diff options
73 files changed, 1787 insertions, 9326 deletions
@@ -206,7 +206,7 @@ testEntCat: @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement" @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://www.swamid.se/assurance-requirement"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://www.swamid.se/assurance-requirement"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute urn:oasis:names:tc:SAML:attribute:assurance-certification" - @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true + @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true testSimpleSign: @echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)" @@ -226,17 +226,17 @@ testRoleDescriptor: @for x in `find $(SRCDIRS) -name \*.xml`; do \ grep -EH 'RoleDescriptor.*xsi:type="fed:(ApplicationServiceType|SecurityTokenServiceType)"' $$x | \ sed -e 's/^/ /' -e 's/xmlns.*xsi:type="fed:/xsi:type="fed:/' -e 's/ protocol.*>/>/' -e 's/.*/[1;31m&[0m/' ; \ - done | grep . && echo "Please remove" + done | grep . && exit 1 || exit 0 testAttributeInIdP: @echo "Check for Attribute inside IDPSSODescriptor" @for x in `find $(SRCDIRS) -name \*.xml`; do \ - if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor" - 2>/dev/null | grep -q " <Attribute" ; then \ + if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor" - 2>/dev/null | grep -q " <Attribute Name" ; then \ echo " $$x" | sed 's/.*/[1;31m&[0m/' ;\ fi;\ - done | grep . && echo "Please remove this Attributes" + done | grep . && exit 1 || exit 0 -test: syntaxtest testMDUI testOrgData testEntCat testSimpleSign testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP +test: syntaxtest testMDUI testOrgData testEntCat testSimpleSign testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP deeptest: test testMDUIreach diff --git a/swamid-2.0/337-mediaspace.kaltura.nordu.net.xml b/swamid-2.0/337-mediaspace.kaltura.nordu.net.xml new file mode 100644 index 00000000..f57b131d --- /dev/null +++ b/swamid-2.0/337-mediaspace.kaltura.nordu.net.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://337-mediaspace.kaltura.nordu.net"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">Blekinge Institute of Technology’s Play service</mdui:DisplayName> + <mdui:DisplayName xml:lang="sv">Blekinge Tekniska Högskolas Play tjänst</mdui:DisplayName> + <mdui:Description xml:lang="en">Blekinge Institute of Technology’s streaming service.</mdui:Description> + <mdui:Description xml:lang="sv">Blekinge Tekniska Högskolas play tjänst</mdui:Description> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICMjCCAZugAwIBAgIUSNmSXuKOmQgtimtnumPU1gAM/PYwDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzM3LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNjI1MDkyMTE2WhcNMTkwNjI1MDkyMTE2WjA9MSkwJwYDVQQDDCAzMzctbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu0jIT398Vd2YsyF9LUzYZy5eJlpo3UIdNeGOWUcLDfC6ixe6Z1DLjYHYpsld3zjAhO1+V9UuRaXAwlBf+DbOZFudtNa7gq7+Xh3zUOVb+9wIU/sw1lgi6bJ2xX7k9axM9yAUmquCYTrsP0l+OLSLh0tvKhs9RwPMkCDu90Id3qUCAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzM3LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEAeJ1744GzQ+UeeZZljO2yhEqBZIUXvdAQZXVGYcGEH8VVv6uXFGntgKqA8kqG5/KdlRz8wVuaAwlcnj7QEuEoWMv1V1q5laFqJApu5vguZruEoiRNUEmpGTG9LDE1w/4or4K06GqJCJePJnB5mesLHwi8KgFPXmzGu2O2Vs2x1eY=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICMjCCAZugAwIBAgIUSNmSXuKOmQgtimtnumPU1gAM/PYwDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzM3LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNjI1MDkyMTE2WhcNMTkwNjI1MDkyMTE2WjA9MSkwJwYDVQQDDCAzMzctbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu0jIT398Vd2YsyF9LUzYZy5eJlpo3UIdNeGOWUcLDfC6ixe6Z1DLjYHYpsld3zjAhO1+V9UuRaXAwlBf+DbOZFudtNa7gq7+Xh3zUOVb+9wIU/sw1lgi6bJ2xX7k9axM9yAUmquCYTrsP0l+OLSLh0tvKhs9RwPMkCDu90Id3qUCAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzM3LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEAeJ1744GzQ+UeeZZljO2yhEqBZIUXvdAQZXVGYcGEH8VVv6uXFGntgKqA8kqG5/KdlRz8wVuaAwlcnj7QEuEoWMv1V1q5laFqJApu5vguZruEoiRNUEmpGTG9LDE1w/4or4K06GqJCJePJnB5mesLHwi8KgFPXmzGu2O2Vs2x1eY=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://337-mediaspace.kaltura.nordu.net/user/logout"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://337-mediaspace.kaltura.nordu.net/user/authenticate" index="0"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">BTH</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">BTH</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://337-mediaspace.kaltura.nordu.net</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>NORDUnet</md:GivenName> + <md:SurName>SAML Admin</md:SurName> + <md:EmailAddress>saml@media.nordu.net</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/acs-ra21.mnt.se-shibboleth.xml b/swamid-2.0/acs-ra21.mnt.se-shibboleth.xml index 60ca8f11..3255d577 100644 --- a/swamid-2.0/acs-ra21.mnt.se-shibboleth.xml +++ b/swamid-2.0/acs-ra21.mnt.se-shibboleth.xml @@ -1,8 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- -This is example metadata only. Do *NOT* supply it as is without review, -and do *NOT* provide it in real time to your partners. - --> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://acs-ra21.mnt.se/shibboleth"> <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> @@ -77,4 +73,14 @@ PviupR4zrQB2Z3UicpQVJewfp9c8GK7wgU3HdGmqrl7DiD14XFHVVQ== <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://acs-ra21.mnt.se/Shibboleth.sso/SAML/POST" index="5"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://acs-ra21.mnt.se/Shibboleth.sso/SAML/Artifact" index="6"/> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">The RA21 Project</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Resource Access for the 21st Century (RA21)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://ra21.org</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID</md:GivenName> + <md:SurName>Operations</md:SurName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> </md:EntityDescriptor> diff --git a/swamid-2.0/adfs.ju.se-adfs-services-trust.xml b/swamid-2.0/adfs.ju.se-adfs-services-trust.xml index d3f7f85a..b23e63b6 100644 --- a/swamid-2.0/adfs.ju.se-adfs-services-trust.xml +++ b/swamid-2.0/adfs.ju.se-adfs-services-trust.xml @@ -7,651 +7,6 @@ </samla:Attribute> </mdattr:EntityAttributes> </Extensions> - <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Jönköping University"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC1jCCAb6gAwIBAgIQTyYeY+viq6VAnXNlpdWo9zANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDExxBREZTIEVuY3J5cHRpb24gLSBhZGZzLmp1LnNlMB4XDTE3MDExOTEzMDc1NFoXDTI3MDExNzEzMDc1NFowJzElMCMGA1UEAxMcQURGUyBFbmNyeXB0aW9uIC0gYWRmcy5qdS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdGLVnbXSmzyWarNprPDDZ5WbD9Hq31kscc6OTLh6CsxQIs5xWODrMloC0o4T5hVGDRz8MONhd2kg8zJttlM82sn8gtZQ7oToQmINJFcLcqT3UJlwZMSWWdxTyJE82S38y/4td6AC8WFmzWM8fEfJoLLB9LMotEw/jZGQvLjb2IeF83TONyXwTnOqNR7mvtqKOagDY4Yw9pkFIjjqcS6ZmWn4LOQMCvVFnUSCAYMRYpCzjvyUN4cjq63WFhtRpuYEExQb6s8Hf4zZBD5B7Qm9CTaiUyWd9zl/IuFLmHIAvkyPpBOsOWQm/7WCNDuEf6OP+TGHrpWs7qz8zY2jadLLsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAb74Nbfv4Uu09TEFdEvILRQK3favoN6qWf8Nm3GcigsL4aWm8h/rr6lwG9uW6rwTivrFFCNz6xm10+Wrk4Tdki9h5LqtOflb3pb/vDhO2Gtxc6VSSFgflAnnKpEaGgseS4hQH8Wv7rdta25tjjjekxzeJc+OpPWHov/4aMJYDJyAuFEWXgxzRP9oN9AeW7bYj5h8ujJ8iBs36w2eMrV9DjKY1OSkotkxMjb2sJvxe09HOjZxQxrsiupnoG6nzHs8uaGBrCcsJLv8wZrPP6y7gIxKs7UI2qBMs9tTQMy1gaTAX3g17lg9zZVE0LMOSJPllH9A36w6zVOE8HpPtRLIzGg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" Optional="true"> - <auth:DisplayName>JU eduPersonTargetedID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.16.840.1.113730.3.1.241" Optional="true"> - <auth:DisplayName>JU displayName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" Optional="true"> - <auth:DisplayName>JU eduPersonAssurance</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" Optional="true"> - <auth:DisplayName>JU orcid</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oasis:names:tc:SAML:attribute:assurance-certification" Optional="true"> - <auth:DisplayName>JU Assurance-Certification</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>JU surName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>JU givenName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.2428.90.1.5" Optional="true"> - <auth:DisplayName>JU norEduPersonNIN</auth:DisplayName> - <auth:Description>SWAMID personnummer 12 tecken</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>JU personalIdentityNumber</auth:DisplayName> - <auth:Description>Swedish ”personnummer” or ”samordningsnummer” according to SKV 704 and SKV 707. 