Updates SWAMID-3559

author: Paul Scott <paul.scott@kau.se> 2020-12-02 15:54:01 +0000
committer: Paul Scott <paul.scott@kau.se> 2020-12-02 15:54:01 +0000
commit: b2f1cb18f1638d44dce6e182998fddf2f9b73509 (patch)
tree: be53301098b2c2ec8e399e4b90e6298b62d845b3
parent: 987e36830faf760b78dcb50de85076968a721e79 (diff)
4 files changed, 176 insertions, 105 deletions
diff --git a/swamid-2.0/login.sto3.safespring-shibboleth.xml b/swamid-2.0/login.sto3.safespring-shibboleth.xml
deleted file mode 100644
index ab8c2da1..00000000
--- a/swamid-2.0/login.sto3.safespring-shibboleth.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://login.sto3.safespring/shibboleth">
-  <md:Extensions>
-    <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
-      <mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy>
-    </mdrpi:RegistrationInfo>
-    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
-      <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category">
-        <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
-      </samla:Attribute>
-    </mdattr:EntityAttributes>
-  </md:Extensions>
-  <SPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    <md:Extensions>
-      <mdui:UIInfo>
-        <mdui:DisplayName xml:lang="en">Sunet Cloud Services</mdui:DisplayName>
-        <mdui:Description xml:lang="en">Sunet Cloud Services OpenStack</mdui:Description>
-        <mdui:InformationURL xml:lang="sv">https://wiki.sunet.se/display/Molntjanster</mdui:InformationURL>
-        <mdui:InformationURL xml:lang="en">https://wiki.sunet.se/display/Molntjanster</mdui:InformationURL>
-      </mdui:UIInfo>
-    </md:Extensions>
-    <md:KeyDescriptor>
-      <ds:KeyInfo>
-        <ds:X509Data>
-          <ds:X509Certificate>
-MIIETjCCAragAwIBAgIJAJXapy65TmQ7MA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV
-BAMTHHYyLmRhc2hib2FyZC5zdG8xLnNhZmVkYy5uZXQwIBcNMjAxMjAxMDg0MTM3
-WhgPMjA1MDExMjQwODQxMzdaMCcxJTAjBgNVBAMTHHYyLmRhc2hib2FyZC5zdG8x
-LnNhZmVkYy5uZXQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDLJEy9
-vch54e2m1Ga1Nw7bjcQZ2T3HyJ8o8osdc+6sgOymb7/UTUzSDG4aSDmHItW+6M6b
-UOlE2Y75hOZwMCX1UTUx9ymym/aRnx++wzmPhjSITaQ3fBS5XgX6pESD8ZH8huSz
-swLL78UHs7ATr7JwhnTDCTNWnm38mzXPM+x+eVdgGXpHNt1Beo3JG65qJk07sUl/
-24KflztbaMkCwSWXaHno8nR0u0bFoBeceJY2r4uP8J0BBW/wF8RNxppE4PU1T/9o
-IGLCXcHwuoPQV5tytfAcMMT43OxwiC14nCcc/p4VL6nUfzhH17DkykxUtcY746vM
-QegPLhOn5b60Tbvo7WZLYD27nQ8VX1xFMrWusYk+coZdXF2yy9UrXXFhKKkIkSLe
-yDR2NgjICzQjNdIS2+nG6RErh9c2FHgWYluAyqG9Bdv2M5pnakBC18tnK1u6TBM+
-20V4Uoga8n++G//TKACPOhWN897Fckwbi+MrveRam54gx4KB67EhO563sj8CAwEA
-AaN7MHkwWAYDVR0RBFEwT4IcdjIuZGFzaGJvYXJkLnN0bzEuc2FmZWRjLm5ldIYv
-aHR0cHM6Ly92Mi5kYXNoYm9hcmQuc3RvMS5zYWZlZGMubmV0L3NoaWJib2xldGgw
-HQYDVR0OBBYEFBf/ZPT3JkDtcaQOYSHHMdT8LuE6MA0GCSqGSIb3DQEBCwUAA4IB
-gQBJvRL5ft6kFifPWxr70CTKhSM/1YfJDc6QT2Gxqhz6J5ZWmElnBoqgKZOq++VQ
-ye8X0E3bl1olDjfk5yw60gN1LbpXVZrsCuUqb6mb1JY5funqiyuCP04lcoXtVmur
