diff options
author | Anders Lördal <anders.lordal@hig.se> | 2014-07-03 12:49:18 +0200 |
---|---|---|
committer | Anders Lördal <anders.lordal@hig.se> | 2014-07-03 12:49:18 +0200 |
commit | 01be3cb246ee215c2c40b3f9359a1d2cbef35df6 (patch) | |
tree | aae533b23cebb01e854d73cad4f7566acbd8a7b3 | |
parent | 06108e3b23d676e5d81b319d7e187676dca953ef (diff) |
Resolves SWAMIDOPS-7282
-rw-r--r-- | sp-with-simplesign | 1 | ||||
-rw-r--r-- | swamid-2.0/bardo.kib.ki.se-shibboleth.xml | 112 |
2 files changed, 50 insertions, 63 deletions
diff --git a/sp-with-simplesign b/sp-with-simplesign index 2bd6f6f3..56245fa4 100644 --- a/sp-with-simplesign +++ b/sp-with-simplesign @@ -16,7 +16,6 @@ aktivera.su.se-shibboleth.sso.xml aktivering.db.umu.se-shibboleth.xml alpha.kib.ki.se-shibboleth.xml amiga.kib.ki.se-shibboleth.xml -bardo.kib.ki.se-shibboleth.xml bedomningshandboken.uhr.se-shibboleth.xml beta.kib.ki.se-shibboleth.xml beta.lobber.se-shibboleth.xml diff --git a/swamid-2.0/bardo.kib.ki.se-shibboleth.xml b/swamid-2.0/bardo.kib.ki.se-shibboleth.xml index 9c0cab75..f05685cb 100644 --- a/swamid-2.0/bardo.kib.ki.se-shibboleth.xml +++ b/swamid-2.0/bardo.kib.ki.se-shibboleth.xml @@ -1,6 +1,22 @@ <?xml version="1.0" encoding="UTF-8"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://bardo.kib.ki.se/shibboleth"> - <md:Extensions> + <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> @@ -10,71 +26,44 @@ </mdattr:EntityAttributes> </md:Extensions> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> - <md:KeyDescriptor use="signing"> + <md:Extensions> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://bardo.kib.ki.se/Shibboleth.sso/Login/KI"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://bardo.kib.ki.se/Shibboleth.sso/Login/idptest.sll.se"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://bardo.kib.ki.se/Shibboleth.sso/Login/idp.sll.se"/> + </md:Extensions> + <md:KeyDescriptor> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:KeyName>bardo.kib.ki.se</ds:KeyName> <ds:X509Data> - <ds:X509SubjectName>emailAddress=ubitdos@kib.ki.se,OU=UNIVERSITY LIBRARY,O=Karolinska Institutet,L=Solna,ST=Some-State,C=SE</ds:X509SubjectName> - <ds:X509Certificate>MIIEoTCCA4mgAwIBAgIJAPgJfZPJ50S3MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJTRTETMBEGA1UECBMKU29tZS1TdGF0ZTEOMAwGA1UEBxMFU29sbmExHjAc -BgNVBAoTFUthcm9saW5za2EgSW5zdGl0dXRldDEbMBkGA1UECxMSVU5JVkVSU0lU -WSBMSUJSQVJZMSAwHgYJKoZIhvcNAQkBFhF1Yml0ZG9zQGtpYi5raS5zZTAeFw0x -MDA0MjYxNTA3NDlaFw0yMDA0MjMxNTA3NDlaMIGRMQswCQYDVQQGEwJTRTETMBEG -A1UECBMKU29tZS1TdGF0ZTEOMAwGA1UEBxMFU29sbmExHjAcBgNVBAoTFUthcm9s -aW5za2EgSW5zdGl0dXRldDEbMBkGA1UECxMSVU5JVkVSU0lUWSBMSUJSQVJZMSAw -HgYJKoZIhvcNAQkBFhF1Yml0ZG9zQGtpYi5raS5zZTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMguawtCfXJd8QvEcaJJRObZfUu9b6rNSzbD/oeC9F3C -Xi8HL8CpxJrgVrGAf0e/Lo6+rsAkxDedhy9bDVQz/YRdNGeH1/iLMBkI2e/EHua8 -BPm+PQlgl+IpJxU7UJu8+w15ZWoMfsV/WIIdSEng5du3GzgNVsBcaiHEhaQEwkUR -llXwU5qdcM0QPIwBG2gCARZbn71SEWc/RF5U4D7NLG5LmDViulyy7keN7cK1i3Zr -o/ELQIPxg7TFqrd7FYkyuVCbZXnDYwC5lQryBkX6kgdqVMCWPEq+uP2RrKjG2HWf -WOJLW6iP6WtDk0zNUawYVqtL2mAKJposchRXd0/Q0eUCAwEAAaOB+TCB9jAdBgNV -HQ4EFgQUVlUIXb0klUOqoxNqV3UegOlhaF0wgcYGA1UdIwSBvjCBu4AUVlUIXb0k -lUOqoxNqV3UegOlhaF2hgZekgZQwgZExCzAJBgNVBAYTAlNFMRMwEQYDVQQIEwpT -b21lLVN0YXRlMQ4wDAYDVQQHEwVTb2xuYTEeMBwGA1UEChMVS2Fyb2xpbnNrYSBJ -bnN0aXR1dGV0MRswGQYDVQQLExJVTklWRVJTSVRZIExJQlJBUlkxIDAeBgkqhkiG -9w0BCQEWEXViaXRkb3NAa2liLmtpLnNlggkA+Al9k8nnRLcwDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQUFAAOCAQEASuzSo7iQmc/qRRUH/za/LCeeH1G6EAva6ces -RVAYdCGdkQ/pqFugqWc6Qdq7mm/s+tBCMMOe3ccCF7o7XVRFdceZ9RCOpvHFvHz3 -tItH5Zg0P8c2y7t6mClGeCxWCJN+LTzJkvp98tLslcJTmovQP5yXk2/jv93BsFb2 -iIHG49rm09C2YWRUcZIB/XS51QbfVMKf/mj5IugY0GzkA4Xnyvci9QtDtIHVgR1H -F7OS9qmtSRPsGKvvKYsjKq2BdMoSm1NNvklVEwuHKjVFkyjr3yt4ALR8uyASKUCj -HVVQRnTpfX0jh7zIizoQL7IjwaYgz7X3qCu2b3JjZdz6gsuKNA== -</ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </md:KeyDescriptor> - <md:KeyDescriptor use="encryption"> - <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> - <ds:X509Data> - <ds:X509SubjectName>emailAddress=ubitdos@kib.ki.se,OU=UNIVERSITY LIBRARY,O=Karolinska Institutet,L=Solna,ST=Some-State,C=SE</ds:X509SubjectName> - <ds:X509Certificate>MIIEoTCCA4mgAwIBAgIJAPgJfZPJ50S3MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJTRTETMBEGA1UECBMKU29tZS1TdGF0ZTEOMAwGA1UEBxMFU29sbmExHjAc -BgNVBAoTFUthcm9saW5za2EgSW5zdGl0dXRldDEbMBkGA1UECxMSVU5JVkVSU0lU -WSBMSUJSQVJZMSAwHgYJKoZIhvcNAQkBFhF1Yml0ZG9zQGtpYi5raS5zZTAeFw0x -MDA0MjYxNTA3NDlaFw0yMDA0MjMxNTA3NDlaMIGRMQswCQYDVQQGEwJTRTETMBEG -A1UECBMKU29tZS1TdGF0ZTEOMAwGA1UEBxMFU29sbmExHjAcBgNVBAoTFUthcm9s -aW5za2EgSW5zdGl0dXRldDEbMBkGA1UECxMSVU5JVkVSU0lUWSBMSUJSQVJZMSAw -HgYJKoZIhvcNAQkBFhF1Yml0ZG9zQGtpYi5raS5zZTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMguawtCfXJd8QvEcaJJRObZfUu9b6rNSzbD/oeC9F3C -Xi8HL8CpxJrgVrGAf0e/Lo6+rsAkxDedhy9bDVQz/YRdNGeH1/iLMBkI2e/EHua8 -BPm+PQlgl+IpJxU7UJu8+w15ZWoMfsV/WIIdSEng5du3GzgNVsBcaiHEhaQEwkUR -llXwU5qdcM0QPIwBG2gCARZbn71SEWc/RF5U4D7NLG5LmDViulyy7keN7cK1i3Zr -o/ELQIPxg7TFqrd7FYkyuVCbZXnDYwC5lQryBkX6kgdqVMCWPEq+uP2RrKjG2HWf -WOJLW6iP6WtDk0zNUawYVqtL2mAKJposchRXd0/Q0eUCAwEAAaOB+TCB9jAdBgNV -HQ4EFgQUVlUIXb0klUOqoxNqV3UegOlhaF0wgcYGA1UdIwSBvjCBu4AUVlUIXb0k -lUOqoxNqV3UegOlhaF2hgZekgZQwgZExCzAJBgNVBAYTAlNFMRMwEQYDVQQIEwpT -b21lLVN0YXRlMQ4wDAYDVQQHEwVTb2xuYTEeMBwGA1UEChMVS2Fyb2xpbnNrYSBJ -bnN0aXR1dGV0MRswGQYDVQQLExJVTklWRVJTSVRZIExJQlJBUlkxIDAeBgkqhkiG -9w0BCQEWEXViaXRkb3NAa2liLmtpLnNlggkA+Al9k8nnRLcwDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQUFAAOCAQEASuzSo7iQmc/qRRUH/za/LCeeH1G6EAva6ces -RVAYdCGdkQ/pqFugqWc6Qdq7mm/s+tBCMMOe3ccCF7o7XVRFdceZ9RCOpvHFvHz3 -tItH5Zg0P8c2y7t6mClGeCxWCJN+LTzJkvp98tLslcJTmovQP5yXk2/jv93BsFb2 -iIHG49rm09C2YWRUcZIB/XS51QbfVMKf/mj5IugY0GzkA4Xnyvci9QtDtIHVgR1H -F7OS9qmtSRPsGKvvKYsjKq2BdMoSm1NNvklVEwuHKjVFkyjr3yt4ALR8uyASKUCj -HVVQRnTpfX0jh7zIizoQL7IjwaYgz7X3qCu2b3JjZdz6gsuKNA== + <ds:X509SubjectName>CN=bardo.kib.ki.se</ds:X509SubjectName> + <ds:X509Certificate>MIIC9DCCAdygAwIBAgIJAPZjQFtVqz2PMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV +BAMTD2JhcmRvLmtpYi5raS5zZTAeFw0xNDA3MDIxMjIyNThaFw0xOTA3MDExMjIy +NThaMBoxGDAWBgNVBAMTD2JhcmRvLmtpYi5raS5zZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAM/QFyHedNiaN6nhhdZ2uJ1kl3p31uy1b78Iy9skeCj7 +S4uD/yOH1qVd2xu7yg97UMRflgDVuhcdOC4klMaprKW+i3Z2JLZ/dR7FXkZyy5VZ +J+2gFkgAtHzySA/O4/3uEVt3/43uBZUI3RUN4AgBtaFRkMki+7XUDOjKk1tiOHK7 +DMmkVeOB1NBnbLYYZoulbiF272DJlobOxg67pfw5VqIbQhjYlb7/klJhQioDCjon +4vX5EsQEr+rW/3AXX2ECiJiJmudb0OFSxmhzUVXgoBcotjx/MrDFE//zP3O4ybPq +ktn03Gt4s2lcgc78CCdXv4l5veiQQvmxmfmcYZhh8LUCAwEAAaM9MDswGgYDVR0R +BBMwEYIPYmFyZG8ua2liLmtpLnNlMB0GA1UdDgQWBBTJvUGISs+SEdoa1jYpDfwt +DBy4MjANBgkqhkiG9w0BAQUFAAOCAQEAJaDEAMprCXy6EEoM1nB+xQbFIcyUpxax +60BnKFwmlLvbWqubyisgOmW/ZFmOi2LY8iGB2pcXzAyLp8nPu1HCp05U1TfOfGNz +Tw9JDWmj+yHnh4TuSQuC5xs3da3Vdqb4o9GdDdNbHU/bxgrhyIQIM7JCovEgWXAo +vJtVCWrL8e89gpMhTeTsyPBgEbTs9+2HjKfbu+dQlFlSbXMR0pYE6YTRKiMLjsVC +lrsim9/AehfEEiDWFXGfGxYmQZdFQ/FGMiydBZsK6yBHqz0fbW9z0hJW5ZEBAlgq +i+fNZbd6mId+n8+3g6+L2ogivB2ihvMvP1H7g1B48JzNFMpLbV3hQg== </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> </md:KeyDescriptor> <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://bardo.kib.ki.se/Shibboleth.sso/Artifact/SOAP" index="1"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://bardo.kib.ki.se/Shibboleth.sso/SLO/SOAP"/> @@ -86,7 +75,6 @@ HVVQRnTpfX0jh7zIizoQL7IjwaYgz7X3qCu2b3JjZdz6gsuKNA== <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bardo.kib.ki.se/Shibboleth.sso/NIM/POST"/> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://bardo.kib.ki.se/Shibboleth.sso/NIM/Artifact"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bardo.kib.ki.se/Shibboleth.sso/SAML2/POST" index="1"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://bardo.kib.ki.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://bardo.kib.ki.se/Shibboleth.sso/SAML2/Artifact" index="3"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://bardo.kib.ki.se/Shibboleth.sso/SAML2/ECP" index="4"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://bardo.kib.ki.se/Shibboleth.sso/SAML/POST" index="5"/> |