12 digits without hyphen.</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://adfs.ju.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Jönköping University"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC0DCCAbigAwIBAgIQGbaE3+X1YYdHklQ4dW3+LTANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDExlBREZTIFNpZ25pbmcgLSBhZGZzLmp1LnNlMB4XDTE3MDExOTEzMDc1NloXDTI3MDExNzEzMDc1NlowJDEiMCAGA1UEAxMZQURGUyBTaWduaW5nIC0gYWRmcy5qdS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnc6vqVRrc+t6WRVO+xjGbrfJEBF97ebTz/3miuHuzaWVsfzVsO+u+rd7sGXOOnZJ7mwFObfcvi63D07DPOjF++3/KygobjhT1yKeWK8HPj2iM75ceHKSciSY7caLwlW+O64gex410XQTmqBvcX1BpWNZkE2oFbdob3B27j+bDlrFo631FM8luO8faVAmvV0EudpzBkmuoSDkK94VN6AWzuUqWybCY3sEiydbh+JncFxyIH6grKs+Pc3DAplMo3HphB4RyY2WIeHyreCoKgb71PWu/BLM92t7h5S5DnhvUbZBv13gP6Uq6RJgj8jlNS3ZlNNZS8NLOV2TzR3cd5LJ8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEARi0HtjfOnJeaAdAGcVY0KPulzHkGszVyvEs5QMDv5u0NI9D0U/FnEeMaqdEwGKma6YetcbQrCEoNm0cR3Z9FPs6qzahahj0uxjggX5NkP89w9PLeZnEm+prcwsCb9NVNq0dN7TtiInjOh3nA+pDzQD9E6rD4Q1zV68p8+zFa+7vW3/pUc72wN+GQD2x8LF89VbuAegGoLx1VIbcStV6s78G0HpZEWhraepBh1W2OFRZ1avKPO68wvHyhHZD2Uz6O7WIrD5nMhyuH+OUEeMX55qtD+TIIslc51+uGEeCwd9Yrbuu126oxt4duKBVpBan+P+BASVFtEMON41soGgmN/A==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" Optional="true"> - <auth:DisplayName>JU eduPersonTargetedID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.16.840.1.113730.3.1.241" Optional="true"> - <auth:DisplayName>JU displayName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" Optional="true"> - <auth:DisplayName>JU eduPersonAssurance</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" Optional="true"> - <auth:DisplayName>JU orcid</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oasis:names:tc:SAML:attribute:assurance-certification" Optional="true"> - <auth:DisplayName>JU Assurance-Certification</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>JU surName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>JU givenName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.2428.90.1.5" Optional="true"> - <auth:DisplayName>JU norEduPersonNIN</auth:DisplayName> - <auth:Description>SWAMID personnummer 12 tecken</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>JU personalIdentityNumber</auth:DisplayName> - <auth:Description>Swedish ”personnummer” or ”samordningsnummer” according to SKV 704 and SKV 707. 12 digits without hyphen.</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://adfs.ju.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.ju.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> diff --git a/swamid-2.0/adfs.rkh.se-adfs-services-trust.xml b/swamid-2.0/adfs.rkh.se-adfs-services-trust.xml index 5862a6d7..08c91918 100644 --- a/swamid-2.0/adfs.rkh.se-adfs-services-trust.xml +++ b/swamid-2.0/adfs.rkh.se-adfs-services-trust.xml @@ -1,607 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://adfs.rkh.se/adfs/services/trust"> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="adfs.rkh.se"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC2DCCAcCgAwIBAgIQGautI+pz9adEzsYcS8EfjjANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIEVuY3J5cHRpb24gLSBhZGZzLnJraC5zZTAeFw0xODAzMjEwNzMwMzJaFw0xOTAzMjEwNzMwMzJaMCgxJjAkBgNVBAMTHUFERlMgRW5jcnlwdGlvbiAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNEZS8D8pFyX4ZFo/+Vbsik653WMtnH6KdnMFHrKnuOXqDoxs5S4kR9PbLD1NSqOrTYR0SLRsa0NitMTiicM5ateieUn5xcnb3bu91YJ/+EoR4TqYY/+AZR4Mi6pTqiCGTvzOxTyXxpCWJIBlTBq7OvhVTel3tx6qfcLdhOmIcafL7qLVBV8csrwbIjcWNgItiDP7XMoogut5R/z4qyjA+KJTsKX/BI3DNIWTc5HuNJb54DEXnzE8Bawl4D0tUDNm5ogXpkGirTLT6N+hQ9L87/swlbK+Dj5qTdvtXHOhltLofI9FjS0/0q4XX7gHe9jm1/FzpRp1197DzW9K/ZvgwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAifuxnEGWhesWEtO7Gfn7M53GKM68i1A883NvmrtJ88MCYRU9p+sLVFDUpaevxu9uy7blr+cSeIDP6rhJn2xddMbfGj+zo/+KO4ZOoDLzcVmkLOg0utMVKzDgo/0lFPDabQNPsb6uccQrwFYNVb/gK/u6dNVc0Sh8CUU//uBOcCiVUqXCKXV+5AhVN3JUt2x8z9b8reHQDu+WqfvNGgaMrxU3/I6WEK5DGz9/hpjoD1z9VbPmbHlsyKf8MLLAP10LeXt2NJphHOIhRqoTndzNjDYjrOwGtqXO7UsO2qlc5xRla4gtx8hFrsDAuVFqRFR3CB7rjKGmZYzCM8PIUGH4h</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://adfs.rkh.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="adfs.rkh.se"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC0jCCAbqgAwIBAgIQRNcBkwUH57FBO/0iKmJ2dzANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBhZGZzLnJraC5zZTAeFw0xODAzMjEwNzMwMzNaFw0xOTAzMjEwNzMwMzNaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PBujoU9dPCDLdMTlLCOkog78u1/3LQVYX2Y/daoIKFDCdhb4zMNjHUhy/4o+uM7fqXb8+ZQRjfC10DW8gBBUuTX1Du6hSitc6et+SePw7WTw3NxzLiFUmBrBwLN/WKjVLKTX6NXgaw15jD9uabI37DZDyu93e1RoLo0imiNLTRxyQs4QLpcDPR0GH2kqHusxbpZOMAsEfoJbKWFwFrSBUyznodb0f/ABxle5lXIvsfIg3uXCg61baBDoaHd6qEy+syfvlJYYqFk76JwgAqkMIWa7OWa9c2jzJJuYGmZI7u4erNtt/YYIli0x/Eoz4KJkl0Nt79JjvmyIGlI+yAObQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCJD/8kZuSUs3x7j9g4CCD33wSpjb6rRy9ghcM2i8LoaWZLtYOBzNPfRtLbN6UZRUHwWxxgT0go4QRbdoZt0z0phJ0zEqbTZO1ufGFX9f1Yd53WYYWGKmUvVSbNRm4eFOQK781aveoum/3VKz7cZZOcq/unQiBuBfXG6/SAnfHRjcXwXGLzr/RdRRbLpLkr5iPnJjtVPeGYGhK/emoIABRhtMkdIbZTHcutG0vjkG/SWxKWNt0krmLphVYItvjU/trIqcy9c0CfrnhpyNR3B4BTkF5EOH8PmMu1up0HTYZ2rCKTxeE4Rf+fNMvu8mGcuYQkmtok72zts03aa5Fnat/X</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://adfs.rkh.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.rkh.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC2DCCAcCgAwIBAgIQGautI+pz9adEzsYcS8EfjjANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIEVuY3J5cHRpb24gLSBhZGZzLnJraC5zZTAeFw0xODAzMjEwNzMwMzJaFw0xOTAzMjEwNzMwMzJaMCgxJjAkBgNVBAMTHUFERlMgRW5jcnlwdGlvbiAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNEZS8D8pFyX4ZFo/+Vbsik653WMtnH6KdnMFHrKnuOXqDoxs5S4kR9PbLD1NSqOrTYR0SLRsa0NitMTiicM5ateieUn5xcnb3bu91YJ/+EoR4TqYY/+AZR4Mi6pTqiCGTvzOxTyXxpCWJIBlTBq7OvhVTel3tx6qfcLdhOmIcafL7qLVBV8csrwbIjcWNgItiDP7XMoogut5R/z4qyjA+KJTsKX/BI3DNIWTc5HuNJb54DEXnzE8Bawl4D0tUDNm5ogXpkGirTLT6N+hQ9L87/swlbK+Dj5qTdvtXHOhltLofI9FjS0/0q4XX7gHe9jm1/FzpRp1197DzW9K/ZvgwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAifuxnEGWhesWEtO7Gfn7M53GKM68i1A883NvmrtJ88MCYRU9p+sLVFDUpaevxu9uy7blr+cSeIDP6rhJn2xddMbfGj+zo/+KO4ZOoDLzcVmkLOg0utMVKzDgo/0lFPDabQNPsb6uccQrwFYNVb/gK/u6dNVc0Sh8CUU//uBOcCiVUqXCKXV+5AhVN3JUt2x8z9b8reHQDu+WqfvNGgaMrxU3/I6WEK5DGz9/hpjoD1z9VbPmbHlsyKf8MLLAP10LeXt2NJphHOIhRqoTndzNjDYjrOwGtqXO7UsO2qlc5xRla4gtx8hFrsDAuVFqRFR3CB7rjKGmZYzCM8PIUGH4h</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC0jCCAbqgAwIBAgIQRNcBkwUH57FBO/0iKmJ2dzANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBhZGZzLnJraC5zZTAeFw0xODAzMjEwNzMwMzNaFw0xOTAzMjEwNzMwMzNaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PBujoU9dPCDLdMTlLCOkog78u1/3LQVYX2Y/daoIKFDCdhb4zMNjHUhy/4o+uM7fqXb8+ZQRjfC10DW8gBBUuTX1Du6hSitc6et+SePw7WTw3NxzLiFUmBrBwLN/WKjVLKTX6NXgaw15jD9uabI37DZDyu93e1RoLo0imiNLTRxyQs4QLpcDPR0GH2kqHusxbpZOMAsEfoJbKWFwFrSBUyznodb0f/ABxle5lXIvsfIg3uXCg61baBDoaHd6qEy+syfvlJYYqFk76JwgAqkMIWa7OWa9c2jzJJuYGmZI7u4erNtt/YYIli0x/Eoz4KJkl0Nt79JjvmyIGlI+yAObQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCJD/8kZuSUs3x7j9g4CCD33wSpjb6rRy9ghcM2i8LoaWZLtYOBzNPfRtLbN6UZRUHwWxxgT0go4QRbdoZt0z0phJ0zEqbTZO1ufGFX9f1Yd53WYYWGKmUvVSbNRm4eFOQK781aveoum/3VKz7cZZOcq/unQiBuBfXG6/SAnfHRjcXwXGLzr/RdRRbLpLkr5iPnJjtVPeGYGhK/emoIABRhtMkdIbZTHcutG0vjkG/SWxKWNt0krmLphVYItvjU/trIqcy9c0CfrnhpyNR3B4BTkF5EOH8PmMu1up0HTYZ2rCKTxeE4Rf+fNMvu8mGcuYQkmtok72zts03aa5Fnat/X</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.rkh.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.rkh.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.rkh.se/adfs/ls/" index="0" isDefault="true"/> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://adfs.rkh.se/adfs/ls/" index="1"/> - </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <shibmd:Scope regexp="false">rkh.se</shibmd:Scope> @@ -636,69 +34,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.rkh.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.rkh.