Resolved SWAMID-3377

1 files changed, 60 insertions, 29 deletions

diff --git a/swamid-2.0/prisma.research.se-shibboleth.xml b/swamid-2.0/prisma.research.se-shibboleth.xml
index 461615b9..3c01b1f5 100644
--- a/swamid-2.0/prisma.research.se-shibboleth.xml
+++ b/swamid-2.0/prisma.research.se-shibboleth.xml
@@ -1,8 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-This is example metadata only. Do *NOT* supply it as is without review,
-and do *NOT* provide it in real time to your partners.
- -->
 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://prisma.research.se/shibboleth">
   <md:Extensions>
     <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
@@ -26,13 +22,12 @@ and do *NOT* provide it in real time to your partners.
     <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
     <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
       <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category">
-        <samla:AttributeValue>http://www.swamid.se/category/eu-adequate-protection</samla:AttributeValue>
-        <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue>
         <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue>
+        <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
-  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:Extensions>
       <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://prisma.research.se/Shibboleth.sso/Login"/>
       <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://prisma.research.se/Shibboleth.sso/Login" index="1"/>
@@ -43,30 +38,68 @@ and do *NOT* provide it in real time to your partners.
         <mdui:Description xml:lang="en">Prisma is a joint portal used by several research funders</mdui:Description>
         <mdui:PrivacyStatementURL xml:lang="sv">https://prisma.research.se/Localization/SelectLanguage?languageName=SV&amp;returnUrl=%2FSupport%3Ftitle%3DPersonuppgifter%26description%3D%255BSupport%255D%255BPersonalDetailsDescription%255D%26X-Requested-With%3DXMLHttpRequest</mdui:PrivacyStatementURL>
         <mdui:PrivacyStatementURL xml:lang="en">https://prisma.research.se/Support?title=Privacy%20information&amp;description=%5BSupport%5D%5BPersonalDetailsDescription%5D</mdui:PrivacyStatementURL>
+        <mdui:InformationURL xml:lang="sv">https://prisma.research.se/</mdui:InformationURL>
+        <mdui:InformationURL xml:lang="en">https://prisma.research.se/</mdui:InformationURL>
       </mdui:UIInfo>
     </md:Extensions>
-    <md:KeyDescriptor>
+    <md:KeyDescriptor use="signing">
       <ds:KeyInfo>
-        <ds:KeyName>prisma.research.se</ds:KeyName>
+        <ds:KeyName>ppportalweb1.ex.vr.se</ds:KeyName>
         <ds:X509Data>
