SWAMID-525, Keyrollover part 1 for 4 SP:s at math.su.se

author: Björn Mattsson <bjorn@sunet.se> 2021-12-03 12:21:00 +0100
committer: Björn Mattsson <bjorn@sunet.se> 2021-12-03 12:21:00 +0100
commit: 807761e113fe2bfc315027145620f6f1e1578f9c (patch)
tree: 4a10fb205f1717fcfa1bb808fa3d7bc7bda1ee06 /swamid-2.0/etenta.math.su.se-shibboleth.xml
parent: f9c0306d39dc33ea7dc2b2371d8c7dc899aacc41 (diff)
1 files changed, 72 insertions, 36 deletions
diff --git a/swamid-2.0/etenta.math.su.se-shibboleth.xml b/swamid-2.0/etenta.math.su.se-shibboleth.xml
index da24d51a..a3a0781e 100644
--- a/swamid-2.0/etenta.math.su.se-shibboleth.xml
+++ b/swamid-2.0/etenta.math.su.se-shibboleth.xml
@@ -9,6 +9,22 @@
         <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue>
       </samla:Attribute>
     </mdattr:EntityAttributes>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
   </md:Extensions>
   <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
     <md:Extensions>
@@ -20,8 +36,11 @@
         <mdui:PrivacyStatementURL xml:lang="sv">https://www.su.se/matematiska-institutionen/om-institutionen/organisation/elektronisk-tentamen-f%C3%B6r-studenter-p%C3%A5-matematiska-institutionen-vid-stockholms-universitet-1.584847</mdui:PrivacyStatementURL>
         <mdui:PrivacyStatementURL xml:lang="en">https://www.su.se/department-of-mathematics/about-the-department/organisation/electronic-exams-for-students-at-the-department-of-mathematics-at-stockholm-university-1.584848</mdui:PrivacyStatementURL>
       </mdui:UIInfo>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://etenta.math.su.se/Shibboleth.sso/WAYF/idp.it.su.se"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://etenta.math.su.se/Shibboleth.sso/WAYF/antagning"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://etenta.math.su.se/Shibboleth.sso/WAYF/idp.hig.se"/>
     </md:Extensions>
-    <md:KeyDescriptor use="signing">
+    <md:KeyDescriptor>
       <ds:KeyInfo>
         <ds:KeyName>etenta.math.su.se</ds:KeyName>
         <ds:X509Data>
@@ -53,53 +72,70 @@ vC40Zznf98QP1QaaAJ1B90WydJegGcz28vmrn1SEIIlOtTic
 </ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
     </md:KeyDescriptor>
     <md:KeyDescriptor use="encryption">
       <ds:KeyInfo>
         <ds:KeyName>etenta.math.su.se</ds:KeyName>
         <ds:X509Data>
-          <ds:X509SubjectName>CN=etenta.math.su.se,O=Stockholms universitet,C=SE</ds:X509SubjectName>
-          <ds:X509Certificate>MIIEcDCCA1igAwIBAgIQPeuEmtzAXHUS0vug+BLA6TANBgkqhkiG9w0BAQUFADA2
-MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg
-U1NMIENBMB4XDTEwMDExNTAwMDAwMFoXDTEzMDExNDIzNTk1OVowSjELMAkGA1UE
-BhMCU0UxHzAdBgNVBAoTFlN0b2NraG9sbXMgdW5pdmVyc2l0ZXQxGjAYBgNVBAMT
-EWV0ZW50YS5tYXRoLnN1LnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAqTegRf6kffNbA8D4Lrij26Zu81qPigIokEhLdZrGsx5DEH5jsmoIrhoEZshV
-vBGwIJIA/IoxRZFEjcTWvaJcYG01oSr3/XBKeYjEVRSX3KxbcU5Dd2qN5YnvyxoW
