diff options
| author | Anders Lördal <anders@lordal.se> | 2016-03-11 13:03:39 +0100 |
|---|---|---|
| committer | Anders Lördal <anders@lordal.se> | 2016-03-11 13:03:39 +0100 |
| commit | 9dae27a9cb610ffda2a54277a36d24a943c7b5a3 (patch) | |
| tree | dbdc8cb06840f1c03771e990e977bbdd646fc27b | |
| parent | 71f22d95375badfa79275bb10999506fc1e58b26 (diff) | |
Resolves SWAMIDOPS-8062
| -rw-r--r-- | swamid-2.0/idp.suni.se-adfs-services-trust.xml | 326 |
1 files changed, 317 insertions, 9 deletions
diff --git a/swamid-2.0/idp.suni.se-adfs-services-trust.xml b/swamid-2.0/idp.suni.se-adfs-services-trust.xml index bbb025b1..e459e99e 100644 --- a/swamid-2.0/idp.suni.se-adfs-services-trust.xml +++ b/swamid-2.0/idp.suni.se-adfs-services-trust.xml @@ -1,12 +1,321 @@ <?xml version="1.0" encoding="UTF-8"?> -<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://idp.suni.se/adfs/services/trust"> - <Extensions> - <shibmd:Scope regexp="false">suni.se</shibmd:Scope> - </Extensions> +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://idp.suni.se/adfs/services/trust"> + <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp.suni.se"> + <KeyDescriptor use="encryption"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <fed:ClaimTypesRequested> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> + <auth:DisplayName>E-Mail Address</auth:DisplayName> + <auth:Description>The e-mail address of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> + <auth:DisplayName>Given Name</auth:DisplayName> + <auth:Description>The given name of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> + <auth:DisplayName>Name</auth:DisplayName> + <auth:Description>The unique name of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> + <auth:DisplayName>UPN</auth:DisplayName> + <auth:Description>The user principal name (UPN) of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> + <auth:DisplayName>Common Name</auth:DisplayName> + <auth:Description>The common name of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> + <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> + <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> + <auth:DisplayName>Group</auth:DisplayName> + <auth:Description>A group that the user is a member of</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> + <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> + <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> + <auth:DisplayName>Role</auth:DisplayName> + <auth:Description>A role that the user has</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> + <auth:DisplayName>Surname</auth:DisplayName> + <auth:Description>The surname of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> + <auth:DisplayName>PPID</auth:DisplayName> + <auth:Description>The private identifier of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> + <auth:DisplayName>Name ID</auth:DisplayName> + <auth:Description>The SAML name identifier of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> + <auth:DisplayName>Authentication time stamp</auth:DisplayName> + <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> + <auth:DisplayName>Authentication method</auth:DisplayName> + <auth:Description>The method used to authenticate the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> + <auth:DisplayName>Deny only group SID</auth:DisplayName> + <auth:Description>The deny-only group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> + <auth:DisplayName>Deny only primary SID</auth:DisplayName> + <auth:Description>The deny-only primary SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> + <auth:DisplayName>Deny only primary group SID</auth:DisplayName> + <auth:Description>The deny-only primary group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> + <auth:DisplayName>Group SID</auth:DisplayName> + <auth:Description>The group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> + <auth:DisplayName>Primary group SID</auth:DisplayName> + <auth:Description>The primary group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> + <auth:DisplayName>Primary SID</auth:DisplayName> + <auth:Description>The primary SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> + <auth:DisplayName>Windows account name</auth:DisplayName> + <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" Optional="true"> + <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/cn" Optional="true"> + <auth:DisplayName>cn</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonEntitlement" Optional="true"> + <auth:DisplayName>eduPersonEntitlement</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" Optional="true"> + <auth:DisplayName>Display Name</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/initials" Optional="true"> + <auth:DisplayName>Initials</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/norEduPersonNIN" Optional="true"> + <auth:DisplayName>norEduPersonNIN</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/socialSecurityNumber" Optional="true"> + <auth:DisplayName>socialSecurityNumber</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/socialSecurityNumber" Optional="true"> + <auth:DisplayName>socialSecurityNumberNotOld</auth:DisplayName> + </auth:ClaimType> + </fed:ClaimTypesRequested> + <fed:TargetScopes> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> + </EndpointReference> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> + </EndpointReference> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> + </EndpointReference> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> + </EndpointReference> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/ls/</Address> + </EndpointReference> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/services/trust</Address> + </EndpointReference> + </fed:TargetScopes> + <fed:ApplicationServiceEndpoint> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> + </EndpointReference> + </fed:ApplicationServiceEndpoint> + <fed:PassiveRequestorEndpoint> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/ls/</Address> + </EndpointReference> + </fed:PassiveRequestorEndpoint> + </RoleDescriptor> + <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp.suni.se"> + <KeyDescriptor