SWAMID-538, Key-rollover for vfu-test.su.se

author: Björn Mattsson <bjorn@sunet.se> 2021-12-03 14:16:06 +0100
committer: Björn Mattsson <bjorn@sunet.se> 2021-12-03 14:16:06 +0100
commit: 6f1c6d4d76b070b240b3dc46de414d153a55ac4b (patch)
tree: 714337ed079ed40994fbfd5db81e09a39e83e6c7
parent: 807761e113fe2bfc315027145620f6f1e1578f9c (diff)
3 files changed, 54 insertions, 13 deletions
diff --git a/swamid-2.0/vfu-test.su.se-shibboleth.sso.xml b/swamid-2.0/vfu-test.su.se-Shibboleth.sso.xml
index 28398b8e..24db45d7 100644
--- a/swamid-2.0/vfu-test.su.se-shibboleth.sso.xml
+++ b/swamid-2.0/vfu-test.su.se-Shibboleth.sso.xml
@@ -26,23 +26,26 @@
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
-  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:Extensions>
       <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF"/>
       <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF" index="1"/>
       <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/wavelan"/>
       <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/wavelan" index="2"/>
-      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/idp.secure.su.se"/>
       <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/idp.it.su.se"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/guest-idp.it.su.se"/>
       <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/SWAMID"/>
       <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://vfu-test.su.se/Shibboleth.sso/SWAMID" index="3"/>
-      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/guest-idp.it.su.se"/>
       <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/guest-idp-test.it.su.se"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/eduid.se"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/skolfederation-prod-ds"/>
+      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://vfu-test.su.se/Shibboleth.sso/WAYF/skolfederation-prod-ds" index="4"/>
       <mdui:UIInfo>
         <mdui:DisplayName xml:lang="sv">Verksamhetsförlagd utbildning Stockholms universitet</mdui:DisplayName>
         <mdui:DisplayName xml:lang="en">Workplace Situated Education at Stockholm University</mdui:DisplayName>
         <mdui:Description xml:lang="sv">VFU är verksamhetsfölagd utbildning där utbildningen sker på en arbetsplats</mdui:Description>
         <mdui:Description xml:lang="en">VFU is workplace situated education where the education takes place at a work place</mdui:Description>
+        <mdui:PrivacyStatementURL xml:lang="sv">https://serviceportalen.su.se/sv-se/article/1366077</mdui:PrivacyStatementURL>
         <mdui:PrivacyStatementURL xml:lang="en">https://serviceportalen.su.se/sv-se/article/1366077</mdui:PrivacyStatementURL>
       </mdui:UIInfo>
     </md:Extensions>
@@ -80,6 +83,46 @@ XOl0tx98AnNRgDTOuRoPtUa7Bg8w4puwklhK+gg+X01kZA==
       <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
       <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
     </md:KeyDescriptor>
+    <md:KeyDescriptor>
+      <ds:KeyInfo>
+        <ds:KeyName>vfu-test-app05.it.su.se</ds:KeyName>
+        <ds:X509Data>
+          <ds:X509SubjectName>CN=vfu-test-app05.it.su.se</ds:X509SubjectName>
+          <ds:X509Certificate>MIIEDDCCAnSgAwIBAgIJAOtFtSx4ZbxdMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV
+BAMTF3ZmdS10ZXN0LWFwcDA1Lml0LnN1LnNlMB4XDTIxMTEyMjA1NTQyNloXDTMx
+MTEyMDA1NTQyNlowIjEgMB4GA1UEAxMXdmZ1LXRlc3QtYXBwMDUuaXQuc3Uuc2Uw
+ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD9SSxDee0483TPIonp+AQp
+BpXrImKv9nJSZ+FuoblkypYB1Vle03UEBvULqqAebaNbUJnIJf5kkhcj85zzHqId
+tTdQqtrAnpz8y57XMK/uJXHDkzAN1JYpYhp5to2Atbd9cThueFK96zGOZWicTUiJ
+2dyzxlXSjV4k7xrjYHnNa6/RyktiG0T7M1ADAw0MjDXvgQy4b1gPfl5aR+vE3zWo
+ZPFaFVo0BobRt/Lalbzq99cJoOdIrRbLGLckfEVnVCq53bfJsvASnQJuE14ArJap
+HdSuWMCNoVTTVO+urVN71mBMpdM1SCg9up9Aj9yX/OF4uuCmP0+YQdA975JkGQX1
+PNLrvDoFMwmemqBXHid10kMa5q2HT02oVHh63cQnxjhB0WXyQrB8ZD2X1GZ6GNnv
+5W8aYOggMuc6nUmpQ+LYZ/LUeds7jcrVeYJNqWW0kod2HHdicq1wk3xhjwFWNkMo
+8BOwDSqByCxLsoZyB2gXPARLLF3NFWjTGrxzOBuZh/0CAwEAAaNFMEMwIgYDVR0R
+BBswGYIXdmZ1LXRlc3QtYXBwMDUuaXQuc3Uuc2UwHQYDVR0OBBYEFNo6lZumcTaq
+OZttWnNpwluneyijMA0GCSqGSIb3DQEBCwUAA4IBgQDToC2b7+WND4M9QL6VZnpO
+44zwYMofdEtN5pHJC0TMeIbbVpm0RW3TlrQ9pvPh84ZWNsYl10d9oNJ0OXc0Amib
+9V67aTzoEdjgTy+w0EORSO6hk374YOiMBboZ/GTA+PZewgpyWo3ZLRQpLMM2jYNj
+k8ooEziM8QirGFLy9eREdTWsoFAi7uAdaXHLN4eZF3XYQoulTDZdhB5jUCbCA2gc
