Resolves SWAMID-2330

author: Paul Scott <paul.scott@kau.se> 2019-08-14 12:44:50 +0000
committer: Paul Scott <paul.scott@kau.se> 2019-08-14 12:44:50 +0000
commit: 678c850f3c1472b0e802597b34f306e55aa973e0 (patch)
tree: 7d16e9ac393fd8540504bc5ff79ec177a4aef61c
parent: ff16da1e7b0173c1bb8854fb31b2e73754cfb288 (diff)
1 files changed, 71 insertions, 34 deletions
diff --git a/swamid-2.0/nyainloggning.hv.se-shibboleth.xml b/swamid-2.0/nyainloggning.hv.se-shibboleth.xml
index 83d0f13a..f9fdf449 100644
--- a/swamid-2.0/nyainloggning.hv.se-shibboleth.xml
+++ b/swamid-2.0/nyainloggning.hv.se-shibboleth.xml
@@ -1,9 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-This is example metadata only. Do *NOT* supply it as is without review,
-and do *NOT* provide it in real time to your partners.
- -->
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://nyainloggning.hv.se/shibboleth">
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://nyainloggning.hv.se/Shibboleth">
   <md:Extensions>
     <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
       <mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy>
@@ -32,8 +28,11 @@ and do *NOT* provide it in real time to your partners.
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
-  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:Extensions>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://nyainloggning.hv.se/Shibboleth.sso/WAYF/shibboleth.antagning.se"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://nyainloggning.hv.se/Shibboleth.sso/Login"/>
+      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://nyainloggning.hv.se/Shibboleth.sso/Login" index="1"/>
       <mdui:UIInfo>
         <mdui:DisplayName xml:lang="sv">Högskolan Väst kontoaktivering och lösenordsåterställning</mdui:DisplayName>
         <mdui:DisplayName xml:lang="en">University West user account activation and password reset</mdui:DisplayName>
@@ -44,35 +43,71 @@ and do *NOT* provide it in real time to your partners.
         <mdui:InformationURL xml:lang="en">https://mittkonto.hv.se</mdui:InformationURL>
         <mdui:InformationURL xml:lang="sv">https://mittkonto.hv.se</mdui:InformationURL>
       </mdui:UIInfo>
-      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://nyainloggning.hv.se/Shibboleth.sso/WAYF/shibboleth.antagning.se"/>
-      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://nyainloggning.hv.se/Shibboleth.sso/Login"/>
     </md:Extensions>
-    <md:KeyDescriptor>
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo>
+        <ds:KeyName>w16token01.wad.hv.se</ds:KeyName>
+        <ds:X509Data>
+          <ds:X509SubjectName>CN=w16token01.wad.hv.se</ds:X509SubjectName>
+          <ds:X509Certificate>MIIEDjCCAnagAwIBAgIUSslHbtOFRTI2lOB2f43yJa4qrI4wDQYJKoZIhvcNAQEL
+BQAwHzEdMBsGA1UEAxMUdzE2dG9rZW4wMS53YWQuaHYuc2UwHhcNMTkwMjEzMTQ1
+NjQ5WhcNMjkwMjEwMTQ1NjQ5WjAfMR0wGwYDVQQDExR3MTZ0b2tlbjAxLndhZC5o
+di5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMitNM7HzQNSBu1i
