summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--swamid-2.0/idp.suni.se-adfs-services-trust.xml326
1 files changed, 317 insertions, 9 deletions
diff --git a/swamid-2.0/idp.suni.se-adfs-services-trust.xml b/swamid-2.0/idp.suni.se-adfs-services-trust.xml
index bbb025b1..e459e99e 100644
--- a/swamid-2.0/idp.suni.se-adfs-services-trust.xml
+++ b/swamid-2.0/idp.suni.se-adfs-services-trust.xml
@@ -1,12 +1,321 @@
<?xml version="1.0" encoding="UTF-8"?>
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://idp.suni.se/adfs/services/trust">
- <Extensions>
- <shibmd:Scope regexp="false">suni.se</shibmd:Scope>
- </Extensions>
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://idp.suni.se/adfs/services/trust">
+ <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp.suni.se">
+ <KeyDescriptor use="encryption">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <fed:ClaimTypesRequested>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
+ <auth:DisplayName>E-Mail Address</auth:DisplayName>
+ <auth:Description>The e-mail address of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
+ <auth:DisplayName>Given Name</auth:DisplayName>
+ <auth:Description>The given name of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
+ <auth:DisplayName>Name</auth:DisplayName>
+ <auth:Description>The unique name of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true">
+ <auth:DisplayName>UPN</auth:DisplayName>
+ <auth:Description>The user principal name (UPN) of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true">
+ <auth:DisplayName>Common Name</auth:DisplayName>
+ <auth:Description>The common name of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true">
+ <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
+ <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true">
+ <auth:DisplayName>Group</auth:DisplayName>
+ <auth:Description>A group that the user is a member of</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true">
+ <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
+ <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
+ <auth:DisplayName>Role</auth:DisplayName>
+ <auth:Description>A role that the user has</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
+ <auth:DisplayName>Surname</auth:DisplayName>
+ <auth:Description>The surname of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true">
+ <auth:DisplayName>PPID</auth:DisplayName>
+ <auth:Description>The private identifier of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
+ <auth:DisplayName>Name ID</auth:DisplayName>
+ <auth:Description>The SAML name identifier of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
+ <auth:DisplayName>Authentication time stamp</auth:DisplayName>
+ <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
+ <auth:DisplayName>Authentication method</auth:DisplayName>
+ <auth:Description>The method used to authenticate the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true">
+ <auth:DisplayName>Deny only group SID</auth:DisplayName>
+ <auth:Description>The deny-only group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true">
+ <auth:DisplayName>Deny only primary SID</auth:DisplayName>
+ <auth:Description>The deny-only primary SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true">
+ <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
+ <auth:Description>The deny-only primary group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true">
+ <auth:DisplayName>Group SID</auth:DisplayName>
+ <auth:Description>The group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true">
+ <auth:DisplayName>Primary group SID</auth:DisplayName>
+ <auth:Description>The primary group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true">
+ <auth:DisplayName>Primary SID</auth:DisplayName>
+ <auth:Description>The primary SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true">
+ <auth:DisplayName>Windows account name</auth:DisplayName>
+ <auth:Description>The domain account name of the user in the form of &lt;domain&gt;\&lt;user&gt;</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" Optional="true">
+ <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/cn" Optional="true">
+ <auth:DisplayName>cn</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonEntitlement" Optional="true">
+ <auth:DisplayName>eduPersonEntitlement</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" Optional="true">
+ <auth:DisplayName>Display Name</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/initials" Optional="true">