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Röda Korsets Högskola</OrganizationName> diff --git a/swamid-2.0/adfs.tad.hv.se-adfs-services-trust.xml b/swamid-2.0/adfs.tad.hv.se-adfs-services-trust.xml index fbe8d40b..9024a6e7 100644 --- a/swamid-2.0/adfs.tad.hv.se-adfs-services-trust.xml +++ b/swamid-2.0/adfs.tad.hv.se-adfs-services-trust.xml @@ -1,592 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://adfs.tad.hv.se/adfs/services/trust"> - <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ServiceDisplayName="University West" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC3jCCAcagAwIBAgIQJUPVHNhj+JtCSmkUzj+l+TANBgkqhkiG9w0BAQsFADArMSkwJwYDVQQDEyBBREZTIEVuY3J5cHRpb24gLSBhZGZzLnRhZC5odi5zZTAeFw0xNTEyMDIxMzUwMDNaFw0yMDEyMDIxMzUwMDNaMCsxKTAnBgNVBAMTIEFERlMgRW5jcnlwdGlvbiAtIGFkZnMudGFkLmh2LnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseBegVuR4rWwDh+u/358+9uUCp3D4ByUTlu8pAXGkwjMmgid/VnWoWbezvTMD4j7v/lRFP+HbotD4WNNvHjtIJ1klI07GqINL+Sh+muuPVmARumB4yISRJyCrAg0Y9BUP4U10uTK4pUciqtOy3WWOGmcnNH3oeMz9mkyzbn+l30aKFgubeCZk5ni7VRCWTW7pHs+n4laMYBgBWIOUamgfn1jbpi8j4MUA3Vt/Z3IW5UPp8tXuCM3cw5peQydvw0NYynk+lAhNyWupPQ/ckGS33AZZor3eYMnqgrz/h5QpMstpkpb5LGGoXlbS5CezjVqlRdLw/fuiW8IL0uj15hU6QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAxz/0OiyG4GIHQjflw8fIXeZ6ciuKEC1gEwA4dyFnxNv/+F7hKD8l1aQwVVrYIjzUw1QjwlDsqXwEcxzFAE4xjcO7Luf0HpD3eR0edM4iDmR4yQPro0c7iguueaUWwpAL4Wxop+FsY8YLoz31qynXCQhZiEm45mwt73AzjW58rIyvLv52BgS5W1rw+3n4yjjxGXcNTcjXqTXNKKjGj/Q421hhTdqqlNQXNILZaeXi/qnI+8NE4Bfxo2NVMFUGN44CrcGqMXmgkpvmenwCCJ3uMiX1FLcfRiR49RcrtvnpcLh7z8u2ixbPDBzeXMv4qJddc4W6My6+nfSmtv3jYgijK</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/CommonName"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/EmailAddress"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/Group"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/UPN"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://adfs.tad.hv.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ServiceDisplayName="University West" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC2DCCAcCgAwIBAgIQdJ+qhazgjLJDd3jeh9VkpzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIFNpZ25pbmcgLSBhZGZzLnRhZC5odi5zZTAeFw0xNTEyMDIxMzQ5NDhaFw0yMDEyMDIxMzQ5NDhaMCgxJjAkBgNVBAMTHUFERlMgU2lnbmluZyAtIGFkZnMudGFkLmh2LnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR12vhcEsB93mg6pgwyQxGhZqpS8aEcCzOQwXOApH28y6RlT0qE/mowxX0fOpdBYblbxOurih4vtwx1NTe5CrXsUrpzkHP/hsOAmMGrpC0N5ybOEUegJ/Hk6wTmt7wA7nSfcsMvTUsXQZvKA+xFhCA7AjSMpF8Vv7BeU2O1IZDELU4U7P5iBls1YuMsgdFJ2Eu5LHILhfGaqSi9xkL7loYYwH3iU8MZ52CbOJLEl9uG99E3njSPq3CJ4tWZj1OkBLYf3gBBgvW3tOyYrAJWq5d1LyAh05+PNQQAKTPKHaaV9iAtUgys6M1v5XCUi1rv0nCBwl0iNQuFIiXsegaG4UQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBratRK3aI/quHmQ5fEMOaySihHaQId/26Jq4RQH0yOOhzjsQ9DSGCwwYZOefgi5G7SzQw1m6PJ7WecqT9gRPPT+IPt+KO+dnWQUNgedOZzM5Z0HXSdIUX0h5pxxTbHqExqkj9CZzKHFbiQvZBld7VcJsZW9PB7bM8lg+NAeoGBNdJACx33M59jVa+vPd2pVT5STufgIHkLkDGCqedBEQMFmyAhidVHlJO2cgieqmTjCDiO38ZYdXbwarsYrs6uxmdqUMdRwT4IVkpgyqyeQh/tN+w3QolWu4PX1s76GSYLUKasyK6YZXZDBGlFZDbb0padi0Vasmmg+VvMhuKmRtIP</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/CommonName"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/EmailAddress"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/Group"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/claims/UPN"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Optional="true" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://adfs.tad.hv.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.tad.hv.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> @@ -636,70 +49,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.tad.hv.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.tad.hv.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="E-Mail Address" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Given Name" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Name" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="UPN" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Common Name" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="AD FS 1.x E-Mail Address" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Group" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="AD FS 1.x UPN" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Role" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Surname" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PPID" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Name ID" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Authentication time stamp" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Authentication method" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Deny only group SID" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Deny only primary SID" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Deny only primary group SID" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Group SID" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Primary group SID" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Primary SID" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Windows account name" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Is Registered User" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Device Identifier" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Device Registration Identifier" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Device Registration DisplayName" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Device OS type" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Device OS Version" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Is Managed Device" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Forwarded Client IP" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Client Application" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Client User Agent" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Client IP" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Endpoint Path" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Proxy" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Application Identifier" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Application policies" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Authority Key Identifier" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Basic Constraint" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Enhanced Key Usage" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Issuer" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Issuer Name" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Key Usage" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Not After" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Not Before" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Certificate Policies" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Public Key" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Certificate Raw Data" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Subject Alternative Name" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Serial Number" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Signature Algorithm" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Subject" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Subject Key Identifier" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Subject Name" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="V2 Template Name" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="V1 Template Name" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Thumbprint" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="X.509 Version" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Inside Corporate Network" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Password Expiration Time" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Password Expiration Days" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Update Password URL" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Authentication Methods References" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Client Request ID" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="Alternate Login ID" Name="http://schemas.microsoft.com/ws/2013/11/alternateloginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> </IDPSSODescriptor> <ContactPerson contactType="technical"> <GivenName>Pär</GivenName> diff --git a/swamid-2.0/adfs.test.umu.se-adfs-services-trust.xml b/swamid-2.0/adfs.test.umu.se-adfs-services-trust.xml new file mode 100644 index 00000000..c30de0d2 --- /dev/null +++ b/swamid-2.0/adfs.test.umu.se-adfs-services-trust.xml @@ -0,0 +1,99 @@ +<?xml version="1.0" encoding="UTF-8"?