-S55FJ5I+6wezoto8yd7GbGkXeSVtiFR131mPfVSHkoFWMkNBGopFXIqM3StfIm9Q
-xFjwYHun0V2WH6peM1aroZ9ROSuqSJxKfGnfav/vfUXiEY+5jNRdwFt5c+Cp27Gj
-YjcfGiB6IDmGlPSA3Fsl5OxpmfAtCIZc843KVVq11OFaRkQ9MwA4l8sc6LM7AEOG
-qG/0jMjJ9sR880zo8H/CYe3K2IMv9gljJ379E/+TjYI3/Ng2dfFD9xcjM/PKBMH3
-0OAG46vMdscG8wXpwJk0MDBqDW1JUxgQQsmFv2z0dVsTB2V1yFwrkyORUnyP/1LP
-58jYXshzlQWtOAv/r0xGqWBhHbBS+mQlED8KaJVrQQvkD8aCGw3okSDf9TaTBUH6
-VOc=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://login.sto3.safespring.com:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/logout"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.sto3.safespring.com:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/logout"/>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
-    <md:AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.sto3.safespring.com:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/postResponse"/>
-    <md:AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://login.sto3.safespring.com:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/artifactResponse"/>
-    <md:AssertionConsumerService index="2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://login.sto3.safespring.com:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/paosResponse"/>
-  </SPSSODescriptor>
-  <md:Organization>
-    <md:OrganizationName xml:lang="en">Safespring</md:OrganizationName>
-    <md:OrganizationDisplayName xml:lang="sv">Blue Safespring AB</md:OrganizationDisplayName>
-    <md:OrganizationDisplayName xml:lang="en">Safespring</md:OrganizationDisplayName>
-    <md:OrganizationURL xml:lang="en">https://www.safespring.com</md:OrganizationURL>
-  </md:Organization>
-  <md:ContactPerson contactType="support">
-    <md:Company>Safespring</md:Company>
-    <md:GivenName>Safespring Support</md:GivenName>
-    <md:EmailAddress>mailto:support@safespring.com</md:EmailAddress>
-  </md:ContactPerson>
-</md:EntityDescriptor>
diff --git a/swamid-2.0/login.sto3.safespring.com-shibboleth.xml b/swamid-2.0/login.sto3.safespring.com-shibboleth.xml
new file mode 100644
index 00000000..0643adb0
--- /dev/null
+++ b/swamid-2.0/login.sto3.safespring.com-shibboleth.xml
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://login.sto3.safespring.com/shibboleth">
+  <md:Extensions>
+    <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
+      <mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy>
+    </mdrpi:RegistrationInfo>
+    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
+      <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category">
+        <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
+      </samla:Attribute>
+    </mdattr:EntityAttributes>
+  </md:Extensions>
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:Extensions>
+      <mdui:UIInfo>
+        <mdui:DisplayName xml:lang="en">Sunet Cloud Services</mdui:DisplayName>
+        <mdui:Description xml:lang="en">Sunet Cloud Services OpenStack</mdui:Description>