+Hm0SFeBGcAJBN/Mx0z0jgVRya3m13ZEp77ew2DRf0jEpI6tSP8mlX9K1ddsP7BbN
+IcAAau43ZbjVu4WKrwfja1ZyL9TVSrFDgzNziqvVyr/qKJX6P/1QhbAF3VK7TV/t
+XAwSsShDdSaysULhiU31x1tw1EGNFr7SLBOGjKpJiWR6PDZIJwWLoIokW9XDMp3O
+P48txzEP2nfDuKHLhEZ7SLN+mGZFarF4pTzO25Spmoglpp7UX9fiJB6pdjAd3asw
+Rh7d5u6O3ckKLcNWcQkvP3msnDO12civhxhcT3mNQYX4GH76ue9eIZv4Uio8QWiw
+jODmHDPyiIjYV1rZuBCywk3KtBPSt0u4CgyzXvtroxh5kRj6smsaxAnpQ4iPNw2r
+sDxD2gQeuBpiaHtXxKGKVK0vBmc9t088gSH2hCK0cmU0ET+4+waBAkHyyiu7dfxH
+dzvMxfte5H22vEURUfRJ295phTXNyJkQS2wxheKeYz5+vUVgDwIDAQABo0IwQDAf
+BgNVHREEGDAWghR3MTZ0b2tlbjAxLndhZC5odi5zZTAdBgNVHQ4EFgQUmJK1MQpq
+H4hzW3hgvHf2PpzRRukwDQYJKoZIhvcNAQELBQADggGBALMtO0sdLj1CD68tn47r
+X9FvQJYQFXrU2eDJtyX5Xd6fkGYVhD8RDX5YVXjGh+IVJmNPvLQiW586lS5M8djE
+56n+263fzKbsCliPp0B8YGarr/aBRNmnazwhcJGmyOjSNrzQz7EVxDtdPi8iHYDt
+SAsLs7xXAzXE/2OpAEUaL1rjcILSAPghP9JvWry46q/xxpmIBuilZkNT2xjOosGv
+GzI7OWG6eeEILSBxDKhxPHeD+3VSocdJehB1xbXoaq2ySEHvEnm82j5aCG3xT2ox
+rgbRIJH7btyS5ms/6DYg3uTc7kVTLX+xh46r7waDaY4wQ3dLOUd3xvRrYQp0P1qh
+qgdgoKctpGc8UvphfjntMstIGpHF3x0NXKwjIGTeN5tZIOb5i1P36VKeVK/xTYhm
+fV+wacz/HSzMtogO3ZVkzGMbtJfdhv8Pc9qKnZz3r3xjKkYg7XoGSlbjYu0KxVDR
+8oCjFY1fE/1ZG+wCxS7xPcW4Ach/UxHdDFqfJ4cV1RQvzg==
+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:KeyDescriptor use="encryption">
       <ds:KeyInfo>
-        <ds:KeyName>https://nyainloggning.hv.se/shibboleth</ds:KeyName>
-        <ds:KeyName>nyainloggning.hv.se</ds:KeyName>
+        <ds:KeyName>w16token01.wad.hv.se</ds:KeyName>
         <ds:X509Data>
-          <ds:X509SubjectName>CN=nyainloggning.hv.se</ds:X509SubjectName>
-          <ds:X509Certificate>MIIDKDCCAhCgAwIBAgIJALJyR8XRTchcMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNV
-BAMTE255YWlubG9nZ25pbmcuaHYuc2UwHhcNMTUwMTIxMTgyNjU0WhcNMjUwMTE4
-MTgyNjU0WjAeMRwwGgYDVQQDExNueWFpbmxvZ2duaW5nLmh2LnNlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSk5lF9o2Dwt7rLyBF/i5wHbR0/lAS07
-he4C7JMmQlytOsY6jID/dXhoO1o22xLfOHVigdH0LGTSI9nk8w0VwIhFufvwlCXk
-FOkqSj9wy5YNdAavdPsZ1BvmXDMjrbbt4X20b6nrE7FmYcPP+j3CXFTmaBB7cHsR
-Yj5eJS85qRIFXilYEc+WCNci11fYPVT9nzX5fVzdxROHE5klp2LGLox6foACbBOL
-ehTyZ+SnKx0mpcDqHHyLkJYbCrV5SFwOoLoLmlc1GCvQnyI8EPEE3G5N/A7t+nPI
-/mFz2kgJlFm8ILox3KRxX+FmsHMkpfIO2fqzDKW7ljIozb/A1MCpvwIDAQABo2kw
-ZzBGBgNVHREEPzA9ghNueWFpbmxvZ2duaW5nLmh2LnNlhiZodHRwczovL255YWlu
-bG9nZ25pbmcuaHYuc2Uvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUueuyFYnfWLQbejjf
-ltTKdRx7IgwwDQYJKoZIhvcNAQEFBQADggEBACTm4QiXXyc6XSGKuNfuy1AdeD8c
-ieSXb6DfQ9cAAW58y5NU+SLdwjWU+1SrSy4JFjvDUMhZVEo/xumiTj9hcc96EgBU
-c7tTYNPoF1XGFTGJ2aEm4MH8hxmcGmn2HpATB1Pwc0pQjtbKnV87ahfd08W0uZWR
-HEp/eSV2NhjSWC7qPCXLx+WUoM8ZFlgNXdHRH5vFP2IIufsRXWJi2PfYMQVPnRMa
-hdJHNlDC2zsWXQ/mFSdsWg1B7j5lDP4gkxvTrgefsB8+VydZ9lol762Lgw3iOktT
-JG+lIY6SLd88XLEaeUmL3q8whBeQtliHLqzXxjSH3stdJnYnYGNZGZTIzyk=
+          <ds:X509SubjectName>CN=w16token01.wad.hv.se</ds:X509SubjectName>
+          <ds:X509Certificate>MIIEDjCCAnagAwIBAgIUAyepWEddvUCvgA7J4IBP6cBLRTYwDQYJKoZIhvcNAQEL
+BQAwHzEdMBsGA1UEAxMUdzE2dG9rZW4wMS53YWQuaHYuc2UwHhcNMTkwMjEzMTQ1
