Resolves SWAMID-3300

author: Paul Scott <paul.scott@kau.se> 2020-10-09 10:12:04 +0000
committer: Paul Scott <paul.scott@kau.se> 2020-10-09 10:12:04 +0000
commit: 95b29a2a928b68977792fb732b25bf5b6e228caa (patch)
tree: 2e5c014adccf5b5e93fecd99661104ad4721cdfb /swamid-2.0
parent: a227efce8daae6e306b221740b6ee0054c6030f6 (diff)
2 files changed, 19 insertions, 8 deletions
diff --git a/swamid-2.0/gss-sso.dev.nextcloud.safedc.services-apps-user_saml-saml-metadata.xml b/swamid-2.0/gss-sso.dev.nextcloud.safedc.services-apps-user_saml-saml-metadata.xml
index 958d82b6..3baacd93 100644
--- a/swamid-2.0/gss-sso.dev.nextcloud.safedc.services-apps-user_saml-saml-metadata.xml
+++ b/swamid-2.0/gss-sso.dev.nextcloud.safedc.services-apps-user_saml-saml-metadata.xml
@@ -10,7 +10,7 @@
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
-  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:Extensions>
       <mdui:UIInfo>
         <mdui:DisplayName xml:lang="sv">Sunet Nextcloud (development)</mdui:DisplayName>
@@ -26,7 +26,14 @@
         </ds:X509Data>
       </ds:KeyInfo>
     </md:KeyDescriptor>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+    <md:KeyDescriptor use="encryption">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>MIIEfTCCAuWgAwIBAgIUdTvkL9zfhJqZb8dUr/+UY67iFhwwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAxMlZ3NzLXNzby5kZXYubmV4dGNsb3VkLnNhZmVkYy5zZXJ2aWNlczAeFw0yMDA5MjExNTQ4MjhaFw0yMzA5MjExNTQ4MjhaMDAxLjAsBgNVBAMTJWdzcy1zc28uZGV2Lm5leHRjbG91ZC5zYWZlZGMuc2VydmljZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDxiO6AamFKxAcqTAjs4mFxRgJv/fYZxd4I4nAoJm+MNtK35cOAzm6P2EKn2PvbcuPwUL0GjvGwywNWBpCV74Oho8NAJXPQukqAAYFec+OOKeHB2PUU8s2izXCmFkhSa4SfzHxihRXl/dVxzrobQyNCSOOzcvVzV4s3wZt4vKGmLUtOq9npKYcgu2iqIQszQpyVruiAC7+Fj0etv6sTIKVMgrkAOu7m6GkpsIFFECwt8U8Zyc8Tp0f+rE/6qbgiFxEP8Kw4G60zdJRQERKn0Hdd0gVU/Qi+vI/LDUEuTjofFx9n1rJHhdGeDxf8df38GWaIozqD5nUx/bL8IMH7UBqsLuk3Imj1l7K4FHxTHa0FtFG6zZyDohdgi3lO0UC8idrI7v2b9PCe6XGmdqiRykNENbSDDdDgghc28/E/lZ7emByHpYMHiURjB/qr/LAm5pMaftjQ3EkztkmAFJBYbqrXkCS+/wvTrLJAad/4EVXMu76UQiEwrF6vHDqx2+dMyMUCAwEAAaOBjjCBizBqBgNVHREEYzBhgiVnc3Mtc3NvLmRldi5uZXh0Y2xvdWQuc2FmZWRjLnNlcnZpY2VzhjhodHRwczovL2dzcy1zc28uZGV2Lm5leHRjbG91ZC5zYWZlZGMuc2VydmljZXMvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUqBW48Ijci9ccFjTNwaE08TnaTCkwDQYJKoZIhvcNAQELBQADggGBAAImKpVp17OVSjMsLZRHkXK1jkNRq1rL/5VgMevpVMUVL8kyk0Ivhv3EAFSMogWtgsD24SWPExoVFmcR6LD1/VCgtGvxhynN14hZd9HjQp9lfILUw3Dz8xK4ztwmlevKVROpPfz3P8+vtIlqtXDY94R0ZH71cgg5p8MAboEk5+LDEVpCA8ed3ycxSZxKOdQRFKmAZJp4XY0zRBLVeyuRrU33UpZRgjhLboXWqcjjf5kl7/RlQ3bBdXBizRywBmU6uK8kI0Y11ci2k96LqW+5zg8fnURR9AQo9Ot127rXZB7pvFy8y3xqvU0AM46KboViDljl6GxrCH/RV1Y/F6dSphW7xE9OPfHOR7yutOy28Y0aUj039HFigYkrc9gnBq2YuX4qHkC0mz6TLUrOsO2emktA4deWt0EcNJaQZWhisw9lDv5Rn3Qm0PVQEN6fl5oQMP+g2QJA/XxlfLoGWO08UPEHExQCpSOQ5YfrYAKrjPuiNdJP687zJBcwppz36wE6dw==</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://gss-sso.dev.nextcloud.safedc.services/apps/user_saml/saml/acs" index="1"/>
   </md:SPSSODescriptor>
   <md:Organization>
diff --git a/swamid-2.0/gss-su.nextcloud.dev.safedc.services-apps-user_saml-saml-metadata.xml b/swamid-2.0/gss-su.nextcloud.dev.safedc.services-apps-user_saml-saml-metadata.xml
index 362df4fa..f3a54236 100644
--- a/swamid-2.0/gss-su.nextcloud.dev.safedc.services-apps-user_saml-saml-metadata.xml
+++ b/swamid-2.0/gss-su.nextcloud.dev.safedc.services-apps-user_saml-saml-metadata.xml
@@ -4,16 +4,13 @@
     <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
       <mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy>
     </mdrpi:RegistrationInfo>
-    <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
-      <mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy>
-    </mdrpi:RegistrationInfo>
     <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
       <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category">
         <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
       </samla:Attribute>
     </mdattr:EntityAttributes>
   </md:Extensions>
-  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:Extensions>
       <mdui:UIInfo>
         <mdui:DisplayName xml:lang="sv">Sunet Nextcloud (SU)</mdui:DisplayName>
@@ -25,11 +22,18 @@
     <md:KeyDescriptor use="signing">
       <ds:KeyInfo>
         <ds:X509Data>
-          <ds:X509Certificate>MIIEeTCCAuGgAwIBAgIUYI6J6xwk9qX/6laRucsk+9QeMdowDQYJKoZIhvcNAQELBQAwLzEtMCsGA1UEAxMkZ3NzLXN1LmRldi5uZXh0Y2xvdWQuc2FmZWRjLnNlcnZpY2VzMB4XDTIwMDkyOTA4MDA0NVoXDTIzMDkyOTA4MDA0NVowLzEtMCsGA1UEAxMkZ3NzLXN1LmRldi5uZXh0Y2xvdWQuc2FmZWRjLnNlcnZpY2VzMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA855byXW5oHovfob3jlhd7PcZztpc0PHZAPAhfvIq3zzM4TPFJ2qD2Mo/q2PjLD5HxlYubLsx3VAqz8+XIOt8R18Zod/QMNzvGndn0R0rU8JpBvoRrrR+MQ/dF8DPjNL2EeB1u2WVnqWy3Efw/Kmmyvo/vO48T+uSrPfnTZ33wM6qG2SQdmemka162NxLYU5Usz9lgqGv7lEeH4EBur0N+uV1XlIcSXJp9piCyUum//1yptJBwNLVrMcYCIrERymR8UiQF3K/K/umqFtwnbuMtWLGjLT7XHn3czDEeZFxA0kaCsmEKM0QU4HPadLsm6nEztuR4/dAA92Q1kKFPaLFkhH62jZPhp/UxxVwlyCsChveLI4KAU6x8m9eu4AG6dSUoUKJ5cv0C+/FXB0FEhFYl/9S9RSbnVUiFdPivlXDwC2l9zj8BU0XA1xo3zHOhh5MHPXIsPpJhH0n0LKwJuuZ3Dc8TLH1G4HDEXQQhCf+4Ua46jqSGBELkD40GkcW+3bDAgMBAAGjgYwwgYkwaAYDVR0RBGEwX4IkZ3NzLXN1LmRldi5uZXh0Y2xvdWQuc2FmZWRjLnNlcnZpY2VzhjdodHRwczovL2dzcy1zdS5kZXYubmV4dGNsb3VkLnNhZmVkYy5zZXJ2aWNlcy9zaGliYm9sZXRoMB0GA1UdDgQWBBTGRcGsieHhuSTHU8UfLOnvDXCFXjANBgkqhkiG9w0BAQsFAAOCAYEA73oQz79MOKcO5VrKZdmewH11TrfwPG4xAfTIXE9Z89l5JBu3rlTBO3wSdxZvRVvL/6XiXS/YfJTHkeRqqCm7bZWXBhj/7VsLbHQFNbuSX1p2hYgKoR/P7tGmhA1vq+Sl/9I1TbXXEOFAxja6zXlp2OjkqF3UWU4GGk0Y5oRSAsqjoZ8BeSIrcF8ctZ2fqX2QsLTI93l0TD2QhVOheyFxb6cnFb2oBjvxnwvwzCh3vy+lf3tKlwIUZ+zGZshTRWoeR8KOleSLN4t3buMcM1SBEGLY2ADlMk8dpFGz4bxv8q+l+1uLdNTn32/0/XI0DNViAEbkGeUsy3QWdDVjFQZRyUALPC5dgmqIWs+EAaUZF2/Y7yLO6X9/GUTL6u6vmLalr8DnO7qEuhgrEUd+aFud4bRkU95mNYsa3FEvSEzCRWye1cY3aYEaFwRq4uApSHhAbn4fN0MH4FLl7mF3vfqZSKGKtoz0ujZADgr7WtJWKcTJzjaTDi1UKtvrRgdeD1l1</ds:X509Certificate>
+          <ds:X509Certificate>MIIEfTCCAuWgAwIBAgIUdTvkL9zfhJqZb8dUr/+UY67iFhwwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAxMlZ3NzLXNzby5kZXYubmV4dGNsb3VkLnNhZmVkYy5zZXJ2aWNlczAeFw0yMDA5MjExNTQ4MjhaFw0yMzA5MjExNTQ4MjhaMDAxLjAsBgNVBAMTJWdzcy1zc28uZGV2Lm5leHRjbG91ZC5zYWZlZGMuc2VydmljZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDxiO6AamFKxAcqTAjs4mFxRgJv/fYZxd4I4nAoJm+MNtK35cOAzm6P2EKn2PvbcuPwUL0GjvGwywNWBpCV74Oho8NAJXPQukqAAYFec+OOKeHB2PUU8s2izXCmFkhSa4SfzHxihRXl/dVxzrobQyNCSOOzcvVzV4s3wZt4vKGmLUtOq9npKYcgu2iqIQszQpyVruiAC7+Fj0etv6sTIKVMgrkAOu7m6GkpsIFFECwt8U8Zyc8Tp0f+rE/6qbgiFxEP8Kw4G60zdJRQERKn0Hdd0gVU/Qi+vI/LDUEuTjofFx9n1rJHhdGeDxf8df38GWaIozqD5nUx/bL8IMH7UBqsLuk3Imj1l7K4FHxTHa0FtFG6zZyDohdgi3lO0UC8idrI7v2b9PCe6XGmdqiRykNENbSDDdDgghc28/E/lZ7emByHpYMHiURjB/qr/LAm5pMaftjQ3EkztkmAFJBYbqrXkCS+/wvTrLJAad/4EVXMu76UQiEwrF6vHDqx2+dMyMUCAwEAAaOBjjCBizBqBgNVHREEYzBhgiVnc3Mtc3NvLmRldi5uZXh0Y2xvdWQuc2FmZWRjLnNlcnZpY2VzhjhodHRwczovL2dzcy1zc28uZGV2Lm5leHRjbG91ZC5zYWZlZGMuc2VydmljZXMvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUqBW48Ijci9ccFjTNwaE08TnaTCkwDQYJKoZIhvcNAQELBQADggGBAAImKpVp17OVSjMsLZRHkXK1jkNRq1rL/5VgMevpVMUVL8kyk0Ivhv3EAFSMogWtgsD24SWPExoVFmcR6LD1/VCgtGvxhynN14hZd9HjQp9lfILUw3Dz8xK4ztwmlevKVROpPfz3P8+vtIlqtXDY94R0ZH71cgg5p8MAboEk5+LDEVpCA8ed3ycxSZxKOdQRFKmAZJp4XY0zRBLVeyuRrU33UpZRgjhLboXWqcjjf5kl7/RlQ3bBdXBizRywBmU6uK8kI0Y11ci2k96LqW+5zg8fnURR9AQo9Ot127rXZB7pvFy8y3xqvU0AM46KboViDljl6GxrCH/RV1Y/F6dSphW7xE9OPfHOR7yutOy28Y0aUj039HFigYkrc9gnBq2YuX4qHkC0mz6TLUrOsO2emktA4deWt0EcNJaQZWhisw9lDv5Rn3Qm0PVQEN6fl5oQMP+g2QJA/XxlfLoGWO08UPEHExQCpSOQ5YfrYAKrjPuiNdJP687zJBcwppz36wE6dw==</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:KeyDescriptor