+        <mdui:InformationURL xml:lang="sv">https://wiki.sunet.se/display/Molntjanster</mdui:InformationURL>
+        <mdui:InformationURL xml:lang="en">https://wiki.sunet.se/display/Molntjanster</mdui:InformationURL>
+      </mdui:UIInfo>
+    </md:Extensions>
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>
+            MIIETjCCAragAwIBAgIJAKHiBz9pELmXMA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV
+            BAMTHHYyLmRhc2hib2FyZC5zdG8xLnNhZmVkYy5uZXQwIBcNMjAxMjAxMDg0MTEz
+            WhgPMjA1MDExMjQwODQxMTNaMCcxJTAjBgNVBAMTHHYyLmRhc2hib2FyZC5zdG8x
+            LnNhZmVkYy5uZXQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC61jCV
+            EaHxfsRFk43l9w9ER/7dRFTnV56P264wGv8Hj8GqlA5bDDWLzCw8bjwG1vgDxjD6
+            pBcwv0XeJCqQyICPoGYQaqmiXuEjSWo9UEBa4TTMrVgvoE5FCr4wkmLuRx+K/13+
+            D+xDgKpgVs21dSozBLGnPj4Cd+4fda28t/OUi88bBNs/J1COIHt7ut4jIhOmU4NO
+            kdNlzAoYP9mTQyuYjCCpIdhUeT1eVAbm8i1QaWzuc7gg0bkMYO7sbOUjsRww04kH
+            z1KK6q7vWohM/VFYI9b+KCacjHxJ4Grf04CaZqnX9NmKmNUEhyzTG5vCMCWspR36
+            8tbf9UL6faURvXLEDhUmeNwywDC7DXVFuAyLmY0aWEvJS+YGVL16hvGbUv99EPfd
+            mbl3TLoSn2bARW8Kdul3goMiEuBY+fAgSquBQn5mAWu00+1UAg6NGMhLIXy/WlMF
+            bG/dCpORTcu3VaVkSCVC7J1ac1vWL19gHhbXdLgaxRn04gXEHLhaGE/US+sCAwEA
+            AaN7MHkwWAYDVR0RBFEwT4IcdjIuZGFzaGJvYXJkLnN0bzEuc2FmZWRjLm5ldIYv
+            aHR0cHM6Ly92Mi5kYXNoYm9hcmQuc3RvMS5zYWZlZGMubmV0L3NoaWJib2xldGgw
+            HQYDVR0OBBYEFEHBQtposodHldzgdbOx19jwWhl5MA0GCSqGSIb3DQEBCwUAA4IB
+            gQAqoc8zdOvDmJr1yYnpcxXqKjTgFeY+MRa+hoqX6MJVGJtU2kic2gC0EAoAE0Uq
+            riCgI+NMg5n3zo+Yzv1IVSttsKn+muuyeqlXY8716pUTCbAQ1OZZ/vMiUfMb59Ni
+            CjQ9AKayqIH7U2+g6CxjCfO7BsIsU/3KOseZNVjZXxQuCOaZnwLix1zOcWM/EJgf
+            2jOXUAgAUcwaOpnymG4903ir/93/llprnSBBqWTjrXVlFg3N5mv9mxA6L+8TrCo6
+            63IC5MMkKsKveEosK0XJ5OR9cBaOWY4EJKyOmB7ikEQwHKwlyCmQ7+keankzJIwm
+            JwLfFYo9/b1GoO6gF5YZ4m3Sl1eC0fm5E4YJxre2GVCYp094rEUqldE/RRmFq7Sz
+            jIZLRlvoQ4wC85++7Jg+kr7vEl1i5fT7u4U+uxN//McnQgPgRFU3ZPN3IADs56s/
+            2GScjrMWR2SSIT469rotTMT7jNhApLJDdRh3RpT+Sfq3OCvezYC4CO85ymClgdat
+            Z8E=
+          </ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:KeyDescriptor use="encryption">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>
+            MIIETjCCAragAwIBAgIJAJXapy65TmQ7MA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV
+            BAMTHHYyLmRhc2hib2FyZC5zdG8xLnNhZmVkYy5uZXQwIBcNMjAxMjAxMDg0MTM3
+            WhgPMjA1MDExMjQwODQxMzdaMCcxJTAjBgNVBAMTHHYyLmRhc2hib2FyZC5zdG8x
+            LnNhZmVkYy5uZXQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDLJEy9
+            vch54e2m1Ga1Nw7bjcQZ2T3HyJ8o8osdc+6sgOymb7/UTUzSDG4aSDmHItW+6M6b
+            UOlE2Y75hOZwMCX1UTUx9ymym/aRnx++wzmPhjSITaQ3fBS5XgX6pESD8ZH8huSz
+            swLL78UHs7ATr7JwhnTDCTNWnm38mzXPM+x+eVdgGXpHNt1Beo3JG65qJk07sUl/