+NjQ4WhcNMjkwMjEwMTQ1NjQ4WjAfMR0wGwYDVQQDExR3MTZ0b2tlbjAxLndhZC5o
+di5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL14rDf6bRHW8BgA
+pDMRo4/24xN2p4QvCq6lKB/Yh4RrgR0WJfQTfNJ5hKprO1JpuJnfiz6qdNmZMWuA
+RcpBnmz24M6x2Fn6pladNGyk8qCz/wF3OCKmSMeOI6QWQods17mVIuhAk8ya+3c4
+iPFxsuQAvPuNvZgu5lL23NuOaZ3jkKBPqKGeJM/rKSdh/nUITo7f5xeH5uacjsEu
+/+bbotNUU5a211M3l760QVu0qEHegEicQTUcNbc61zBQrjlAdqR552jK65hlvGmh
+czwwwUKlDgROsMnU7nso+f1JM/gIg630tbUXDyJ6DtlZxNmCJmMHS21W5Xwy+xSQ
+mun1h9OeMrf+5trERtxgHCKwBdny0Ylulb1zgWgbGV8GEfEijQ8rJHGmc68jMo1E
+Fl/EgKwMPOK64pojdAdU83130kAQ6IRVxHo0fxR8afNUg4l6bJ6kdE5j1x5slPSm
+0NG50CjKe79RSbesjR5p/jS7teYxb+WHFA2FZKKq4tHlRPzY/wIDAQABo0IwQDAf
+BgNVHREEGDAWghR3MTZ0b2tlbjAxLndhZC5odi5zZTAdBgNVHQ4EFgQUNackeKbV
+9I7UzpCwCB3rsnhdPdYwDQYJKoZIhvcNAQELBQADggGBADsEpcOIZLlYoaPjCUEZ
+hRDvH6pMLPB5FlZ0BVOyuC4CLQaaR0F0v6KkBBVCQ1o0A8DFP15buGQ5z/v4WL3n
+f/peXQ70gakQMUpN28eZe/AaV5lgPaEIsV5mNiUWE04pDaPepPAVfUec85PzYbE0
+REETics6BJuVKpj+fiHwl83z2BusjjC+ZQHmg1SBEKfk/WLyDsV9ev+t6MjLgroj
+zaqcU+3ALplm4MDPzxGzcN9qSe2F8nnF7oSdHXuYgqW50DX7jSsl4vpMzKvwVGqE
+DXa4pUTZ2CaNvASGrM0I3TF5HKSWtjKOEBT6vCjkdjdk99pqQ92+y7vQNZXRpyOb
+FalHXI9BOxDzGYGBGqjkMGZD7eBbeY30es5E1GmrK3e9mJ1GTsvjaC4BtMAIWMFi
+FCvnirt7AA9VA3wsagF3CyasOqJtTfDIRPko8O7U6DZGNyxoXMIRirdEdfvCbZbw
+oIyTUksBl/ojxagzCZBedDveO9N3U7nYZOqL/NbI+jcOmw==
 </ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
       <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
       <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
       <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
@@ -85,10 +120,12 @@ JG+lIY6SLd88XLEaeUmL3q8whBeQtliHLqzXxjSH3stdJnYnYGNZGZTIzyk=
     <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://nyainloggning.hv.se/Shibboleth.sso/SLO/POST"/>
     <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://nyainloggning.hv.se/Shibboleth.sso/SLO/Redirect"/>
     <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://nyainloggning.hv.se/Shibboleth.sso/SLO/SOAP"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML/Artifact" index="5"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML/POST" index="6"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML2/Artifact" index="7"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML2/ECP" index="8"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML2/POST" index="9"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML2/ECP" index="4"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://nyainloggning.hv.se/Shibboleth.sso/SAML2/POST" index="5"/>
   </md:SPSSODescriptor>
+  <md:ContactPerson contactType="technical">
+    <md:SurName>Christian Jiresjö</md:SurName>
+    <md:EmailAddress>mailto:christian.jiresjo@hv.se</md:EmailAddress>
+  </md:ContactPerson>
 </md:EntityDescriptor>
author	Paul Scott <paul.scott@kau.se>	2019-08-14 12:44:50 +0000
committer	Paul Scott <paul.scott@kau.se>	2019-08-14 12:44:50 +0000
commit	678c850f3c1472b0e802597b34f306e55aa973e0 (patch)
tree	7d16e9ac393fd8540504bc5ff79ec177a4aef61c
parent	ff16da1e7b0173c1bb8854fb31b2e73754cfb288 (diff)