-oldlTmU22TuOovup0UjkKpQ7VPzgcMU3gQ6Cx0oUHJ0KAgI6yCMooX/cR0CCjfZ6
-XTPTqtnoSYr+j2ZWGNcHUBd0AFXu6fNBxmpy/HTNY+UVeaWF5shrg2tginZkQQ2m
-1R/RFiNxC5JPv5IBrZ8YkkvLOz7rQAkVCnXAVl7bp75qpxQ3R9mAJV4KpcFHY04e
-7plxQY1ISBvoqNPJkOIhDr/sdwIDAQABo4IBZDCCAWAwHwYDVR0jBBgwFoAUDL2T
-aAzz3qujSWsrN1dH6pDjue0wHQYDVR0OBBYEFEEgsYJkGCGrGtB3mPmAQMXlCOru
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMDoGA1UdHwQz
-MDEwL6AtoCuGKWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0Eu
-Y3JsMG0GCCsGAQUFBwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3Mu
-dGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9v
-Y3NwLnRjcy50ZXJlbmEub3JnMBwGA1UdEQQVMBOCEWV0ZW50YS5tYXRoLnN1LnNl
-MA0GCSqGSIb3DQEBBQUAA4IBAQBSD+s+1zbkDWniGmAo0iqclGzJQU6UKqmZuIF/
-0dOT5vZ6XyyZfhRqVVAew9m+E7IUg9iZcpKF4XtL1awUR+3tAyFJs05WWX0dcIFk
-qgvOsb54NBLDwdmM1f0B5yedJVZ6VFf3pqig17V25phElY/ArJe4XyqOS0JnXrd5
-UayFwWyOsjbZ5W0YhKAi8CCOdjQkz01Es3PCo6c0AL3uKOUNvVVmF8Jrku6DPzT2
-m27FphoUCoQa8mZRcxd4h/fmEhQMg2ZTVbLz+jwjI865pueFODIgf/8IAfiTDM6y
-vC40Zznf98QP1QaaAJ1B90WydJegGcz28vmrn1SEIIlOtTic
+          <ds:X509SubjectName>CN=etenta.math.su.se</ds:X509SubjectName>
+          <ds:X509Certificate>MIIEBTCCAm2gAwIBAgIUFKLyDLSe7897FbHGnpSTlgM0d0gwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAxMRZXRlbnRhLm1hdGguc3Uuc2UwHhcNMjExMTMwMTIzMDM2
+WhcNMzExMTI4MTIzMDM2WjAcMRowGAYDVQQDExFldGVudGEubWF0aC5zdS5zZTCC
+AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAK+yZ4TeWny5hE+Duv/bi/lz
+0Qrx6FQ2kEDzzYBcGL0N+jvJTJm21r+16XuqUrzE+O2+CaAgNtLRZtb8sI8MfI4V
+NoO5h32eliGc1uvgLJs7P9/9Bn/pDIKV88yVr4z7Gk9StkB1Fj314YlGLSY2LHKi
+lia59TBD4A4t9Mdh1N4dIEkGls0Jz8sRjs7+H97Fp+YnpBHi2pvxxb3et01YXoSS
+DxcgBAB2xMd7ypaRs0YTzxRAcFKAPNxCSyD9yeXENdGV7/wornXVl7LjKPsg6C1S
+Ru8oH4BIKiFIhFEa441w0Oo4hAu3kboXzYcuB+u9WoI6jQ9viAfD58wXI73O/u4u
+TIx18BSJwNFP16Q8tqS25blO+9miAY9aQDCDpuJYNEkFuQlqDK+AIjV8K901l57j
+KF4zY6rtbCRYqu5iEFGYZ7OxM+M+DJHjX4EajkpF70fnGjVvoxKbOgHRqpnVJq/O
+vhSShcPWwuHVrgnbYjptrWYcl18GKHJ2pPi/FBik9wIDAQABoz8wPTAcBgNVHREE
+FTATghFldGVudGEubWF0aC5zdS5zZTAdBgNVHQ4EFgQUgGrzcKsYtH0eFgAj/FCD
+1FfPqWUwDQYJKoZIhvcNAQELBQADggGBAF/KSsKOMJ5MQUV50b/NHaTixuvaKYNm
+0mTNk++Ta7Nj5IsrH1CbvoKDUc3EgDU7EieFoWb6cH2CtUcqh2HQQ1TN5G6E7ztu
+E2vyChfVyjWQEyqjywOFBtIo8ZmWd6uC0wuKy9ACN8TNy6nAZe1wHIJV3cb4dzv+
+i5FbyVhVKN+q+nQniQJLiylJ9xUspsfmOnxcuqgMqNNc6Q4EOT1SDXt7CnValWKx
+p8FbLokLykq/W3ONHJ4uBOiDSHpsngbajSF8XWwkRKAgpzp/zVHAve0JZElhB/kR
+az+8Z32Uu0svyhnqlqeYGehnCVYizAy73ZxO5NjH5aKuLgMPl/LefFBj7VCl9h5z
+uzT3DVRtNRl+ae1XxDtObJFOtVzasOivJkHzbHbsP2yikNBPkX4D7Soys72n8yle
+/e01Gkb3S6A/QFp0DJ+oIuD9Bq42uS3aGKx7YQP+984vg2PMlTkjoVlijr5nRZzK
+QUYfhLzUYuNWskoLQLCXtieByzsjSJGSPQ==
 </ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
     </md:KeyDescriptor>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://etenta.math.su.se/Shibboleth.sso/SLO/SOAP"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://etenta.math.su.se/Shibboleth.sso/SLO/Redirect"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://etenta.math.su.se/Shibboleth.sso/SLO/POST"/>