+            24KflztbaMkCwSWXaHno8nR0u0bFoBeceJY2r4uP8J0BBW/wF8RNxppE4PU1T/9o
+            IGLCXcHwuoPQV5tytfAcMMT43OxwiC14nCcc/p4VL6nUfzhH17DkykxUtcY746vM
+            QegPLhOn5b60Tbvo7WZLYD27nQ8VX1xFMrWusYk+coZdXF2yy9UrXXFhKKkIkSLe
+            yDR2NgjICzQjNdIS2+nG6RErh9c2FHgWYluAyqG9Bdv2M5pnakBC18tnK1u6TBM+
+            20V4Uoga8n++G//TKACPOhWN897Fckwbi+MrveRam54gx4KB67EhO563sj8CAwEA
+            AaN7MHkwWAYDVR0RBFEwT4IcdjIuZGFzaGJvYXJkLnN0bzEuc2FmZWRjLm5ldIYv
+            aHR0cHM6Ly92Mi5kYXNoYm9hcmQuc3RvMS5zYWZlZGMubmV0L3NoaWJib2xldGgw
+            HQYDVR0OBBYEFBf/ZPT3JkDtcaQOYSHHMdT8LuE6MA0GCSqGSIb3DQEBCwUAA4IB
+            gQBJvRL5ft6kFifPWxr70CTKhSM/1YfJDc6QT2Gxqhz6J5ZWmElnBoqgKZOq++VQ
+            ye8X0E3bl1olDjfk5yw60gN1LbpXVZrsCuUqb6mb1JY5funqiyuCP04lcoXtVmur
+            S55FJ5I+6wezoto8yd7GbGkXeSVtiFR131mPfVSHkoFWMkNBGopFXIqM3StfIm9Q
+            xFjwYHun0V2WH6peM1aroZ9ROSuqSJxKfGnfav/vfUXiEY+5jNRdwFt5c+Cp27Gj
+            YjcfGiB6IDmGlPSA3Fsl5OxpmfAtCIZc843KVVq11OFaRkQ9MwA4l8sc6LM7AEOG
+            qG/0jMjJ9sR880zo8H/CYe3K2IMv9gljJ379E/+TjYI3/Ng2dfFD9xcjM/PKBMH3
+            0OAG46vMdscG8wXpwJk0MDBqDW1JUxgQQsmFv2z0dVsTB2V1yFwrkyORUnyP/1LP
+            58jYXshzlQWtOAv/r0xGqWBhHbBS+mQlED8KaJVrQQvkD8aCGw3okSDf9TaTBUH6
+            VOc=
+          </ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.sto3.safespring.com:5000/Shibboleth.sso/Logout"/>
+    <md:AssertionConsumerService Location="https://login.sto3.safespring.com:5000/Shibboleth.sso/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+    <md:AttributeConsumingService index="1">
+      <md:ServiceName xml:lang="en">Safespring OpenStack</md:ServiceName>
+      <md:ServiceName xml:lang="sv">Safespring OpenStack</md:ServiceName>
+      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+      <md:RequestedAttribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+      <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+      <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+    </md:AttributeConsumingService>
+  </md:SPSSODescriptor>
+  <md:Organization>
+    <md:OrganizationName xml:lang="en">Safespring</md:OrganizationName>
+    <md:OrganizationDisplayName xml:lang="sv">Blue Safespring AB</md:OrganizationDisplayName>
+    <md:OrganizationDisplayName xml:lang="en">Safespring</md:OrganizationDisplayName>
+    <md:OrganizationURL xml:lang="en">https://www.safespring.com</md:OrganizationURL>
+  </md:Organization>
+  <md:ContactPerson contactType="support">
+    <md:Company>Safespring</md:Company>
+    <md:GivenName>Safespring Support</md:GivenName>
+    <md:EmailAddress>mailto:support@safespring.com</md:EmailAddress>
+  </md:ContactPerson>
+</md:EntityDescriptor>
diff --git a/swamid-2.0/v2.api.sto4.safedc.net-shibboleth.xml b/swamid-2.0/v2.api.sto4.safedc.net-shibboleth.xml
index 9f787619..be451007 100644
--- a/swamid-2.0/v2.api.sto4.safedc.net-shibboleth.xml