use="encryption">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>MIIEfTCCAuWgAwIBAgIUdTvkL9zfhJqZb8dUr/+UY67iFhwwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAxMlZ3NzLXNzby5kZXYubmV4dGNsb3VkLnNhZmVkYy5zZXJ2aWNlczAeFw0yMDA5MjExNTQ4MjhaFw0yMzA5MjExNTQ4MjhaMDAxLjAsBgNVBAMTJWdzcy1zc28uZGV2Lm5leHRjbG91ZC5zYWZlZGMuc2VydmljZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDxiO6AamFKxAcqTAjs4mFxRgJv/fYZxd4I4nAoJm+MNtK35cOAzm6P2EKn2PvbcuPwUL0GjvGwywNWBpCV74Oho8NAJXPQukqAAYFec+OOKeHB2PUU8s2izXCmFkhSa4SfzHxihRXl/dVxzrobQyNCSOOzcvVzV4s3wZt4vKGmLUtOq9npKYcgu2iqIQszQpyVruiAC7+Fj0etv6sTIKVMgrkAOu7m6GkpsIFFECwt8U8Zyc8Tp0f+rE/6qbgiFxEP8Kw4G60zdJRQERKn0Hdd0gVU/Qi+vI/LDUEuTjofFx9n1rJHhdGeDxf8df38GWaIozqD5nUx/bL8IMH7UBqsLuk3Imj1l7K4FHxTHa0FtFG6zZyDohdgi3lO0UC8idrI7v2b9PCe6XGmdqiRykNENbSDDdDgghc28/E/lZ7emByHpYMHiURjB/qr/LAm5pMaftjQ3EkztkmAFJBYbqrXkCS+/wvTrLJAad/4EVXMu76UQiEwrF6vHDqx2+dMyMUCAwEAAaOBjjCBizBqBgNVHREEYzBhgiVnc3Mtc3NvLmRldi5uZXh0Y2xvdWQuc2FmZWRjLnNlcnZpY2VzhjhodHRwczovL2dzcy1zc28uZGV2Lm5leHRjbG91ZC5zYWZlZGMuc2VydmljZXMvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUqBW48Ijci9ccFjTNwaE08TnaTCkwDQYJKoZIhvcNAQELBQADggGBAAImKpVp17OVSjMsLZRHkXK1jkNRq1rL/5VgMevpVMUVL8kyk0Ivhv3EAFSMogWtgsD24SWPExoVFmcR6LD1/VCgtGvxhynN14hZd9HjQp9lfILUw3Dz8xK4ztwmlevKVROpPfz3P8+vtIlqtXDY94R0ZH71cgg5p8MAboEk5+LDEVpCA8ed3ycxSZxKOdQRFKmAZJp4XY0zRBLVeyuRrU33UpZRgjhLboXWqcjjf5kl7/RlQ3bBdXBizRywBmU6uK8kI0Y11ci2k96LqW+5zg8fnURR9AQo9Ot127rXZB7pvFy8y3xqvU0AM46KboViDljl6GxrCH/RV1Y/F6dSphW7xE9OPfHOR7yutOy28Y0aUj039HFigYkrc9gnBq2YuX4qHkC0mz6TLUrOsO2emktA4deWt0EcNJaQZWhisw9lDv5Rn3Qm0PVQEN6fl5oQMP+g2QJA/XxlfLoGWO08UPEHExQCpSOQ5YfrYAKrjPuiNdJP687zJBcwppz36wE6dw==</ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
     </md:KeyDescriptor>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://gss-su.nextcloud.dev.safedc.services/apps/user_saml/saml/acs" index="1"/>
   </md:SPSSODescriptor>
   <md:Organization>
author	Paul Scott <paul.scott@kau.se>	2020-10-09 10:12:04 +0000
committer	Paul Scott <paul.scott@kau.se>	2020-10-09 10:12:04 +0000
commit	95b29a2a928b68977792fb732b25bf5b6e228caa (patch)
tree	2e5c014adccf5b5e93fecd99661104ad4721cdfb /swamid-2.0
parent	a227efce8daae6e306b221740b6ee0054c6030f6 (diff)