+    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://etenta.math.su.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
     <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://etenta.math.su.se/Shibboleth.sso/SLO/Artifact"/>
-    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://etenta.math.su.se/Shibboleth.sso/NIM/SOAP"/>
-    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://etenta.math.su.se/Shibboleth.sso/NIM/Redirect"/>
-    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://etenta.math.su.se/Shibboleth.sso/NIM/POST"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://etenta.math.su.se/Shibboleth.sso/SLO/POST"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://etenta.math.su.se/Shibboleth.sso/SLO/Redirect"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://etenta.math.su.se/Shibboleth.sso/SLO/SOAP"/>
     <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://etenta.math.su.se/Shibboleth.sso/NIM/Artifact"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://etenta.math.su.se/Shibboleth.sso/SAML2/POST" index="1"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://etenta.math.su.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://etenta.math.su.se/Shibboleth.sso/SAML2/ECP" index="4"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://etenta.math.su.se/Shibboleth.sso/SAML/POST" index="5"/>
+    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://etenta.math.su.se/Shibboleth.sso/NIM/POST"/>
+    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://etenta.math.su.se/Shibboleth.sso/NIM/Redirect"/>
+    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://etenta.math.su.se/Shibboleth.sso/NIM/SOAP"/>
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://etenta.math.su.se/Shibboleth.sso/SAML/Artifact" index="6"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://etenta.math.su.se/Shibboleth.sso/SAML/POST" index="7"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://etenta.math.su.se/Shibboleth.sso/SAML2/Artifact" index="8"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://etenta.math.su.se/Shibboleth.sso/SAML2/ECP" index="9"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://etenta.math.su.se/Shibboleth.sso/SAML2/POST" index="10"/>
     <md:AttributeConsumingService index="0">
       <md:ServiceName xml:lang="en">etenta.math.su.se</md:ServiceName>
       <md:ServiceName xml:lang="sv">etenta.math.su.se</md:ServiceName>
author	Björn Mattsson <bjorn@sunet.se>	2021-12-03 12:21:00 +0100
committer	Björn Mattsson <bjorn@sunet.se>	2021-12-03 12:21:00 +0100
commit	807761e113fe2bfc315027145620f6f1e1578f9c (patch)
tree	4a10fb205f1717fcfa1bb808fa3d7bc7bda1ee06 /swamid-2.0/etenta.math.su.se-shibboleth.xml
parent	f9c0306d39dc33ea7dc2b2371d8c7dc899aacc41 (diff)