+z2kjZDnC9koTfdCfXcJYYb80Q2HTUgOCzHB8P59PsE4xICJnv/46DjSFEC0K0FK9
+INPUZSNJyTrAcYOWdVUfJlQVdg68xrQ3cLUwRDMcXZVB3Fw2QCZ/GOnEdcAL1EBr
+mTS0UIdUu7d97uXfcXh3cpJE0yKJkp7wqSPQc0KjiVX8/CQktDp+lEoK6mXq2nH5
+omqHqOUiXNzNk2QMEJKGPmOnJnqEKrfsVVOF1W1drPFE79z/u4GmEloIcZrkhfW8
++z3vnyleKKoEJ9snUv7dus+mZXqmrdFPZ2KS8lbkw68=
+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+    </md:KeyDescriptor>
     <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://vfu-test.su.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
     <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://vfu-test.su.se/Shibboleth.sso/SLO/SOAP"/>
     <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vfu-test.su.se/Shibboleth.sso/SLO/Redirect"/>
@@ -89,20 +132,17 @@ XOl0tx98AnNRgDTOuRoPtUa7Bg8w4puwklhK+gg+X01kZA==
     <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vfu-test.su.se/Shibboleth.sso/NIM/Redirect"/>
     <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vfu-test.su.se/Shibboleth.sso/NIM/POST"/>
     <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vfu-test.su.se/Shibboleth.sso/NIM/Artifact"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://vfu-test.su.se/Shibboleth.sso/SAML/POST" index="5"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://vfu-test.su.se/Shibboleth.sso/SAML/Artifact" index="6"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vfu-test.su.se/Shibboleth.sso/SAML2/POST" index="7"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vfu-test.su.se/Shibboleth.sso/SAML2/Artifact" index="9"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://vfu-test.su.se/Shibboleth.sso/SAML2/ECP" index="10"/>
-    <md:AttributeConsumingService index="1">
-      <md:ServiceName xml:lang="en">VFU-test</md:ServiceName>
-      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vfu-test.su.se/Shibboleth.sso/SAML2/POST" index="1"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vfu-test.su.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://vfu-test.su.se/Shibboleth.sso/SAML2/ECP" index="4"/>
+    <md:AttributeConsumingService index="1" isDefault="true">
+      <md:ServiceName xml:lang="en">VFU-portalen</md:ServiceName>
       <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
-      <md:RequestedAttribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
       <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
     </md:AttributeConsumingService>
   </md:SPSSODescriptor>
diff --git a/swamid-2.0/vfu.su.se-shibboleth.sso.xml b/swamid-2.0/vfu.su.se-shibboleth.sso.xml
index ec05625f..af4d767b 100644
--- a/swamid-2.0/vfu.su.se-shibboleth.sso.xml
+++ b/swamid-2.0/vfu.su.se-shibboleth.sso.xml
@@ -33,6 +33,7 @@
         <mdui:DisplayName xml:lang="en">Workplace Situated Education at Stockholm University</mdui:DisplayName>
         <mdui:Description xml:lang="sv">VFU är verksamhetsfölagd utbildning där utbildningen sker på en arbetsplats</mdui:Description>
         <mdui:Description xml:lang="en">VFU is workplace situated education where the education takes place at a work place</mdui:Description>
+        <mdui:PrivacyStatementURL xml:lang="sv">https://serviceportalen.su.se/sv-se/article/1366077</mdui:PrivacyStatementURL>
         <mdui:PrivacyStatementURL xml:lang="en">https://serviceportalen.su.se/sv-se/article/1366077</mdui:PrivacyStatementURL>
       </mdui:UIInfo>
       <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://vfu.su.se/Shibboleth.sso/WAYF"/>
diff --git a/swamid-sp-2.0.mxml b/swamid-sp-2.0.mxml
index 70a3da6d..29961f74 100644
--- a/swamid-sp-2.0.mxml
+++ b/swamid-sp-2.0.mxml
@@ -121,7 +121,7 @@
   <xi:include href="swamid-2.0/play.hig.se.xml"/>
   <xi:include href="swamid-2.0/maps.slu.se-shibboleth.xml"/>
   <xi:include href="swamid-2.0/betafoo.nordu.net-saml2-metadata.xml"/>
-  <xi:include href="swamid-2.0/vfu-test.su.se-shibboleth.sso.xml"/>
+  <xi:include href="swamid-2.0/vfu-test.su.se-Shibboleth.sso.xml"/>
   <xi:include href="swamid-2.0/vfu.su.se-shibboleth.sso.xml"/>
   <xi:include href="swamid-2.0/nidev-consumer.nordu.net-saml2-metadata.xml"/>
   <xi:include href="swamid-2.0/mds2.nordu.net-shibboleth.xml"/>
author	Björn Mattsson <bjorn@sunet.se>	2021-12-03 14:16:06 +0100
committer	Björn Mattsson <bjorn@sunet.se>	2021-12-03 14:16:06 +0100
commit	6f1c6d4d76b070b240b3dc46de414d153a55ac4b (patch)
tree	714337ed079ed40994fbfd5db81e09a39e83e6c7
parent	807761e113fe2bfc315027145620f6f1e1578f9c (diff)