+ <auth:DisplayName>Initials</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/norEduPersonNIN" Optional="true">
+ <auth:DisplayName>norEduPersonNIN</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/socialSecurityNumber" Optional="true">
+ <auth:DisplayName>socialSecurityNumber</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/socialSecurityNumber" Optional="true">
+ <auth:DisplayName>socialSecurityNumberNotOld</auth:DisplayName>
+ </auth:ClaimType>
+ </fed:ClaimTypesRequested>
+ <fed:TargetScopes>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address>
+ </EndpointReference>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address>
+ </EndpointReference>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address>
+ </EndpointReference>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address>
+ </EndpointReference>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/ls/</Address>
+ </EndpointReference>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/services/trust</Address>
+ </EndpointReference>
+ </fed:TargetScopes>
+ <fed:ApplicationServiceEndpoint>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address>
+ </EndpointReference>
+ </fed:ApplicationServiceEndpoint>
+ <fed:PassiveRequestorEndpoint>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/ls/</Address>
+ </EndpointReference>
+ </fed:PassiveRequestorEndpoint>
+ </RoleDescriptor>
+ <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp.suni.se">
+ <KeyDescriptor use="signing">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <fed:TokenTypesOffered>
+ <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/>
+ <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/>
+ </fed:TokenTypesOffered>
+ <fed:ClaimTypesOffered>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
+ <auth:DisplayName>E-Mail Address</auth:DisplayName>
+ <auth:Description>The e-mail address of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
+ <auth:DisplayName>Given Name</auth:DisplayName>
+ <auth:Description>The given name of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
+ <auth:DisplayName>Name</auth:DisplayName>
+ <auth:Description>The unique name of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true">
+ <auth:DisplayName>UPN</auth:DisplayName>
+ <auth:Description>The user principal name (UPN) of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true">
+ <auth:DisplayName>Common Name</auth:DisplayName>
+ <auth:Description>The common name of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true">
+ <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
+ <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true">
+ <auth:DisplayName>Group</auth:DisplayName>
+ <auth:Description>A group that the user is a member of</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true">
+ <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
+ <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
+ <auth:DisplayName>Role</auth:DisplayName>
+ <auth:Description>A role that the user has</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
+ <auth:DisplayName>Surname</auth:DisplayName>
+ <auth:Description>The surname of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true">
+ <auth:DisplayName>PPID</auth:DisplayName>
+ <auth:Description>The private identifier of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
+ <auth:DisplayName>Name ID</auth:DisplayName>
+ <auth:Description>The SAML name identifier of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
+ <auth:DisplayName>Authentication time stamp</auth:DisplayName>
+ <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
+ <auth:DisplayName>Authentication method</auth:DisplayName>
+ <auth:Description>The method used to authenticate the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true">
+ <auth:DisplayName>Deny only group SID</auth:DisplayName>
+ <auth:Description>The deny-only group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true">
+ <auth:DisplayName>Deny only primary SID</auth:DisplayName>
+ <auth:Description>The deny-only primary SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true">
+ <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
+ <auth:Description>The deny-only primary group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true">
+ <auth:DisplayName>Group SID</auth:DisplayName>
+ <auth:Description>The group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true">
+ <auth:DisplayName>Primary group SID</auth:DisplayName>
+ <auth:Description>The primary group SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true">