-          <ds:X509SubjectName>CN=prisma.research.se</ds:X509SubjectName>
-          <ds:X509Certificate>MIIC/TCCAeWgAwIBAgIJAPU2IVw8AYQPMA0GCSqGSIb3DQEBBQUAMB0xGzAZBgNV
-BAMTEnByaXNtYS5yZXNlYXJjaC5zZTAeFw0xNDA5MDMxNDIxMTlaFw0yNDA4MzEx
-NDIxMTlaMB0xGzAZBgNVBAMTEnByaXNtYS5yZXNlYXJjaC5zZTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALqrAUhqBgDhOW/hxr8dEk8nb8keS8ofEi1T
-Fsq8ZHCA7kmulScKBEehlNF/vt/sLNV5OW2VCpqU308nhzB84nJfXOgq5vDw86jP
-8GZYRAaLp/Urvs7FpFBdTm+iCZ0j6Z0CxBkoZEyJydIkqTjwXnBVb3OpvRgI81W6
-ga68vnzWxyFFsrfux/QQHTBaF+JD9a9Y6eQQks5eI1UwRbx5lh7PyEh+/+Ey5pnR
-psSBNfp7ooPtp0vO1No+7MG7XFZbkSxGBUvtzEBM/pTJaZwx1/PE46D1UgCDRetI
-ipBqzEvt7/MFTpXDdj6ddWJ6UMivvhRw09I6wYM/RZHMB79Bw8kCAwEAAaNAMD4w
-HQYDVR0RBBYwFIIScHJpc21hLnJlc2VhcmNoLnNlMB0GA1UdDgQWBBQ9F/GdaD71
-nq1AcWdMt0lqlzXKOzANBgkqhkiG9w0BAQUFAAOCAQEAbM5ixtyeRLBc74m5enMi
-P6rpQ9Ech6nEs5/59eQ82k06ysD1FxoTd9udfoMMeYmzJtlVoTwfhr3ISNHybLUz
-1du5VrX5fxYIIz2C0awtunMbRQGlBbu3PDjJYKe5BACVGGOR5qfsAY8JJGOzb2a7
-2jKsShfCzBOdxPr3lxBpGJmhe/N9i11g9qdDR3htDXa2aUw/qnwlrUFjMrcnDtDy
-q6rkibKrh2uDmQ+BKvnBfSjuXfDTm2yvdPfk/WAG9f+besVy76dwUWx0GAZXhPm5
-kmPkqx0M3z4YLufx99FWaMygNYUnnge7O348i/SW7UvVALhU4391vqGw+XcSAMh6
-Yw==
+          <ds:X509SubjectName>CN=ppportalweb1.ex.vr.se</ds:X509SubjectName>
+          <ds:X509Certificate>MIIEETCCAnmgAwIBAgIUOE3Ehm2kNwUSnWLnH8V+VPZja7EwDQYJKoZIhvcNAQEL
+BQAwIDEeMBwGA1UEAxMVcHBwb3J0YWx3ZWIxLmV4LnZyLnNlMB4XDTIwMDkyOTA5
+MDg0N1oXDTMwMDkyNzA5MDg0N1owIDEeMBwGA1UEAxMVcHBwb3J0YWx3ZWIxLmV4
+LnZyLnNlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA6yrA9nI3q+uP
+NfAkP0a5tbJ8YCqhk1ccNtmQ2yjdu5YBHHC4FnU9j/2/LE/MK6+q8zryPFYiPQ40
+1FfrI+7eqy+CNj0QS10v8RXGhyTg10deuo9Jg00xPWNvyF0a2i0lBoJS8YnfnTvN
+VQbIpfTe7GVZa39eVdUUmxliKZHkY0c+qK0sX+/rotO/SvpbobJ4siw5bps1ZLW0
+OlUvEPonrmB7ESWeieK3WZ9gQkFOpAue8o5OXFdI2UqpOG7NcoZSqd5+eCFkC1km
+M4OwJ1ixuRBu65XVcs0biBUh9RxL2h3Ms/rq6DH8JSNrnnjhaKdUiK1sjXMZT4DQ
+hi+EW9Zl56Bsf8ijB507vfinP3U3uAgahEICJqi2z+eWMvVLjJgpQpeRYZoCZTQC
+irrIQvUaobIosKfxeBzNoQFBddqRcjVHVfnS1ZCRH35jjBinKLA+4X8tk4EhzOl1
+hXW3oSsvli2DOwIo7f86vASCVXTtKX0MYEbRJr0/kbJrDSeoNYhNAgMBAAGjQzBB
+MCAGA1UdEQQZMBeCFXBwcG9ydGFsd2ViMS5leC52ci5zZTAdBgNVHQ4EFgQUS8G7
+zpYSSl3IAJJsg/U6GzctV8MwDQYJKoZIhvcNAQELBQADggGBALwQHv+C/3/0sOYo
+OtK7SYVOhfrfYwOGf41LKO0Y29eKbWLIiWtf9H9lKuE8xJZeO9w/T5kGeBh3yrBa
+RC4l9dr3hKVEgIx94uqt/K1UkPuRsnllpU66z0zizch2EGeMKNl8FRu1JWO1d8t9
+R86585Bq5jn7iL12JwvdvoMJCK5L/+1sRjjJWCx1d6zXtH/l2R/sgZ7pJ9dr5p8B
+Fsl9qjXX3lQj9Cc3LOEyODW95Il71pIq/NnIlYURFgHd2BVzO1x0ThcO1UkmDFw1
+vB0gkvxuH18K2GI+1+53wM7IoRP3n+Xl+0PQ1dv2z3coMl5pll4B3Z0bln+v9WtD
+tp8vcYEVEWoW5rpXvD58+o4TCWJXmaNI0qjM92EFFovn4TGVuX5G1T3hwCaivAbP
+uuPGjV5LjAOpEipTxxc+SU8nPu/m7+jLqiPMvoOIDPmPXYhRUF0LbRHlpkL9GLaF