use="signing"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <fed:TokenTypesOffered> + <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> + <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> + </fed:TokenTypesOffered> + <fed:ClaimTypesOffered> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> + <auth:DisplayName>E-Mail Address</auth:DisplayName> + <auth:Description>The e-mail address of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> + <auth:DisplayName>Given Name</auth:DisplayName> + <auth:Description>The given name of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> + <auth:DisplayName>Name</auth:DisplayName> + <auth:Description>The unique name of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> + <auth:DisplayName>UPN</auth:DisplayName> + <auth:Description>The user principal name (UPN) of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> + <auth:DisplayName>Common Name</auth:DisplayName> + <auth:Description>The common name of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> + <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> + <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> + <auth:DisplayName>Group</auth:DisplayName> + <auth:Description>A group that the user is a member of</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> + <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> + <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> + <auth:DisplayName>Role</auth:DisplayName> + <auth:Description>A role that the user has</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> + <auth:DisplayName>Surname</auth:DisplayName> + <auth:Description>The surname of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> + <auth:DisplayName>PPID</auth:DisplayName> + <auth:Description>The private identifier of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> + <auth:DisplayName>Name ID</auth:DisplayName> + <auth:Description>The SAML name identifier of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> + <auth:DisplayName>Authentication time stamp</auth:DisplayName> + <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> + <auth:DisplayName>Authentication method</auth:DisplayName> + <auth:Description>The method used to authenticate the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> + <auth:DisplayName>Deny only group SID</auth:DisplayName> + <auth:Description>The deny-only group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> + <auth:DisplayName>Deny only primary SID</auth:DisplayName> + <auth:Description>The deny-only primary SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> + <auth:DisplayName>Deny only primary group SID</auth:DisplayName> + <auth:Description>The deny-only primary group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> + <auth:DisplayName>Group SID</auth:DisplayName> + <auth:Description>The group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> + <auth:DisplayName>Primary group SID</auth:DisplayName> + <auth:Description>The primary group SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> + <auth:DisplayName>Primary SID</auth:DisplayName> + <auth:Description>The primary SID of the user</auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> + <auth:DisplayName>Windows account name</auth:DisplayName> + <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" Optional="true"> + <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/cn" Optional="true"> + <auth:DisplayName>cn</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonEntitlement" Optional="true"> + <auth:DisplayName>eduPersonEntitlement</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" Optional="true"> + <auth:DisplayName>Display Name</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/initials" Optional="true"> + <auth:DisplayName>Initials</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/norEduPersonNIN" Optional="true"> + <auth:DisplayName>norEduPersonNIN</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/socialSecurityNumber" Optional="true"> + <auth:DisplayName>socialSecurityNumber</auth:DisplayName> + </auth:ClaimType> + <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/socialSecurityNumber" Optional="true"> + <auth:DisplayName>socialSecurityNumberNotOld</auth:DisplayName> + </auth:ClaimType> + </fed:ClaimTypesOffered> + <fed:SecurityTokenServiceEndpoint> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/services/trust/2005/certificatemixed</Address> + <Metadata> + <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> + <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> + <wsx:MetadataReference> + <Address xmlns="http://www.w3.org/2005/08/addressing">https://idp.suni.se/adfs/services/trust/mex</Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </Metadata> + </Metadata> + </EndpointReference> + </fed:SecurityTokenServiceEndpoint> + <fed:PassiveRequestorEndpoint> + <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> + <Address>https://idp.suni.se/adfs/ls/</Address> + </EndpointReference> + </fed:PassiveRequestorEndpoint> + </RoleDescriptor> + <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <KeyDescriptor use="encryption"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="signing"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.suni.se/adfs/ls/"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.suni.se/adfs/ls/"/> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.suni.se/adfs/ls/" index="0" isDefault="true"/> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://idp.suni.se/adfs/ls/" index="1"/> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.suni.se/adfs/ls/" index="2"/> + </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <Extensions> - <shibmd:Scope regexp="false">suni.se</shibmd:Scope> - </Extensions> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> @@ -27,7 +336,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.suni.se/adfs/ls/"/> - <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.suni.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.suni.se/adfs/ls/"/> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> @@ -67,7 +375,7 @@ <ContactPerson contactType="support"> <GivenName>Tomas</GivenName> <SurName>Legat</SurName> - <EmailAddress>mailto:server@sh.se</EmailAddress> + <EmailAddress>server@sh.se</EmailAddress> <TelephoneNumber>+46(0)86084000</TelephoneNumber> </ContactPerson> </EntityDescriptor> |