+++ b/swamid-2.0/v2.api.sto4.safedc.net-shibboleth.xml
@@ -10,7 +10,7 @@
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
-  <SPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:Extensions>
       <mdui:UIInfo>
         <mdui:DisplayName xml:lang="en">Sunet Cloud Services</mdui:DisplayName>
@@ -19,44 +19,79 @@
         <mdui:InformationURL xml:lang="en">https://wiki.sunet.se/display/Molntjanster</mdui:InformationURL>
       </mdui:UIInfo>
     </md:Extensions>
-    <md:KeyDescriptor>
+    <md:KeyDescriptor use="signing">
       <ds:KeyInfo>
         <ds:X509Data>
           <ds:X509Certificate>
-MIIENjCCAp6gAwIBAgIJAJQvqB6/7/hSMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNV
-BAMTFnYyLmFwaS5zdG80LnNhZmVkYy5uZXQwIBcNMjAxMjAxMTIwMjM2WhgPMjA1
-MDExMjQxMjAyMzZaMCExHzAdBgNVBAMTFnYyLmFwaS5zdG80LnNhZmVkYy5uZXQw
-ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCzTrMnvOPERqWLvIZIlVON
-dCnMOXsdQQsQkpMKwPT73Ct/fkx55NMxQON+yC+1fJ7dga3ovWKNm+EZOKR37sDB
-GcQA1/9z0Gv+3VQ1g5Txm3Y1VYRwV8jkLcPyr/qpnSwiyMD+Bz0kAlgm1n1HxVaH
-L/ewpkzpsFbTKfGqEuU2NQEH7OpbVwp/8nQb6771Sk01VKUeQ79HS2rbMa9FuvR+
-yVjAtKW3cU0hfFYDelCsaeM1DWWUfypfFLbAbY+pbWLqr1npMO4eu/jR6TKvykyd
-6+rAgPtV9JrW5Jp+crjUcxvJFEAY4XXC5hvS3GV+F81r+wv08eWZeMp0nKK63Lgy
-sUMxLwqOVn7R14ifA4/s7LMWDhs3SrU/2DYEmAgcCFTRNg2CpZxXHB1KufrdtFk4
-S7hkdU1CPLDXx/ExP2MEQa8MVgmO633LRS8Xk8m1lUEQGvmcYVhjdTF2m5/ifQZU
-9+gS6DFN8UV1S+KRD6jJIo4q8YbKJSVDYDiOp2MffKsCAwEAAaNvMG0wTAYDVR0R
-BEUwQ4IWdjIuYXBpLnN0bzQuc2FmZWRjLm5ldIYpaHR0cHM6Ly92Mi5hcGkuc3Rv
-NC5zYWZlZGMubmV0L3NoaWJib2xldGgwHQYDVR0OBBYEFFPXcSnL02pP6ZbLOGQp
-Uh+Y1p8UMA0GCSqGSIb3DQEBCwUAA4IBgQCBWhHz+NJesbt0GaZE72lZDiYLSg+O
-ijBbbpmgCs4PaCXeaG7HlY07XwXtfbPQNUIPKEkLj2EZXddI9a0KO1Kgn0wed7cB
-A1OittZ9JdpE9hcrEXukpRWSeRUcDj2B24Vy0iysfl0rkQStcMkjgdPt1mTLH5cA
-DKG4UMuEKi6wTGzuwJbQHwlImR2bezNcq/14B/mOtwtKmWhtloun42E+ZZ7RrXXh
-bVnA8OidD3EaqkinVTl1WKzJFS7g8SV/1/gAcZB0Z57F4rQFaMP6L1mzlPo5Ltp3
-PNWJQVV19dAxetHf25yB/msJ1inx8e+cfLG2WnR6DfB6KL2yaFf/uTK04kIRJSjS
-pWF03q85fN6qxG4ItyFKbApuJzlgEPqOna1c5XGh9/51Jv6daOiiLFgwFjCxsCjd
-kGA+PIXVzHT09LFm2cq62L4liLzAp6JDCmucaRxqisGIthGbhQpIO0zjgRzh4Vo0
-/SokNCR8kWnzQPxO2BBsEdRZzXaxOAPuWlA=
+            MIIENjCCAp6gAwIBAgIJAI9vexAmJuGFMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNV
+            BAMTFnYyLmFwaS5zdG80LnNhZmVkYy5uZXQwIBcNMjAxMjAxMTIwMTQ3WhgPMjA1
+            MDExMjQxMjAxNDdaMCExHzAdBgNVBAMTFnYyLmFwaS5zdG80LnNhZmVkYy5uZXQw
+            ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCzHjESgcYBfFXt2oCi62YH
+            ECBc/vtqavqBGu9TL7nNgtptR75Pr8PwTbe6ymHWGlCyJ/kFgWYaewacLd93Ren5
+            yy82WmYcJlE6hfM0zybZqfSbbTDpVkK5ADSpiOV8zea54P8fJ0nzlJWwLlfQOGRy
+            3Mr2iahHYX4tuzuuEzVa5KUJDPypfwA5r1WjBmVyYNTOCU7sZvDDF7qY8GaUnGHQ
+            PWfxB0Q5jakY+KBdjnu1wj/lnf6tTjz0dj93Xb3R8uMdLws1MRlqoOB3PlwsEeQU
+            9i5Xwsnf37PV5OLxIfftCqpV7QCTLw5PAjz68kyviXgGYaDTK271XLtF3dHlTaVL
+            pDNXwhU1dJ58DTR/F6C+bMSr7YIIHlXlvyHXAErgU1On9dCkMz7Zq1pCqopGcCkP