> +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://adfs.test.umu.se/adfs/services/trust"> + <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Umeå universitet</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Umeå University</mdui:DisplayName> + <mdui:Description xml:lang="sv">Umeå universitet</mdui:Description> + <mdui:Description xml:lang="en">Umeå University</mdui:Description> + <mdui:InformationURL xml:lang="sv">http://www.umu.se</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">http://www.umu.se/english</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv"> + https://www.aurora.umu.se/regler-och-riktlinjer/juridik/personuppgifter/ + </mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en"> + https://www.aurora.umu.se/regler-och-riktlinjer/juridik/personuppgifter/ + </mdui:PrivacyStatementURL> + </mdui:UIInfo> + </Extensions> + <KeyDescriptor use="encryption"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIFPzCCBCegAwIBAgIQCHbY9n83XT9xy1+U7v4YHDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzA0MjEwMDAwMDBaFw0yMDA0MjkxMjAwMDBaMHUxCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVVbWXDpTEOMAwGA1UEBwwFVW1lw6UxGjAYBgNVBAoMEVVtZcOlIFVuaXZlcnNpdGV0MSowKAYDVQQDEyF0b2tlbi1kZWNyeXB0aW5nLmZzLnRlc3RhZC51bXUuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Q6T+plZVtok2jfpfM1DzAilo9zsO2sbUeIeqqFBv/S2FPhJ0PfQj18yNIG1WxSvlyv68BIKTmgYNox9/6Oh9N9s5kVl79XRr+XOwfuO2ZLjrzp7G8+qqxFDull/Gw9dwnzBS+k4EKv+sVx5IOBTvQjKLFwyQ4h9ZbV8K8Ij4XxXXIoi7xwB38SMVtYquhrEAVEfqR10/ncPB16gJKrAIYMwCD7d0tYnW5yYLDmn8vwFdpY4MWp47D5p4MAR5EatNFdmDbzG2rKhei3vp1c++27hPxJzgmgLiuFX/dmUyauNuP9KHc8LKYU2NXUjmxoaPQTYYweIPUXg2X/mFhFxXAgMBAAGjggHaMIIB1jAfBgNVHSMEGDAWgBRn/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUcIDKMDgUpSjQ9zeUVdNpcL+r7XswLAYDVR0RBCUwI4IhdG9rZW4tZGVjcnlwdGluZy5mcy50ZXN0YWQudW11LnNlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG4GCCsGAQUFBwEBBGIwYDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDgGCCsGAQUFBzAChixodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBgJj0XyQRDZ5oqghPfYsha/8aGBwwHuUSdIpItWZyvJq8h0Mgz8b3sGeuCLAMolOaKbKjzpu0nKQzXjNgZGQLaDY9iEmYiif9EixQ5zEId/XwV/SmA9HcQG5vAhMHbuhgjrG6kmxFrtFy3DL6X7T99zQdkZfmu0XMewN3t2x5IuNQUegNRQFSWqX9an7z8n1tHvefObR6+Q6s/uot7AqDeU0t1qV2P2oyKNlUlfh92j4Lj9R9iPNyd1xxSgBuLwpChNyhtsvOTKpPpuyOJrWRKMX9D0RyZu9HctiH0S/CAbKifmYOCHQDHxLLC77C4LJsYgcB0oSwi495OHQn6F2Sj</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="signing"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIFOTCCBCGgAwIBAgIQBKWHLemKBpQxbT76jelBTzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzA0MjEwMDAwMDBaFw0yMDA0MjkxMjAwMDBaMHIxCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVVbWXDpTEOMAwGA1UEBwwFVW1lw6UxGjAYBgNVBAoMEVVtZcOlIFVuaXZlcnNpdGV0MScwJQYDVQQDEx50b2tlbi1zaWduaW5nLmZzLnRlc3RhZC51bXUuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKBaSbszGeXv44Dw+2sHPdq/aGRFOAf8vJJ4wbRYwJ7jnyHrukoZvwE30FE3mmh0QIXyWXmhYO4M0WhMiOeKy3qXW5xQsSRArYBF6Zwd3OY9dvpB/h4GedVJf1bamNvHioKkciEk4n6//2DyCpZzRC77ZxZOmt3bRRFFoler53GaQUcAMar4C75eqA14u5S7XY1UhOyEffIwbjacFR77UNlRYa8m5YRry0fVG96y7u83nQ89mzp9ZigvB4bP6lj4Na6RaqnrowUvJR2/oF2J0xiRivkpSQ8g4dx8PABduXw07OlYzdxJ/hq7PPjg8CHcnnIeb7apRMKdqeZ2C1mG+lAgMBAAGjggHXMIIB0zAfBgNVHSMEGDAWgBRn/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUMr5/twZ9e2Kfe0f0X7R+V7LsjvAwKQYDVR0RBCIwIIIedG9rZW4tc2lnbmluZy5mcy50ZXN0YWQudW11LnNlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG4GCCsGAQUFBwEBBGIwYDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDgGCCsGAQUFBzAChixodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBoDrOZDFN8DFPm4luIx6H1oPoFWvArthtFlwrVipLMWkzrEygCWNPFVNYzZqJPM1nojNwSl8t+vLSsmfFJOHg+DfY3s4AAgnNeqUX2CPGdxxVLaxIm557uTvEcHaophOX2Uzf01A7DbiqB4vHJ1KxnveqsaCn9JOza7mVoTkQJnXVcZ4Qv19vb9gIOSRgM+xILyr5w/r+XlQhG5b65Oexd2x9KqdeN23r+evjEhjFKiyBHttXfWbOciPAWecTLRrSWdFrslK2LfWzebDwYBJK/Ix9S2DbhJPvMA60E5cdCmDChUDr/K/woKsRK1kTemTvIhSz/Syc2zje7EF1SKSXB</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.test.umu.se/adfs/ls/"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.test.umu.se/adfs/ls/"/> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.test.umu.se/adfs/ls/" index="0" isDefault="true"/> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://adfs.test.umu.se/adfs/ls/" index="1"/> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.test.umu.se/adfs/ls/" index="2"/> + </SPSSODescriptor> + <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <Extensions xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + <shibmd:Scope xmlns="" regexp="false">umu.se</shibmd:Scope> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Umeå universitet (TEST)</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Umeå University (TEST)</mdui:DisplayName> + <mdui:Description xml:lang="sv"> + Identitsutgivare för anställda och studenter vid Umeå universitet (TEST). + </mdui:Description> + <mdui:Description xml:lang="en"> + Identity Provider for employees and students at Umeå University (TEST). + </mdui:Description> + <mdui:InformationURL xml:lang="sv">http://www.umu.se</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">http://www.umu.se/english</mdui:InformationURL> + <mdui:Logo xml:lang="sv" height="63" width="358">https://www.umu.se/static/images/umu_logo.jpg</mdui:Logo> + <mdui:Logo xml:lang="en" height="63" width="350">https://www.umu.se/static/images/umu_logo_eng.jpg</mdui:Logo> + <mdui:Keywords xml:lang="sv"> + umu umeå+universitet umea+universitet umea+university umeå+university umeå umea + </mdui:Keywords> + <mdui:Keywords xml:lang="en"> + umu umeå+universitet umea+universitet umea+university umeå+university umeå umea + </mdui:Keywords> + </mdui:UIInfo> + <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DomainHint>umu.se</mdui:DomainHint> + <mdui:IPHint>130.239.0.0/16</mdui:IPHint> + <mdui:GeolocationHint>geo:63.820554,20.305799</mdui:GeolocationHint> + </mdui:DiscoHints> + </Extensions> + <KeyDescriptor use="encryption"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIFPzCCBCegAwIBAgIQCHbY9n83XT9xy1+U7v4YHDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzA0MjEwMDAwMDBaFw0yMDA0MjkxMjAwMDBaMHUxCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVVbWXDpTEOMAwGA1UEBwwFVW1lw6UxGjAYBgNVBAoMEVVtZcOlIFVuaXZlcnNpdGV0MSowKAYDVQQDEyF0b2tlbi1kZWNyeXB0aW5nLmZzLnRlc3RhZC51bXUuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Q6T+plZVtok2jfpfM1DzAilo9zsO2sbUeIeqqFBv/S2FPhJ0PfQj18yNIG1WxSvlyv68BIKTmgYNox9/6Oh9N9s5kVl79XRr+XOwfuO2ZLjrzp7G8+qqxFDull/Gw9dwnzBS+k4EKv+sVx5IOBTvQjKLFwyQ4h9ZbV8K8Ij4XxXXIoi7xwB38SMVtYquhrEAVEfqR10/ncPB16gJKrAIYMwCD7d0tYnW5yYLDmn8vwFdpY4MWp47D5p4MAR5EatNFdmDbzG2rKhei3vp1c++27hPxJzgmgLiuFX/dmUyauNuP9KHc8LKYU2NXUjmxoaPQTYYweIPUXg2X/mFhFxXAgMBAAGjggHaMIIB1jAfBgNVHSMEGDAWgBRn/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUcIDKMDgUpSjQ9zeUVdNpcL+r7XswLAYDVR0RBCUwI4IhdG9rZW4tZGVjcnlwdGluZy5mcy50ZXN0YWQudW11LnNlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG4GCCsGAQUFBwEBBGIwYDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDgGCCsGAQUFBzAChixodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBgJj0XyQRDZ5oqghPfYsha/8aGBwwHuUSdIpItWZyvJq8h0Mgz8b3sGeuCLAMolOaKbKjzpu0nKQzXjNgZGQLaDY9iEmYiif9EixQ5zEId/XwV/SmA9HcQG5vAhMHbuhgjrG6kmxFrtFy3DL6X7T99zQdkZfmu0XMewN3t2x5IuNQUegNRQFSWqX9an7z8n1tHvefObR6+Q6s/uot7AqDeU0t1qV2P2oyKNlUlfh92j4Lj9R9iPNyd1xxSgBuLwpChNyhtsvOTKpPpuyOJrWRKMX9D0RyZu9HctiH0S/CAbKifmYOCHQDHxLLC77C4LJsYgcB0oSwi495OHQn6F2Sj</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="signing"> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate>MIIFOTCCBCGgAwIBAgIQBKWHLemKBpQxbT76jelBTzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzA0MjEwMDAwMDBaFw0yMDA0MjkxMjAwMDBaMHIxCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVVbWXDpTEOMAwGA1UEBwwFVW1lw6UxGjAYBgNVBAoMEVVtZcOlIFVuaXZlcnNpdGV0MScwJQYDVQQDEx50b2tlbi1zaWduaW5nLmZzLnRlc3RhZC51bXUuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKBaSbszGeXv44Dw+2sHPdq/aGRFOAf8vJJ4wbRYwJ7jnyHrukoZvwE30FE3mmh0QIXyWXmhYO4M0WhMiOeKy3qXW5xQsSRArYBF6Zwd3OY9dvpB/h4GedVJf1bamNvHioKkciEk4n6//2DyCpZzRC77ZxZOmt3bRRFFoler53GaQUcAMar4C75eqA14u5S7XY1UhOyEffIwbjacFR77UNlRYa8m5YRry0fVG96y7u83nQ89mzp9ZigvB4bP6lj4Na6RaqnrowUvJR2/oF2J0xiRivkpSQ8g4dx8PABduXw07OlYzdxJ/hq7PPjg8CHcnnIeb7apRMKdqeZ2C1mG+lAgMBAAGjggHXMIIB0zAfBgNVHSMEGDAWgBRn/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUMr5/twZ9e2Kfe0f0X7R+V7LsjvAwKQYDVR0RBCIwIIIedG9rZW4tc2lnbmluZy5mcy50ZXN0YWQudW11LnNlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG4GCCsGAQUFBwEBBGIwYDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDgGCCsGAQUFBzAChixodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBoDrOZDFN8DFPm4luIx6H1oPoFWvArthtFlwrVipLMWkzrEygCWNPFVNYzZqJPM1nojNwSl8t+vLSsmfFJOHg+DfY3s4AAgnNeqUX2CPGdxxVLaxIm557uTvEcHaophOX2Uzf01A7DbiqB4vHJ1KxnveqsaCn9JOza7mVoTkQJnXVcZ4Qv19vb9gIOSRgM+xILyr5w/r+XlQhG5b65Oexd2x9KqdeN23r+evjEhjFKiyBHttXfWbOciPAWecTLRrSWdFrslK2LfWzebDwYBJK/Ix9S2DbhJPvMA60E5cdCmDChUDr/K/woKsRK1kTemTvIhSz/Syc2zje7EF1SKSXB</X509Certificate> + </X509Data> + </KeyInfo> + </KeyDescriptor> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://adfs.test.umu.se/adfs/services/trust/artifactresolution" index="0"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.test.umu.se/adfs/ls/"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.test.umu.se/adfs/ls/"/> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.test.umu.se/adfs/ls/"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.test.umu.se/adfs/ls/"/> + </IDPSSODescriptor> + <ContactPerson