97VXZNsCrtTeOUzrRKyEh4mftJbKoteLH/EeEQG2iwm3n0B9rr5xTFAQfWtYSRRTI3XwpV0ymOfSxNYonIQO5WQvmsCU84dFaSbb90TrMR3TCYZVHZ1oWsuObGBaQrPITKqjRKqLxlCkzNoQZhCJr/TBCXdqzxLzYXCkZgZWkPE2BCdsdiEGD7U3psduoaDPAzDHo9Fd9QDfDMH1yGQPLMHNVxvqf2UpqnF04dfvDk3yooP6RvWyQwVBrTmw5RHbchBvE+bmY=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/> - <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/> - </IDPSSODescriptor> - <!-- för SIRTFI --> + </md:Extensions> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIC1DCCAbygAwIBAgIQfpjLJV0NBr1L4zMudbj7MjANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwHhcNMjEwODIxMjIwMDEzWhcNMjQwODIwMjIwMDEzWjAmMSQwIgYDVQQDExtBREZTIEVuY3J5cHRpb24gLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOMC8O9mcEE0RGNHMgpOCtYi9A8Wiq6tNVNi4qt72Vhi74YMBBbwYSBwkpHZkYn6HkLepPyW8aqh4CPVUJF2d34sEVAC2GgQe+omA7WghekOWP6V13tIbml4lKOQZ2oPZoKEYtq558a5S0oHJ2RiXPOp4j1yA8897q7nTmtFmJSZwdNk4ZUJH2qL0vgULWj9dzL9LnUEgFFvK6XIL8fXU3mUZ3C9gFgWfGTZRRGKxaKhtEeiuFs/+3vK8NeRxJ61l8oK8D+2K00/G8dBHv+Nx8lhzxiUeZA53ipIqZvRBXddIGCiGVe1lb5Q7XtARnOCeoGI5/NhdhbwUzvoVSJmn5AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGotDUzzdRde3BeIAN+ZfLqe8fkwj12LWIoR3ZmLqKVAqyrxMH0FQG+JaEYlwQd9IIlGZYi7nSBD5yzj5Whhyc9bSJ5RT88+Y8IHZNsdAqzbX8qwNry+cZePrHl8xX4TJZ/5kGGZ5IX93adkbUq0jBHCS5OECSvcJ7ZMgey0b5jbHV82DraunPVKpVTA3PdAFsNoMw+hPUn1nl93fyUbTloXLD03MpirwczPyRgy8EFaymSHcuXQ/Zcy38vk7zg/wmks4L0yxFAV3+xFaIuJoC6qGFv/1hHT+ga9Qvbbcbbq4DwAx7FO8MqaWBRzE5jxPibLpPFyA6OxSS5usVWfaeQ=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICzjCCAbagAwIBAgIQeWddhTmnlppBUeQJ7HNuSDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwHhcNMTgwOTExMTIwNDI1WhcNMjEwOTEwMTIwNDI1WjAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw18xQKEBs4mFxxmeEX8h4yRsk9H/uGraNXWvQ9Q63eHAKbKgGyMYuO+b9xhcc3zZxvU0sQ1Gl4YOarH2kWUsQFvii5xJpaRuMgZzO342Zww/+DGeVOl4LkHoyYBB0JTHrvS+i+BDKbqHElzMDCkmnCWKOkE5HNOGmdU70RW8qWyn4yAIrhXb2H3rI25DdZai5c0WttWxukW9z9krME6VVchwx5eMnuSSyUTYVwfbeOfv57M6sqkU2KStV93AK4pwRr+X68h535nlkZVG/JBL99R25GQ6d7VDkjI3asydELnUesWBGwxWGpznSuHSxU6uHdOTVF28GIeBzHUVeF15nAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHZLtfV1eErD7p1S1GPMsyLONWyu02X3SaYv8h2EOdCa0y1Qt+88CKbyux93Q42DUUvA+BGAI1iUkd97VXZNsCrtTeOUzrRKyEh4mftJbKoteLH/EeEQG2iwm3n0B9rr5xTFAQfWtYSRRTI3XwpV0ymOfSxNYonIQO5WQvmsCU84dFaSbb90TrMR3TCYZVHZ1oWsuObGBaQrPITKqjRKqLxlCkzNoQZhCJr/TBCXdqzxLzYXCkZgZWkPE2BCdsdiEGD7U3psduoaDPAzDHo9Fd9QDfDMH1yGQPLMHNVxvqf2UpqnF04dfvDk3yooP6RvWyQwVBrTmw5RHbchBvE+bmY=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICzjCCAbagAwIBAgIQe5WAgGWAvolPeWAFtpf5djANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwHhcNMjEwODIxMjIwMDE0WhcNMjQwODIwMjIwMDE0WjAjMSEwHwYDVQQDExhBREZTIFNpZ25pbmcgLSBmcy51a2Euc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCj0sst3IXNOpgQVs8oMdZ/iTAILw0V4O0nO6y2ohjpDApb2MolJJ+v3P/xpk0DVC+Py2z3S0e/uL2TubI9+YImfW0HhSGcoK3KHHj9EhUIZKbD9OFYGqtP+7Cap+pQlImuBt58GnoaE04mnO+M2Y6oD81JwMwRP6PS1XQ/fpAaeMkUdjDiyW3kmzxS+SQyYdquq0yYuvSgMfEK+5/cp0os72x3ct3rutxYWEANJcaA9QzsIYjO8nlLVBp2OZmvAdBNNS7pBzOlR0UhOxTZfYbgHwrB0JjIfyQ+vdq5PpUutKdiZ/D8RsOITTWqfi8pc/eeTOo71Ei6YcQLpxOUXCNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGBNMCTS82+Bjn4sPOsxEVYR9pSTjfKX4ikufiKbZZoYOBfhA2DVe7Vvx8LdLAhH9XeJv6LsRXVxKKgtc8Wy7gDIuqlhmQVaYebXNIEHjG4sloTwgbG+TprJcNa7h+xMXxe5fbWWh3d+5CrX9nkm0sUCH8ya/5JL/YMboWnFPFcLCgGOt4uBoAfULWerwyMG9ZggVNzkGtsGQodDMYMKv0r/kWZCYNnQ6rhAo5QsgatEZClyZMKAgpxjZTGuQgLlqI5vGKXlA/IUo9+H7cnBsAVM97LnHghVQW/XAeP36izATFNpPx33ezmENzN2QjbgKY0SQoaYgyJ7LzstO9K2adc=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.uka.se/adfs/ls/"/> + <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.uka.se/adfs/ls/"/> + </md:IDPSSODescriptor> <md:Organization> - <md:OrganizationName xml:lang="sv">UKÄ</md:OrganizationName> <md:OrganizationName xml:lang="en">UKA</md:OrganizationName> - <md:OrganizationDisplayName xml:lang="sv">Universitetskanslersämbetet</md:OrganizationDisplayName> + <md:OrganizationName xml:lang="sv">UKÄ</md:OrganizationName> <md:OrganizationDisplayName xml:lang="en">Swedish Higher Education Authority</md:OrganizationDisplayName> - <md:OrganizationURL xml:lang="sv">https://www.uka.se</md:OrganizationURL> + <md:OrganizationDisplayName xml:lang="sv">Universitetskanslersämbetet</md:OrganizationDisplayName> <md:OrganizationURL xml:lang="en">https://english.uka.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">https://www.uka.se</md:OrganizationURL> </md:Organization> + <md:ContactPerson contactType="support"> + <md:Company>Universitetskanslersämbetet</md:Company> + <md:GivenName>IT-support</md:GivenName> + <md:EmailAddress>mailto:support@uka.se</md:EmailAddress> + <md:TelephoneNumber>+46 8 563 088 80</md:TelephoneNumber> + </md:ContactPerson> <md:ContactPerson contactType="administrative"> <md:Company>Universitetskanslersämbetet</md:Company> <md:GivenName>IT-contact</md:GivenName> @@ -73,12 +86,6 @@ <md:EmailAddress>mailto:drift@uka.se</md:EmailAddress> <md:TelephoneNumber>+46 8 563 085 55</md:TelephoneNumber> </md:ContactPerson> - <md:ContactPerson contactType="support"> - <md:Company>Universitetskanslersämbetet</md:Company> - <md:GivenName>IT-support</md:GivenName> - <md:EmailAddress>mailto:support@uka.se</md:EmailAddress> - <md:TelephoneNumber>+46 8 563 088 80</md:TelephoneNumber> - </md:ContactPerson> <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security"> <md:GivenName>Security Response Team</md:GivenName> <md:EmailAddress>mailto:abuse@uka.se</md:EmailAddress> |