+            3W+3eKFhq75TOj13AqFi/h5f9gLDchZ0BDJ0g5d6SSeAAQ3COxZ01MRtZGdiW8ZX
+            g+Ort1SFRtTAXG8ue69J7ioAflaccSxuAGMhcKk72/kCAwEAAaNvMG0wTAYDVR0R
+            BEUwQ4IWdjIuYXBpLnN0bzQuc2FmZWRjLm5ldIYpaHR0cHM6Ly92Mi5hcGkuc3Rv
+            NC5zYWZlZGMubmV0L3NoaWJib2xldGgwHQYDVR0OBBYEFEqbSfjt3GM67x0u8b56
+            Ibbsx9/MMA0GCSqGSIb3DQEBCwUAA4IBgQAxbkkgTs25Cf0VQXtBXGHzFrz1zDhw
+            jaUs3oIAwZswOxiNeaMLIloawxqX692dbPxY4ZO1X/M+W2MWH4BDPhC9MkA5fuWB
+            F9n7F8+6vOXdIV2s2npRfUPpC06hLrVKH/sJmQ1BcoQKk+qboYh5vJSGcev7rJPT
+            JrT1ZCPEAPdXibcQlo+kIOM+B/8qtLp3Ah0ddV4yjKvL0ad0h/HPpWVVLx+8uj7c
+            6HOIra8/VzZLQBBIUHxcUOCHWEwoDDL0QiFw9wSxark1XF9wghoYOZxknWPGhGDl
+            KCQy01msNYFKJFxSMki+cydmxF6gkEop68awD4Abrrf351npRQ4dRU4KN24Qbd2J
+            nErOuqr0tGCOXLJAsW56+J8BEec/xtYjb1Xz4c0j7kUNiq4MwSLWNRL9BfXA6ovp
+            SWC+uOUCl5C0ofikNq/g/PLwysLyBS7gKzjOXW5Z69HzjR70UyhLv4Hnq/2ouRoh
+            7PRWIrFOkpZ6wCkrgKqDxm/I1gnXqQ3IHf0=
           </ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
     </md:KeyDescriptor>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://v2.api.sto4.safedc.net:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/logout"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://v2.api.sto4.safedc.net:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/logout"/>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
-    <md:AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://v2.api.sto4.safedc.net:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/postResponse"/>
-    <md:AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://v2.api.sto4.safedc.net:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/artifactResponse"/>
-    <md:AssertionConsumerService index="2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://v2.api.sto4.safedc.net:5000/identity/v3/auth/OS-FEDERATION/identity_providers/nordunet/protocols/saml2/websso/paosResponse"/>
-  </SPSSODescriptor>
+    <md:KeyDescriptor use="encryption">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>
+            MIIENjCCAp6gAwIBAgIJAJQvqB6/7/hSMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNV
+            BAMTFnYyLmFwaS5zdG80LnNhZmVkYy5uZXQwIBcNMjAxMjAxMTIwMjM2WhgPMjA1
+            MDExMjQxMjAyMzZaMCExHzAdBgNVBAMTFnYyLmFwaS5zdG80LnNhZmVkYy5uZXQw
+            ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCzTrMnvOPERqWLvIZIlVON
+            dCnMOXsdQQsQkpMKwPT73Ct/fkx55NMxQON+yC+1fJ7dga3ovWKNm+EZOKR37sDB
+            GcQA1/9z0Gv+3VQ1g5Txm3Y1VYRwV8jkLcPyr/qpnSwiyMD+Bz0kAlgm1n1HxVaH
+            L/ewpkzpsFbTKfGqEuU2NQEH7OpbVwp/8nQb6771Sk01VKUeQ79HS2rbMa9FuvR+
+            yVjAtKW3cU0hfFYDelCsaeM1DWWUfypfFLbAbY+pbWLqr1npMO4eu/jR6TKvykyd
+            6+rAgPtV9JrW5Jp+crjUcxvJFEAY4XXC5hvS3GV+F81r+wv08eWZeMp0nKK63Lgy
+            sUMxLwqOVn7R14ifA4/s7LMWDhs3SrU/2DYEmAgcCFTRNg2CpZxXHB1KufrdtFk4