contactType="support"> + <EmailAddress/> + <TelephoneNumber/> + </ContactPerson> +</EntityDescriptor> diff --git a/swamid-2.0/adfs.umu.se-adfs-services-trust.xml b/swamid-2.0/adfs.umu.se-adfs-services-trust.xml index 767716b9..cadd2208 100644 --- a/swamid-2.0/adfs.umu.se-adfs-services-trust.xml +++ b/swamid-2.0/adfs.umu.se-adfs-services-trust.xml @@ -8,615 +8,6 @@ </saml:Attribute> </attr:EntityAttributes> </Extensions> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Umeå Universitet"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFNTCCBB2gAwIBAgIQCzf9ZHgJcF7mpwWknUXpMDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzA0MjEwMDAwMDBaFw0yMDA0MjkxMjAwMDBaMHAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVVbWXDpTEOMAwGA1UEBwwFVW1lw6UxGjAYBgNVBAoMEVVtZcOlIFVuaXZlcnNpdGV0MSUwIwYDVQQDExx0b2tlbi1kZWNyeXB0aW5nLmFkZnMudW11LnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHj2v6UyLyh+BEkvunK7hOd/UTXTZisraY8aZF6QJVofJ5lEalf79JIjt/g54gHTyrPKQ6j9UzgAkirHZg1KAAPphNOwS/dQPmmm6JBQeWck/Z2S+3eib20BmCw1KPGDNah4DIR9RSl+PQsmlLv8b6S07S63umPAsDW+itLtBn9qHhSkAAH8Ial6NXllZrYiXwSfMjeZ31u9zJlvJAxGOfhgx3g/lZNmK9XfbWHmvqa0IV3GlHRx9GWEZoBv2G8YfZgPGhfFDnby1RRRfCvpAwfXnJielULLGuHrekLXPLBMo08MZazdCe1OYK1Fc4whGCgVWijNua0t5gADFZv22wIDAQABo4IB1TCCAdEwHwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFEmS0NRPSeqHKeED/5IKQaCL+LFzMCcGA1UdEQQgMB6CHHRva2VuLWRlY3J5cHRpbmcuYWRmcy51bXUuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBACRze/2X3y8TbHKlz43oFYibuHF+GPcIOAWaDqfWLEBDjbmsGfNYGfpSgoLV3Nk2Jd49t2Ql35lnh74QBi6knYL3/Xt6YP+DG3tJ9Q1/fYo/TrYmE4dBIpdpWhrXa7eLmligAbSErW8mal4BA1A97Pivi/RGn6P5a9P23NH1qV7KaXbINtWf5LZqicz6VBNe0UA9axYBP0iafWH1HiBr3qIwUOBY0GyquuLq40Ick/6BgGi2dV53ZjPJL/IXaU9BOSLQF1n3kI2UeE4+6rEpSiN23T7eBRz4/Cue/SIENZKYh1ZPXsSRgb68gcCjlsR9Oju1GAgwVaButtEzfXFlhhc=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://umu.se/schemas/claims/telephonenumber" Optional="true"> - <auth:DisplayName>Telephone Number</auth:DisplayName> - <auth:Description>Telefonnummer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://umu.se/schemas/claims/DistinguishedName" Optional="true"> - <auth:DisplayName>DistinguishedName</auth:DisplayName> - <auth:Description>DistinguishedName ldap attributed. Definierad av Erik Jonsson primärt för att avgöra om en person är dold</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://umu.se/schemas/claims/thumbnailphoto" Optional="true"> - <auth:DisplayName>thumbnailPhoto</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://adfs.umu.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Umeå Universitet"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFLzCCBBegAwIBAgIQAfTYranwbnd8TM7tB8paNTANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzA0MjEwMDAwMDBaFw0yMDA0MjkxMjAwMDBaMG0xCzAJBgNVBAYTAlNFMQ4wDAYDVQQIDAVVbWXDpTEOMAwGA1UEBwwFVW1lw6UxGjAYBgNVBAoMEVVtZcOlIFVuaXZlcnNpdGV0MSIwIAYDVQQDExl0b2tlbi1zaWduaW5nLmFkZnMudW11LnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGw6PELjzKfWRNIdhOJ9YDC+JMCv2d64FjzALVTpUVmb3bjgC/Gyzmn/mjZx5tgZayIq+F/f7zs6Hhe4StbAshScwosH0O82iEoHYAKck9QL2bmjQeQ4sbv5TcUIAZv4/VRVQFGUCcOVEJGpGebUGk0WJac9p2swOEE3djURIMuAuDNsnX/gn00DBUbCOjLVU7S977EbZbx7BpNXQveheaxoFFVOo/TjPJJKsxaW7aUGrSq12SJh4EvnIdxel5nzsHUMVstyvsGfM9a2HTE5/BH66nQdP2xhEFg7QuJzPqAqHqs+C37JlxRLwFk4LWFk4OxvEWQmROJgezC27Qx+lwIDAQABo4IB0jCCAc4wHwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFI/AJm2doFUDKNT2wl6IKlW9lu32MCQGA1UdEQQdMBuCGXRva2VuLXNpZ25pbmcuYWRmcy51bXUuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAKVVQLj7DotlFWf0v4hajVuDwxKCT65CB41MJeIdsHDtmHheRXJ/mLV7XNaLRnNDsk+a+pXbwINHzBiZvjBR1YhvzuwX3IPbajv3YMxG8/KlHmNFtfMmj9l1fsXXKCpO2YFy0dOq39qnUbcJZbDDOLriSxH3Zf7lt3BL3W80ZHQdgkBpu4NA+N/Y5Md2BkG9epHByro7RgElamqdV4HtmTtci92tBK6D9ppm6xku9GAUKikZdXDurGB+ueB/Zm+J8tWRSEQeNe498HkFmLM1AzU6tQJQhcLJYcp0x+FwW8wh2sCRWC2e7r2TN/WtFfQAQEo2k9CLM3jk+UGy5thdAGg=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://umu.se/schemas/claims/telephonenumber" Optional="true"> - <auth:DisplayName>Telephone Number</auth:DisplayName> - <auth:Description>Telefonnummer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://umu.se/schemas/claims/DistinguishedName" Optional="true"> - <auth:DisplayName>DistinguishedName</auth:DisplayName> - <auth:Description>DistinguishedName ldap attributed. Definierad av Erik Jonsson primärt för att avgöra om en person är dold</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://umu.se/schemas/claims/thumbnailphoto" Optional="true"> - <auth:DisplayName>thumbnailPhoto</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://adfs.umu.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs.umu.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> <shibmd:Scope xmlns="" regexp="false">umu.se</shibmd:Scope> @@ -660,73 +51,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs.umu.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs.umu.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2013/11/alternateloginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Alternate Login ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://umu.se/schemas/claims/telephonenumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Telephone Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://umu.se/schemas/claims/DistinguishedName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="DistinguishedName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://umu.se/schemas/claims/thumbnailphoto" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="thumbnailPhoto"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Umeå universitet</OrganizationName> diff --git a/swamid-2.0/adfs01.fhs.se-adfs-services-trust.xml b/swamid-2.0/adfs01.fhs.se-adfs-services-trust.xml deleted file mode 100644 index cb1130e4..00000000 --- a/swamid-2.0/adfs01.fhs.se-adfs-services-trust.xml +++ /dev/null @@ -1,108 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://adfs01.fhs.se/adfs/services/trust"> - <Extensions> - <attr:EntityAttributes xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"> - <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> - <saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue> - </saml:Attribute> - </attr:EntityAttributes> - </Extensions> - <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <Extensions> - <shibmd:Scope regexp="false">fhs.se</shibmd:Scope> - <shibmd:Scope regexp="false">student.fhs.se</shibmd:Scope> - <shibmd:Scope regexp="false">op.fhs.se</shibmd:Scope> - <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> - <mdui:DisplayName xml:lang="sv">Försvarshögskolan (gammal)</mdui:DisplayName> - <mdui:DisplayName xml:lang="en">Swedish National Defence College (old)</mdui:DisplayName> - <mdui:Description xml:lang="sv">Identity Provider för Försvarshögskolan</mdui:Description> - <mdui:Description xml:lang="en">Identity Provider for Swedish National Defence College</mdui:Description> - <mdui:InformationURL xml:lang="sv">http://www.fhs.se</mdui:InformationURL> - <mdui:InformationURL xml:lang="en">http://www.fhs.se/en/</mdui:InformationURL> - <mdui:Logo xml:lang="sv" height="118" width="106">https://www.fhs.se/files/sidhuvud/logotyp-sv.jpg</mdui:Logo> - <mdui:Logo xml:lang="en" height="116" width="103">https://www.fhs.se/files/sidhuvud/logotyp-en.jpg</mdui:Logo> - <mdui:Keywords