+s704xRk8rYBK16ZGTHbYvkLsk326oS6iynlHC5BP05AJfZ3w9A==
+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:KeyDescriptor use="encryption">
+      <ds:KeyInfo>
+        <ds:KeyName>ppportalweb1.ex.vr.se</ds:KeyName>
+        <ds:X509Data>
+          <ds:X509SubjectName>CN=ppportalweb1.ex.vr.se</ds:X509SubjectName>
+          <ds:X509Certificate>MIIEETCCAnmgAwIBAgIUDP1Aj6mJR+Yb5Aw7bwxaobu3oSIwDQYJKoZIhvcNAQEL
+BQAwIDEeMBwGA1UEAxMVcHBwb3J0YWx3ZWIxLmV4LnZyLnNlMB4XDTIwMDkyOTA5
+MDg0NVoXDTMwMDkyNzA5MDg0NVowIDEeMBwGA1UEAxMVcHBwb3J0YWx3ZWIxLmV4
+LnZyLnNlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4qJIH1r4eRE0
+yVAlem4HcEd/PiLK6aEKaN5h23JJGZwOinHsW2pPUers5VCUw/Im1gTXqZx5hji7
+X8TlbZylxRLhTikXkAGQbZlrAnJs6pXEyckJUreJGl2rV3SbiN3P6jjoEGEcvUGk
+YesF/kC6LFNRoPuImm9/BrTzEm7RWSRNO8PlZFxutZcnpG6i59wHKmTfOWeSHH71
+fvX/TFdAmGvNEjnlZ4SZzVDcJuPofXH8BoQ2GcepZiTklGlvLv1O2wvzV21tjdIb
+UOgnsrRsbVXefIfb2ulSY9P48v0CL4CNnkTfEvQE1nUwyivKX4YnBGWvXZsRQJl2
+AWcsuAtAirMGF4czLSpimdgk49yprblB5bMc3EhC0WqFJn/IdPgBP9RNKLoQ0HfM
+mttE9E9TMXZghq0fIKROapjWe99dPAQvQuZgVA7zV4WNFqalxAXEEjUjpr+q8Ryh
+W6tyfjVIs8Fo+RJcwTlN+rhqvxr+d8v5rbhOQLEj7CElTDFij+s9AgMBAAGjQzBB
+MCAGA1UdEQQZMBeCFXBwcG9ydGFsd2ViMS5leC52ci5zZTAdBgNVHQ4EFgQUpKuv
+kk1g1uYLqhS7aR/le+OSlFkwDQYJKoZIhvcNAQELBQADggGBACJvVJA2VSu/lP+x
+7dcef/ZyYn3oCGG7UP/RRf4raufjOAEPfyKg5bJTZS/p4Jmp4PVVoW0fS2bWEtOX
+/0xJVJFagHe7lpy3feEoNVtxfSREsIJCYBD1P44eTqVMqAob7PW54osDWNDJdfJS
+M0XlEDi67LCDgQZFyZ8JKoNRsoxItki/bYollB5yMtYdiuVkho5av4O/KUVSiqOE
+CtobXgGBCHYl8+9O00I5xCRxCqAYmmN7gBxjjutl3nZ0ymoUJ5CcbeHBM39Mvb06
+XAjMl3dnrwf/J/W5rnxHSzC9R2j6rJvG3e6w0AsHbxwAZtTM1grk8nPl8Zwcq0Xp
+tabCo7HAO+Sr8d2/duNZoE6OOP/j79kof1yDPbAbp3YZXwTvJ6W1ZM/9ZDxChTtr
+3f6ZCwPvHoaeNTunVs5M50C1CDxkNLA7fwaxTyz65dXunTDzKCIStNFYFARvEuSq
+CnsfkDL7yjXcvO8B9lBCo4mjoMoLrC6iuMu/+sgQhlGXk/EfQQ==
 </ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
@@ -88,8 +121,6 @@ Yw==
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://prisma.research.se/Shibboleth.sso/SAML2/POST" index="1"/>
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://prisma.research.se/Shibboleth.sso/SAML2/Artifact" index="2"/>
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://prisma.research.se/Shibboleth.sso/SAML2/ECP" index="3"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://prisma.research.se/Shibboleth.sso/SAML/POST" index="4"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://prisma.research.se/Shibboleth.sso/SAML/Artifact" index="5"/>
     <md:AttributeConsumingService index="1">
       <md:ServiceName xml:lang="en">Prisma - prisma.research.se</md:ServiceName>
       <md:RequestedAttribute FriendlyName="eppn" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>