+            S7hkdU1CPLDXx/ExP2MEQa8MVgmO633LRS8Xk8m1lUEQGvmcYVhjdTF2m5/ifQZU
+            9+gS6DFN8UV1S+KRD6jJIo4q8YbKJSVDYDiOp2MffKsCAwEAAaNvMG0wTAYDVR0R
+            BEUwQ4IWdjIuYXBpLnN0bzQuc2FmZWRjLm5ldIYpaHR0cHM6Ly92Mi5hcGkuc3Rv
+            NC5zYWZlZGMubmV0L3NoaWJib2xldGgwHQYDVR0OBBYEFFPXcSnL02pP6ZbLOGQp
+            Uh+Y1p8UMA0GCSqGSIb3DQEBCwUAA4IBgQCBWhHz+NJesbt0GaZE72lZDiYLSg+O
+            ijBbbpmgCs4PaCXeaG7HlY07XwXtfbPQNUIPKEkLj2EZXddI9a0KO1Kgn0wed7cB
+            A1OittZ9JdpE9hcrEXukpRWSeRUcDj2B24Vy0iysfl0rkQStcMkjgdPt1mTLH5cA
+            DKG4UMuEKi6wTGzuwJbQHwlImR2bezNcq/14B/mOtwtKmWhtloun42E+ZZ7RrXXh
+            bVnA8OidD3EaqkinVTl1WKzJFS7g8SV/1/gAcZB0Z57F4rQFaMP6L1mzlPo5Ltp3
+            PNWJQVV19dAxetHf25yB/msJ1inx8e+cfLG2WnR6DfB6KL2yaFf/uTK04kIRJSjS
+            pWF03q85fN6qxG4ItyFKbApuJzlgEPqOna1c5XGh9/51Jv6daOiiLFgwFjCxsCjd
+            kGA+PIXVzHT09LFm2cq62L4liLzAp6JDCmucaRxqisGIthGbhQpIO0zjgRzh4Vo0
+            /SokNCR8kWnzQPxO2BBsEdRZzXaxOAPuWlA=
+          </ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://v2.api.sto4.safedc.net:5000/Shibboleth.sso/Logout"/>
+    <md:AssertionConsumerService Location="https://v2.api.sto4.safedc.net:5000/Shibboleth.sso/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+    <md:AttributeConsumingService index="1">
+      <md:ServiceName xml:lang="en">Safespring OpenStack</md:ServiceName>
+      <md:ServiceName xml:lang="sv">Safespring OpenStack</md:ServiceName>
+      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+      <md:RequestedAttribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+      <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+      <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+    </md:AttributeConsumingService>
+  </md:SPSSODescriptor>
   <md:Organization>
     <md:OrganizationName xml:lang="en">Safespring</md:OrganizationName>
     <md:OrganizationDisplayName xml:lang="sv">Blue Safespring AB</md:OrganizationDisplayName>
diff --git a/swamid-sp-2.0.mxml b/swamid-sp-2.0.mxml
index 08b0c7d4..8dd0e2f1 100644
--- a/swamid-sp-2.0.mxml
+++ b/swamid-sp-2.0.mxml
@@ -664,7 +664,7 @@
   <xi:include href="swamid-2.0/eduvpn.sunet.se-shibboleth.xml"/>
   <xi:include href="swamid-2.0/campuskort-test.irt.uu.se-.xml"/>
   <xi:include href="swamid-2.0/v2.dashboard.sto1.safedc.net-shibboleth.xml"/>
-  <xi:include href="swamid-2.0/login.sto3.safespring-shibboleth.xml"/>
   <xi:include href="swamid-2.0/v2.api.sto4.safedc.net-shibboleth.xml"/>
   <xi:include href="swamid-2.0/cuttlefish.pdc.kth.se.xml"/>
+  <xi:include href="swamid-2.0/login.sto3.safespring.com-shibboleth.xml"/>
 </md:EntitiesDescriptor>
author	Paul Scott <paul.scott@kau.se>	2020-12-02 15:54:01 +0000
committer	Paul Scott <paul.scott@kau.se>	2020-12-02 15:54:01 +0000
commit	b2f1cb18f1638d44dce6e182998fddf2f9b73509 (patch)
tree	be53301098b2c2ec8e399e4b90e6298b62d845b3
parent	987e36830faf760b78dcb50de85076968a721e79 (diff)