xml:lang="sv">fhs</mdui:Keywords> - <mdui:Keywords xml:lang="en">fhs</mdui:Keywords> - </mdui:UIInfo> - <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> - <mdui:DomainHint>fhs.se</mdui:DomainHint> - </mdui:DiscoHints> - </Extensions> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC3DCCAcSgAwIBAgIQO7k5W9bEBJdDpzGopgV4OzANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIEVuY3J5cHRpb24gLSBhZGZzMDEuZmhzLnNlMB4XDTE1MTIwNDAwMTgxN1oXDTE2MTIwMzAwMTgxN1owKjEoMCYGA1UEAxMfQURGUyBFbmNyeXB0aW9uIC0gYWRmczAxLmZocy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfykzr9WnvSwX4yhG6rLbTwvvAXcvMWyUcbV5usDITt2FpdPyD7eMOJVoefIimvQGQ3JKlnoKwsTBMNZGJIaKXNRX06rYjOr2Isip0f7BLxiHXAJcif80MLqeuXRGELa0Z5en3irAscOGOWtpxYebslAAhZZqjOUbU4BlvutwCPa/FIqPhLhWoWkfXy8/Bs1VYnSCWCAO5UTRFzRi3K8glKy/1NFiP90LapP+/V1U+Zr3/rGg+2usWFjADPEFjFj7bnFC2pmxuEQf0F0XFC6s8mbXOOcsHGqvKrsQdgeqfBJMHofhh0hkTA9Gsl8TP4yRT5NQ80EA8ry6Zko6TmcC8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANAq63e5sekNfz1PnSG1dLGa9xpMCz3Nk5IyPb5ED7hrPXHXZG2FXRJDXHm2ux0yIOhS0uLkoApAupXiE87pga/6aPod2fSGbBgihRIBNRuAr7g7HjL5w5N0gZPEzby3fYqFR0L4qRxALWbnYfFAjPbY+KfRs86TVgSBFoSY6N5+MYGtcoAL7wl0TRO3aua8uHsTZp8pZ4/CxSmLL1tC1abVuoqD7EcwWJq0tRdrI7UM1vjAWiLMvsp3XS+7LHvZXVXnYnp/rVpSnkA8C7ApthhV7s4ms2ecUYUO1t8AHBgYRQ/kme0Twd7SddHyAwN/PZVGwu3bPIPbUgg374YP69g==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC1jCCAb6gAwIBAgIQYSuOi8k52qFDiHIcmLzhUzANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDExxBREZTIFNpZ25pbmcgLSBhZGZzMDEuZmhzLnNlMB4XDTE0MTIyMzIxNDgxMVoXDTE1MTIyMzIxNDgxMVowJzElMCMGA1UEAxMcQURGUyBTaWduaW5nIC0gYWRmczAxLmZocy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKeZpLVFfRtz3BFIEKaCOcf0w3041Vna4JAhxKT9hkhMW5TSh2S7hcgBiRm6Q2olmBtc+KMN9ReJT1ZJzQUa27qaGRepO/M+isJk4QqL9zOX/BpYFEWTRYMLlqqukZBhtwdtluIMCJlAClccRSikCx+bGN+fcPwfrv3T2y+C+MMp8GIN/QWJf97GEP5XR9VooItR8+nkUm1FOkvKMr5xFwZfilXQTzDer3Z42yMYRpr8rw7QdMJP11A7v7NIZTYRQIU+Qi0uPsvRI5FI7IG3NWyepslS1vwjU/dpKeBUYLQwwRxvV09YX+ULSKpClm2oZ7LuE/vt7Bok6vnPa3TG+i0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAktHUw5HNOOH/ETVIeAgdi5FXq5e8maX8Qe5vFsWRWPTP9MygRwNajY07XpXQmw2CKbAzY6ZD2RoA7g9swBpCcNYuJmAnA3LtyFiRrog/+XzWeRt7tbqDjiYZiBdVD84JbfVMD3q0Pi4iLn+KPAmYajYAzftf1vKr/fvwFt2D2eR+sXefEmcwNPSFFma0umEgSajxiN4gdTA3ZMTNV1J5tv1cwb9TYx0mDHP+FCwsEE2bHsDk5CDBWpgFVvEiQwfra1amz+BIPWG5Nln9bedfE0BjdGH5OK424DBwBTygzBV8OM9jB7dOcaA+0K0/UduM+ka42XxP7WFrq3VKmGfCbg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC1jCCAb6gAwIBAgIQMXP1/ezaSIZIOp/pjOiCgDANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDExxBREZTIFNpZ25pbmcgLSBhZGZzMDEuZmhzLnNlMB4XDTE1MTIwNDAwMTgyMloXDTE2MTIwMzAwMTgyMlowJzElMCMGA1UEAxMcQURGUyBTaWduaW5nIC0gYWRmczAxLmZocy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALdO7kcKNsClDGcJNKysS7MxE6iNlMAYxIkoJju5qvxjazuHxKmOzScYv1x83pw0VhJRg3psmus52tynauQ0Rvsba8F7Ngk6W9e21MbPjpMdF68k2x0zWnNpg+fMDoEWTds5S6QNUzsKp3eaI2tkMny8Ng33ZD2XvjkG/T7BDkIeH1aZvA1COBqNPx0WS7usc9LYtdNghdn24H7ZlcPCokZJbeDnbuUNS7c/mjQLXKKExUFcoEKduEeUF3zeT2D531TSLNwiJ9iQJ9rRFWK7hrgr2oP+sdojvoeI8cwP/TSGWfvDoU1sRZ9qTlSN+b0W/MnSkdKBzRjTCMpRa/ABvWkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAo9sQIrRQ3uEENG/oyrmV65NUb3Ta9fd28VHq1Rk/M5UUeqzsO6Agyt3YBAdaeRgGw8l6NBG+XFyNjLsGY9gND64gQF+65zSrEwdbwqEFciR0ZNVw1E3Bqq7W4MjeH4EtG5eTplvR3A77vfKy/vFXn13draGgZOX7e2mJ/CNK4drUYNvMorf2+ZcP1FjvypV91bY8g168+0lZYHGYrmy4ajVBvFZ82LJuW2OCZ4KPLIY51qpNiMeikePzUNc6/CKJ0zLq4bRRSy2kCyj0Pq2dwV+N0WAVGFJ8uxDRZx7AFG5+JcajSyDYHVVjUIzzqS8UDVV7/XWAQmWcEU4eNid1Hg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://adfs01.fhs.se/adfs/services/trust/artifactresolution" index="0"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs01.fhs.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs01.fhs.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://adfs01.fhs.se/adfs/ls/"/> - <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs01.fhs.se/adfs/ls/"/> - <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs01.fhs.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonScopedAffiliation"/> - </IDPSSODescriptor> - <Organization> - <OrganizationName xml:lang="sv">Försvarshögskolan (gammal)</OrganizationName> - <OrganizationDisplayName xml:lang="sv">Försvarshögskolan (gammal)</OrganizationDisplayName> - <OrganizationDisplayName xml:lang="en">Swedish National Defence College (old)</OrganizationDisplayName> - <OrganizationURL xml:lang="sv">http://www.fhs.se/</OrganizationURL> - </Organization> - <ContactPerson contactType="administrative"> - <Company>Swedish Defence University</Company> - <SurName>FHS IT Helpdesk</SurName> - <EmailAddress>mailto:helpdesk@fhs.se</EmailAddress> - <TelephoneNumber>+46 8 55342545</TelephoneNumber> - </ContactPerson> - <ContactPerson contactType="technical"> - <Company>Swedish Defence University</Company> - <SurName>FHS IT Helpdesk</SurName> - <EmailAddress>mailto:helpdesk@fhs.se</EmailAddress> - <TelephoneNumber>+46 8 55342545</TelephoneNumber> - </ContactPerson> - <ContactPerson contactType="support"> - <Company>Swedish Defence University</Company> - <SurName>FHS IT Helpdesk</SurName> - <EmailAddress>mailto:helpdesk@fhs.se</EmailAddress> - <TelephoneNumber>+46 08 55342545</TelephoneNumber> - </ContactPerson> -</EntityDescriptor> diff --git a/swamid-2.0/adfs2.gu.se-adfs-services-trust.xml b/swamid-2.0/adfs2.gu.se-adfs-services-trust.xml index 5ee0236e..e58ea3a7 100644 --- a/swamid-2.0/adfs2.gu.se-adfs-services-trust.xml +++ b/swamid-2.0/adfs2.gu.se-adfs-services-trust.xml @@ -7,585 +7,6 @@ </saml:Attribute> </mdattr:EntityAttributes> </Extensions> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="University of Gothenburg"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC2DCCAcCgAwIBAgIQM06GzTwZGKBOy3O+UkukDTANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIEVuY3J5cHRpb24gLSBBREZTMi5ndS5zZTAeFw0xNzEyMDcwOTUyMDZaFw0yMjEyMDgwOTUyMDZaMCgxJjAkBgNVBAMTHUFERlMgRW5jcnlwdGlvbiAtIEFERlMyLmd1LnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JAY9DJKYcs81xFYsMK8OKDUvH65G96QBgLphPniK5USaRHm9WJiqDNlN4mqWTxZ0KWmL+msOeET4w8QFc9RMT8roGwTuJjxjfOSq7qqQawdyCk6BXbWx9t2gXJpyI6MLGu+hLlBBZG8EXx7deFiGWq0XAauSC9a4TYpPuAmFdHouP9MTAZPgRnrYtRgzpKx9VV1Hxx8g2uIhKB5tcJuN/TunafzffvAYL7u4zK1OgnHuc/JP2zG66QmMcAujA8TRn/CMwgVzCZn+Wqutb/VJ8ieMXKCTCE+V1bG6/SD2ahZiPKp/5yrDqCmOHPUrxzfGhjeTFQxeE+QLg2fUJqBTQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAn/Z/dissmo6rg5oesZFt+IoPQIC1n5sGXuXJOgxowErjuRFKtuuQZaSqs53KYmYkhgCdG0dt7oirB2yLae17V7z+3eU4gOJmQmMqE7QVxrxQa7tHAjCNHNIo4rMtoZ7p6/6lLqcbcsuqh35m/Zp5Kbd8dvkJbBw6yP+mIuU0HbeMdegigmiOXpXlEm/n9vKOcy8F0dwoN1OV9yKrkhAmbzaEG05zjzILieWtpnQTPJRgFxePRlA9mGxfwRMai4EGYIowq17r9Xmvy/sIC7oUmq4hA59tXt7DGT9LxAzz5qPWNQ2yy3UZ8LIu6+sq4JHTsziIHmBIeT+HT+mnjnbLC</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://adfs2.gu.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="University of Gothenburg"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC0jCCAbqgAwIBAgIQPMl2RnOtP6xBlIJBZ/C1yjANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBBREZTMi5ndS5zZTAeFw0xNzEyMDcwOTUyMDdaFw0yMjEyMDgwOTUyMDdaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIEFERlMyLmd1LnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaWV/pBJYm/6adoiGM3jFvLui4FQemawNYeXKm9CHKeWYKIQPVLyMCAptjXIvAbOBROPlK+6sJ2uhPamPEI99Xsd0PQ+CTutnEGbK38bK5+TgkHNGLeiBMXySCDRohDsFDEFX2Jiwajy7g/JxagH68GuSwKGQ2M7NCBpcfHWVC8nSiCdnzjBVdPwN0Fq3NY0BOqp0bFcr8GEhgJibWO3mfP9r2GUnGDovkpVPNfwaIpyAAl3s4Cy3DP+V7WHgpcaDWeIld9RnGm9x9XvAv6icP00WV8TanK0oZo1XHAxHSW1yc0mcI35FQRQ+GjIhJVYGDx4cNVD1gwA9kN1p+UP9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCgWPSNaE0wg6dEF8xpcNZdSPjLWGMtk7N8U7OwvE2Hxfz9p/Pk97c2G3ei56kiF9Lu91N/yjQXw0I3/bDqkNFe6BODFHb1drQBaQwQ/xWh5bizpCWJkSYS672yQgu4xQReT8TEE+OG1r3stt3d01UPIEJGSj3i8qWWPwWZSxkIhRP6lOgOSLevJnqVRaeWsUmocHNdJxfFTHPEA9Bx6wplufdJGtL9cxUOif2xcYDGG+9vVgDeeApseFQ9a22RLnJkMcC/XmBYBSZrmk8r37uOipUvM/AuCTOHekQseaIEu+TiHw1bVnehSEGAZPGTFWa41TbzacRnaQrZiKthVeeO</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://adfs2.gu.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://adfs2.gu.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> @@ -608,69 +29,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs2.gu.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs2.gu.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Göteborgs universitet</OrganizationName> diff --git a/swamid-2.0/app.sh.se.xml b/swamid-2.0/app.sh.se.xml new file mode 100644 index 00000000..7e245de1 --- /dev/null +++ b/swamid-2.0/app.sh.se.