+ <auth:DisplayName>Primary SID</auth:DisplayName>
+ <auth:Description>The primary SID of the user</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true">
+ <auth:DisplayName>Windows account name</auth:DisplayName>
+ <auth:Description>The domain account name of the user in the form of &lt;domain&gt;\&lt;user&gt;</auth:Description>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" Optional="true">
+ <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/cn" Optional="true">
+ <auth:DisplayName>cn</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonEntitlement" Optional="true">
+ <auth:DisplayName>eduPersonEntitlement</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" Optional="true">
+ <auth:DisplayName>Display Name</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/initials" Optional="true">
+ <auth:DisplayName>Initials</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/norEduPersonNIN" Optional="true">
+ <auth:DisplayName>norEduPersonNIN</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/socialSecurityNumber" Optional="true">
+ <auth:DisplayName>socialSecurityNumber</auth:DisplayName>
+ </auth:ClaimType>
+ <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/socialSecurityNumber" Optional="true">
+ <auth:DisplayName>socialSecurityNumberNotOld</auth:DisplayName>
+ </auth:ClaimType>
+ </fed:ClaimTypesOffered>
+ <fed:SecurityTokenServiceEndpoint>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/services/trust/2005/certificatemixed</Address>
+ <Metadata>
+ <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <wsx:MetadataReference>
+ <Address xmlns="http://www.w3.org/2005/08/addressing">https://idp.suni.se/adfs/services/trust/mex</Address>
+ </wsx:MetadataReference>
+ </wsx:MetadataSection>
+ </Metadata>
+ </Metadata>
+ </EndpointReference>
+ </fed:SecurityTokenServiceEndpoint>
+ <fed:PassiveRequestorEndpoint>
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+ <Address>https://idp.suni.se/adfs/ls/</Address>
+ </EndpointReference>
+ </fed:PassiveRequestorEndpoint>
+ </RoleDescriptor>
+ <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="encryption">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>MIIEYzCCA0ugAwIBAgIQZHPOuyVURJge5wdOa1kfEzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDMxMTAwMDAwMFoXDTE3MDQzMDIzNTk1OVowOTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQDEwtpZHAuc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB0RS/jwsLGyG8DB8mIqgzTcEwb5P/7y9beizxgvlJc3dbauQogUIwZtsUn2q7qbV5h66c68bl8fi+JhtJYWXXu/rA9d6i4cQSdKXJPTMAss2ZobcRmnVSDrj0ZTJ5+JBe+fuYI3cDaLy5rGz9PcgxqINcjM4wW01pKjnZzrVqbJ1dsSfWzU5AkMwVS+10UjQYLSeHg/2PAgfDRovqTqTfMpF16DXwx+OcqnJY2yN0JcpVggQNOE9a4y9L6qe0SYbbTlqbrlrz/X+0e4gQ8sjif4PdB4AXVb0dP9D3pjfLXim8leVarNN2knOPZmmFYWKEBNS5KHlkSnHFIyNFof3UCAwEAAaOCAWgwggFkMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQWBBT3yAYidugFyhjhPMuNGIu6pA6hfzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwFgYDVR0RBA8wDYILaWRwLnN1bmkuc2UwDQYJKoZIhvcNAQEFBQADggEBAAdzCLw9BLbfTeYy0fLEWT4nrH5oBJ7G1Si/vdf8dvQlUF8gbtizKI/c7871smaPHge5DdwUwY9vqRkRrzeiM/mGUSgUCkN56Y17eTzmbvRQ6EPjpiZ/dlTBycedq2TmnxLM1VbO9Xx3rK07YdSdDn+y+n4GNJlL4NCED/rVDdsEBoy+nmztLLolGztRZPv8xLbCdE2vompEA7sbDsBv4hNCjsuVSCt8FlX3rz3uqaaNcG3r5tQ8VHtrQ7xCCRScSfoYoI0sgwE5BtThwDAi1arLp/tHN5Ow500zq4m8LZEdmGBZ56M3kIHEn1n8UOUlCMWYtYw1rIhX9FYyT8Dn2bY=</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.suni.se/adfs/ls/"/>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.suni.se/adfs/ls/"/>
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.suni.se/adfs/ls/" index="0" isDefault="true"/>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://idp.suni.se/adfs/ls/" index="1"/>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.suni.se/adfs/ls/" index="2"/>
+ </SPSSODescriptor>
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <Extensions>
- <shibmd:Scope regexp="false">suni.se</shibmd:Scope>
- </Extensions>
<KeyDescriptor use="encryption">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
@@ -27,7 +336,6 @@
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.suni.se/adfs/ls/"/>
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.suni.se/adfs/ls/"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.suni.se/adfs/ls/"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/>
@@ -67,7 +375,7 @@
<ContactPerson contactType="support">
<GivenName>Tomas</GivenName>
<SurName>Legat</SurName>
- <EmailAddress>mailto:server@sh.se</EmailAddress>
+ <EmailAddress>server@sh.se</EmailAddress>
<TelephoneNumber>+46(0)86084000</TelephoneNumber>
</ContactPerson>
</EntityDescriptor>