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://app.sh.se"> + <md:Extensions xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/sfs-1993-1153</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">Sodertorn University AL2 authentication service</mdui:DisplayName> + <mdui:DisplayName xml:lang="sv">Södertörns Högskolas AL2 autentiseringsservice</mdui:DisplayName> + <mdui:Description xml:lang="en">To ensure student SWAMID/SUNET AL2-compliance</mdui:Description> + <mdui:Description xml:lang="sv">Säkerställande av students identitet enligt SWAMID/SUNET AL2-standard</mdui:Description> + <mdui:Logo xml:lang="en" height="116" width="350">https://app.sh.se/spinfo/logo_en.png</mdui:Logo> + <mdui:Logo xml:lang="sv" height="116" width="350">https://app.sh.se/spinfo/logo_sv.png</mdui:Logo> + <mdui:InformationURL xml:lang="en">https://app.sh.se/spinfo/index_en.html</mdui:InformationURL> + <mdui:InformationURL xml:lang="sv">https://app.sh.se/spinfo/index_sv.html</mdui:InformationURL> + </mdui:UIInfo> + </Extensions> + <KeyDescriptor> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDajCCAlICCQDAdpOPJpYObTANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJT +RTESMBAGA1UECBMJU29kZXJ0b3JuMRUwEwYDVQQHEwxGbGVtaW5nc2JlcmcxHDAa +BgNVBAoTE1NvZGVydG9ybnMgSG9nc2tvbGExCzAJBgNVBAsTAml0MRIwEAYDVQQD +EwlhcHAuc2guc2UwHhcNMTgwNjAxMDcyOTUwWhcNMTkwNjAxMDcyOTUwWjB3MQsw +CQYDVQQGEwJTRTESMBAGA1UECBMJU29kZXJ0b3JuMRUwEwYDVQQHEwxGbGVtaW5n +c2JlcmcxHDAaBgNVBAoTE1NvZGVydG9ybnMgSG9nc2tvbGExCzAJBgNVBAsTAml0 +MRIwEAYDVQQDEwlhcHAuc2guc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDA5k31L//yMNaSBMtnM8jhYvjGYvcsAJKGwejRACoUlozke6WBGTfR3Rvk +mrKY9FrlKfA4yxBSuemKan68EjCEdq6kKhcx96BAmheRgbGL8o/RbImhk+7WGXGc +mq0DYcMGEb5n0tJ6jCgOQM+xjqAxyrLdaEHZytWLhAvV7Gi/5RjsXgUmFdWEl1Eb +oHnCExQm0STFWBPz9b3FsXQr3l0knMUSStx8swH+BcTYN+y0Kxjt+jEoYOl0ylTw +cOu+jmBIiQqf6R0QdzLRgaxm8Wtuqou2Sp4AFUk3HKtzlme/P5UF5DpZ8utj3B+M +2g1c9l5Uf2F+kV54qL3YfyMxR8BhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFJC +aOOHaSTSzfJZWeEOUU9WncMTTTBb7TIxX/P7e9HwettXz6dl8mi77mPNcUvTXyGR +E7eR/wAFIYv/KO2Azb5AAA8FInNhXrkDdZ2Pg2rit6qo4xL7X9Kj43rqR6y/ueY7 +frxKhGdkjgj/kKJEQjn5qmJ5oy9CbEC4PeDVkN3cw6eIjKhpOx7SosMkTDCiqwWO +c+39hicQnAwDP2Umuz1Nkl/puI8iX1Nba5Aw9Ku/n7ax2bx7j8YWU5TOLNMwL6Oo +9gw/BbLEX5wo0TUiO4JjHXxcMtLoXnPTOAdh5juTJ4hQdPTCNDHAZIJK1qnxJnVq +/II8hoYmxH6/aSTCcjo= +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + </KeyDescriptor> + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + <AssertionConsumerService index="1" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://app.sh.se/auth/callback"/> + </SPSSODescriptor> +</EntityDescriptor> diff --git a/swamid-2.0/aqtest.port.se-shibboleth.xml b/swamid-2.0/aqtest.port.se-shibboleth.xml index 0347155a..6481d884 100644 --- a/swamid-2.0/aqtest.port.se-shibboleth.xml +++ b/swamid-2.0/aqtest.port.se-shibboleth.xml @@ -1,8 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- -This is example metadata only. Do *NOT* supply it as is without review, -and do *NOT* provide it in real time to your partners. - --> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://aqtest.port.se/shibboleth"> <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> @@ -24,13 +20,14 @@ and do *NOT* provide it in real time to your partners. </md:Extensions> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> <md:Extensions> - <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://aqtest.port.se/Shibboleth.sso/Login"/> - <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://aqtest.port.se/Shibboleth.sso/Login" index="1"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://aqtest.port.se/Shibboleth.sso/Login-ltv"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://aqtest.port.se/Shibboleth.sso/Login-lu"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://aqtest.port.se/Shibboleth.sso/Login-ki"/> <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> <mdui:DisplayName xml:lang="sv">Klara</mdui:DisplayName> <mdui:DisplayName xml:lang="en">Klara</mdui:DisplayName> - <mdui:Description xml:lang="sv">Kemikaliehanteringssystem för Uppsala universitet.</mdui:Description> - <mdui:Description xml:lang="en">Chemical information system for Uppsala university.</mdui:Description> + <mdui:Description xml:lang="sv">Kemikaliehanteringssystem för tester</mdui:Description> + <mdui:Description xml:lang="en">Chemical information system for tests</mdui:Description> <mdui:InformationURL xml:lang="en">https://www.example.se/info/about.html</mdui:InformationURL> <mdui:PrivacyStatementURL xml:lang="sv">https://www.example.se/info/integritet.html</mdui:PrivacyStatementURL> <mdui:PrivacyStatementURL xml:lang="en">https://www.example.se/info/privacy.html</mdui:PrivacyStatementURL> @@ -77,6 +74,10 @@ bfjFoe6/viT7p/XJQPt6Zgga/NNt7mvOy+4i9FZ32dZu30DJx323OTFY03eTPmb2 <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://aqtest.port.se/Shibboleth.sso/SLO/Redirect"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://aqtest.port.se/Shibboleth.sso/SLO/POST"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://aqtest.port.se/Shibboleth.sso/SLO/Artifact"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://aqtest.port.se/Shibboleth.sso/NIM/SOAP"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://aqtest.port.se/Shibboleth.sso/NIM/Redirect"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://aqtest.port.se/Shibboleth.sso/NIM/POST"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://aqtest.port.se/Shibboleth.sso/NIM/Artifact"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://aqtest.port.se/Shibboleth.sso/SAML2/POST" index="1"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://aqtest.port.se/Shibboleth.sso/SAML2/Artifact" index="3"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://aqtest.port.se/Shibboleth.sso/SAML2/ECP" index="4"/> diff --git a/swamid-2.0/auth.asiaportal.info.xml b/swamid-2.0/auth.asiaportal.info.xml index 99b738c9..665fce8a 100644 --- a/swamid-2.0/auth.asiaportal.info.xml +++ b/swamid-2.0/auth.asiaportal.info.xml @@ -41,6 +41,11 @@ <md:RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> </md:AttributeConsumingService> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">Nordic Institute of Asian Studies</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">NIAS - Nordic Institute of Asian Studies</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.nias.ku.dk</md:OrganizationURL> + </md:Organization> <md:ContactPerson contactType="technical"> <md:GivenName>Administrator</md:GivenName> <md:EmailAddress>mailto:bib@nias.ku.dk</md:EmailAddress> diff --git a/swamid-2.0/dev-us.cloudmore.com-shibboleth.xml b/swamid-2.0/dev-us.cloudmore.com-shibboleth.xml index b0da9209..f42f4e6d 100644 --- a/swamid-2.0/dev-us.cloudmore.com-shibboleth.xml +++ b/swamid-2.0/dev-us.cloudmore.com-shibboleth.xml @@ -30,7 +30,7 @@ <mdui:Description xml:lang="en">Cloud Brokerage Platform for IT, Business and Public Sector</mdui:Description> <mdui:InformationURL xml:lang="en">http://web.cloudmore.com/</mdui:InformationURL> <mdui:Logo xml:lang="en" height="300" width="300">https://us.cloudmore.com/Files/Uploads/Shibboleth/Cloudmore-green-icon.png</mdui:Logo> - <mdui:PrivacyStatementURL xml:lang="en">https://web.cloudmore.com/hubfs/terms/Cloudmore%20Privacy%20Policy%20v2017-04.pdf</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">http://web.cloudmore.com/privacy/cloudmore-data-processing-terms</mdui:PrivacyStatementURL> </mdui:UIInfo> <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://dev-us.cloudmore.com/Shibboleth.sso/Login"/> </md:Extensions> diff --git a/swamid-2.0/dev.cloudmore.com-shibboleth.xml b/swamid-2.0/dev.cloudmore.com-shibboleth.xml index 103fad4a..5a64e410 100644 --- a/swamid-2.0/dev.cloudmore.com-shibboleth.xml +++ b/swamid-2.0/dev.cloudmore.com-shibboleth.xml @@ -32,7 +32,7 @@ <mdui:Description xml:lang="en">Cloud Brokerage Platform for IT, Business and Public Sector</mdui:Description> <mdui:InformationURL xml:lang="en">http://web.cloudmore.com/</mdui:InformationURL> <mdui:Logo xml:lang="en" height="300" width="300">https://cloudmore.com/Files/Uploads/Shibboleth/Cloudmore-green-icon.png</mdui:Logo> - <mdui:PrivacyStatementURL xml:lang="en">https://web.cloudmore.com/hubfs/terms/Cloudmore%20Privacy%20Policy%20v2017-04.pdf</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">http://web.cloudmore.com/privacy/cloudmore-data-processing-terms</mdui:PrivacyStatementURL> </mdui:UIInfo> </md:Extensions> <md:KeyDescriptor> diff --git a/swamid-2.0/flax.nettst.chalmers.se-adfs-services-trust.xml b/swamid-2.0/flax.nettst.chalmers.se-adfs-services-trust.xml index 4cb077b4..c6c643f9 100644 --- a/swamid-2.0/flax.nettst.chalmers.se-adfs-services-trust.xml +++ b/swamid-2.0/flax.nettst.chalmers.se-adfs-services-trust.xml @@ -1,272 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://flax.nettst.chalmers.se/adfs/services/trust"> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="flax.nettst.chalmers.se"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC8jCCAdqgAwIBAgIQEgxsWVI5MItMDSw3vtRQPzANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDExdmbGF4Lm5ldHRzdC5jaGFsbWVycy5zZTAeFw0xMzAxMTUwODMwMjdaFw0xNDAxMTUwMDAwMDBaMCIxIDAeBgNVBAMTF2ZsYXgubmV0dHN0LmNoYWxtZXJzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBoO28F8VHPDFxcpDb/936530RM//0xFM/bfxC5AIZn7btoteg0OX7Z4p0FPFlbu/Nb+BRZSElKfp5VIRnZUHORIwtkKWfJU/do1hs80aNXnXzlqCIvIHkB9yuyOEqRAJ3OaccSrr6zi2YoSBEhUeFEbGHo6ItCol+kKZvtofW7IPvmlEm8DZNt/Rs8jbORJuLZ3CMOJsJnLEzQ+tDfj8cf+6dHffMh8kPJWINwMEDa2fWl461ft9AD3MSyzELKmmCY4NFnlDWFZQ4FRz91YAAStHQGdbprCVJ3GS/FOVfLwXn7rbJ9KQZBOpTnQ6FwKrk73fJvrbFsP/uC0wj/LSQIDAQABoyQwIjALBgNVHQ8EBAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBAEhg3NsqmIK1VBJezXFi1hrLt9oz011OzDBblbnAjnUkskwkFcIN8n9RSAYlxBm9FJ61zWhWrVxVGMIlNIVO95JqsfY4AGcpmP2295aPIYgh0B9N+jZGotCEUKtAuYxZZxZtk63Zd1KG2FVRHIolKg9beewBMOZ7U/112GaATyrCdKoz1Isd2LycSi5HjI0s5Qil7CkIVmvYOOZeatNSdhvJl4Hn2CxP2vczjZQn+zWmVaAt5fqsj5QDv8AKCi6oLJXGdxhxn7mJEE9St4yz3uEove+graDBwnkh+O4lrEPceE0yWd7sXIbheQOjEIRLbmEs4/6jYN6VUoXyScMi9bI=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://flax.nettst.chalmers.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="flax.nettst.chalmers.se"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIIuzCCB6OgAwIBAgIQAXC8B/ZOfBG1va+rAIliqzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExJzAlBgNVBAMTHlRFUkVOQSBTU0wgSGlnaCBBc3N1cmFuY2UgQ0EgMzAeFw0xNzAxMTAwMDAwMDBaFw0xOTAxMTUxMjAwMDBaMIIBEDEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCU0UxFDASBgNVBAUTCzU1NjQ3OS01NTk4MRowGAYDVQQJExFDaGFsbWVyc3BsYXRzZW4gNDESMBAGA1UEERMJU0UtNDEyIDk2MQswCQYDVQQGEwJTRTEaMBgGA1UECAwRVsOkc3RyYSBHw7Z0YWxhbmQxEjAQBgNVBAcMCUfDtnRlYm9yZzEnMCUGA1UECgweQ2hhbG1lcnMgVGVrbmlza2EgSMO2Z3Nrb2xhIEFCMQwwCgYDVQQLEwNJVEExIDAeBgNVBAMTF2ZsYXgubmV0dHN0LmNoYWxtZXJzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFtnfoBrTYoVGtGp67ciG/CVWhPmkX9vSEGIsQXlFq5FOC//hwnuvoqktXR2E1gGyd06Jz18l8v9NZUCPWRM1ngZI6OXmo0z997gN1ER1VSQic3RXt64F03R3J8XgBrNTf89Egb66fKzCEg424hH/V6yt6x59jlWS7qzt9AxIkEKXNSztQvi2ZqQXdmjkKVqSeic0r2Af8mRE0nxjhgjyAg0ZYM80ahsCmL/miAHeeXcjiKiRuGi8sW955wYxvQ3uh4Inhqv+EA7nibdyZW6lJ/TN3hU4D074ZQjNXYdDr96I4rsukA+xs4R1i68eax5hZb3pR1hkMdMW5umncAx/wIDAQABo4IEqjCCBKYwHwYDVR0jBBgwFoAUwriF1+G5E73RSLz9Xtx9kEJ6iqkwHQYDVR0OBBYEFLILQVavoUrbaWbGCbrsxzMr83gCMCIGA1UdEQQbMBmCF2ZsYXgubmV0dHN0LmNoYWxtZXJzLnNlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgYUGA1UdHwR+MHwwPKA6oDiGNmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xIaWdoQXNzdXJhbmNlQ0EzLmNybDA8oDqgOIY2aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwewYIKwYBBQUHAQEEbzBtMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xIaWdoQXNzdXJhbmNlQ0EzLmNydDAMBgNVHRMBAf8EAjAAMIICrwYKKwYBBAHWeQIEAgSCAp8EggKbApkAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVmIF/toAAAEAwBGMEQCIBWo2rxvgLXMwnF9U94vhcuN8U+zy84KqJx6nym9xEviAiAU5m6BkF/e/SsR9+OOWwxCqWkbg/F1NOSZ1FAtB2qwqAEvAKw7mu1/qWdHVxWebX1XVnL52YEAlB6b3v/soTE7dXgtAAABWYgX+4oAAAQBAQBaoaM4uzSwfI7vYX2xP2VBBAn0imied+GpgLgWYZJ+I5TmsAed0KvgpIKZxo0zE2O0Ps8hMp3m+VIJuydZgHfpT5jnVV+ig8GUXCYyjDcwWU/EhQzU69X/Ax9LeUhfobXmbzV7fNyfNpzdBxGesZgWNhi7fwTtVS3Mkmd+/TPzXQ4OKsd2MaudUACc5/o6nA9WPmr8wt5eJMYA5O2a3mJTaQR4gE3nEl+mluT8/yODJHkC+Ln+qoGR64IhvyX62qTw+97PackcZ1EwB8SpdlteLhzqtuUZfEjwb/U9uKLM8uhy3bbgGi7e4ZnweW8HH3VealY/QT+nWjzmcf4e9W8xAHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFZiBf8rAAABAMASDBGAiEArucDHojFeftqx0sWwDP7FwVWM3nBPJey0fT3TQuq3M0CIQDUJzOPNVaAgXO9X+NJxeoemATU6anBuuSgIis1Rc3zjgB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABWYgX/CcAAAQDAEcwRQIhAIN9ofFPDi8KvD7mdTJHpA1bP5FKhjmTQg3VrTi4z/7aAiAIj34uMyED3blarakNI/hqozglffzfFFsKHWg8gaGt0TANBgkqhkiG9w0BAQsFAAOCAQEAZ6pn5hkqAxN2kpll3BWfwWKYbQCdUFHGn/05AAe10st+k+iI3ueZi/zqkjfJjGADcJHOV5jXzm2K8eIhEKOgODNBR/TfaMnH6JK4s+zFNmLKMQRcRICRWMr/SjWmVa2vGnpIr0DsHVUU2cq8GmqpbuLHqY7Z3CuypZ+Uk7OP361KDDIMcpTgu5eNi54nc6/jSgxa3/x9Aw+OSIcF73KMPmWJ8usaK8TtnIjIkyHlQIgfAHzt/8jOBN1N5mznegYFVVtziC0i25jyBVMbbDmYFfif6mqn+GDV0txinD3ssaXUiDJsJTbNTbnlVTRYs5CQJmoY3J/411K87TbeshxlBg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://flax.nettst.chalmers.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://flax.nettst.chalmers.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIIuzCCB6OgAwIBAgIQAXC8B/ZOfBG1va+rAIliqzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExJzAlBgNVBAMTHlRFUkVOQSBTU0wgSGlnaCBBc3N1cmFuY2UgQ0EgMzAeFw0xNzAxMTAwMDAwMDBaFw0xOTAxMTUxMjAwMDBaMIIBEDEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCU0UxFDASBgNVBAUTCzU1NjQ3OS01NTk4MRowGAYDVQQJExFDaGFsbWVyc3BsYXRzZW4gNDESMBAGA1UEERMJU0UtNDEyIDk2MQswCQYDVQQGEwJTRTEaMBgGA1UECAwRVsOkc3RyYSBHw7Z0YWxhbmQxEjAQBgNVBAcMCUfDtnRlYm9yZzEnMCUGA1UECgweQ2hhbG1lcnMgVGVrbmlza2EgSMO2Z3Nrb2xhIEFCMQwwCgYDVQQLEwNJVEExIDAeBgNVBAMTF2ZsYXgubmV0dHN0LmNoYWxtZXJzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFtnfoBrTYoVGtGp67ciG/CVWhPmkX9vSEGIsQXlFq5FOC//hwnuvoqktXR2E1gGyd06Jz18l8v9NZUCPWRM1ngZI6OXmo0z997gN1ER1VSQic3RXt64F03R3J8XgBrNTf89Egb66fKzCEg424hH/V6yt6x59jlWS7qzt9AxIkEKXNSztQvi2ZqQXdmjkKVqSeic0r2Af8mRE0nxjhgjyAg0ZYM80ahsCmL/miAHeeXcjiKiRuGi8sW955wYxvQ3uh4Inhqv+EA7nibdyZW6lJ/TN3hU4D074ZQjNXYdDr96I4rsukA+xs4R1i68eax5hZb3pR1hkMdMW5umncAx/wIDAQABo4IEqjCCBKYwHwYDVR0jBBgwFoAUwriF1+G5E73RSLz9Xtx9kEJ6iqkwHQYDVR0OBBYEFLILQVavoUrbaWbGCbrsxzMr83gCMCIGA1UdEQQbMBmCF2ZsYXgubmV0dHN0LmNoYWxtZXJzLnNlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgYUGA1UdHwR+MHwwPKA6oDiGNmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xIaWdoQXNzdXJhbmNlQ0EzLmNybDA8oDqgOIY2aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwewYIKwYBBQUHAQEEbzBtMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xIaWdoQXNzdXJhbmNlQ0EzLmNydDAMBgNVHRMBAf8EAjAAMIICrwYKKwYBBAHWeQIEAgSCAp8EggKbApkAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVmIF/toAAAEAwBGMEQCIBWo2rxvgLXMwnF9U94vhcuN8U+zy84KqJx6nym9xEviAiAU5m6BkF/e/SsR9+OOWwxCqWkbg/F1NOSZ1FAtB2qwqAEvAKw7mu1/qWdHVxWebX1XVnL52YEAlB6b3v/soTE7dXgtAAABWYgX+4oAAAQBAQBaoaM4uzSwfI7vYX2xP2VBBAn0imied+GpgLgWYZJ+I5TmsAed0KvgpIKZxo0zE2O0Ps8hMp3m+VIJuydZgHfpT5jnVV+ig8GUXCYyjDcwWU/EhQzU69X/Ax9LeUhfobXmbzV7fNyfNpzdBxGesZgWNhi7fwTtVS3Mkmd+/TPzXQ4OKsd2MaudUACc5/o6nA9WPmr8wt5eJMYA5O2a3mJTaQR4gE3nEl+mluT8/yODJHkC+Ln+qoGR64IhvyX62qTw+97PackcZ1EwB8SpdlteLhzqtuUZfEjwb/U9uKLM8uhy3bbgGi7e4ZnweW8HH3VealY/QT+nWjzmcf4e9W8xAHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFZiBf8rAAABAMASDBGAiEArucDHojFeftqx0sWwDP7FwVWM3nBPJey0fT3TQuq3M0CIQDUJzOPNVaAgXO9X+NJxeoemATU6anBuuSgIis1Rc3zjgB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABWYgX/CcAAAQDAEcwRQIhAIN9ofFPDi8KvD7mdTJHpA1bP5FKhjmTQg3VrTi4z/7aAiAIj34uMyED3blarakNI/hqozglffzfFFsKHWg8gaGt0TANBgkqhkiG9w0BAQsFAAOCAQEAZ6pn5hkqAxN2kpll3BWfwWKYbQCdUFHGn/05AAe10st+k+iI3ueZi/zqkjfJjGADcJHOV5jXzm2K8eIhEKOgODNBR/TfaMnH6JK4s+zFNmLKMQRcRICRWMr/SjWmVa2vGnpIr0DsHVUU2cq8GmqpbuLHqY7Z3CuypZ+Uk7OP361KDDIMcpTgu5eNi54nc6/jSgxa3/x9Aw+OSIcF73KMPmWJ8usaK8TtnIjIkyHlQIgfAHzt/8jOBN1N5mznegYFVVtziC0i25jyBVMbbDmYFfif6mqn+GDV0txinD3ssaXUiDJsJTbNTbnlVTRYs5CQJmoY3J/411K87TbeshxlBg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIIuzCCB6OgAwIBAgIQAXC8B/ZOfBG1va+rAIliqzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExJzAlBgNVBAMTHlRFUkVOQSBTU0wgSGlnaCBBc3N1cmFuY2UgQ0EgMzAeFw0xNzAxMTAwMDAwMDBaFw0xOTAxMTUxMjAwMDBaMIIBEDEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCU0UxFDASBgNVBAUTCzU1NjQ3OS01NTk4MRowGAYDVQQJExFDaGFsbWVyc3BsYXRzZW4gNDESMBAGA1UEERMJU0UtNDEyIDk2MQswCQYDVQQGEwJTRTEaMBgGA1UECAwRVsOkc3RyYSBHw7Z0YWxhbmQxEjAQBgNVBAcMCUfDtnRlYm9yZzEnMCUGA1UECgweQ2hhbG1lcnMgVGVrbmlza2EgSMO2Z3Nrb2xhIEFCMQwwCgYDVQQLEwNJVEExIDAeBgNVBAMTF2ZsYXgubmV0dHN0LmNoYWxtZXJzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFtnfoBrTYoVGtGp67ciG/CVWhPmkX9vSEGIsQXlFq5FOC//hwnuvoqktXR2E1gGyd06Jz18l8v9NZUCPWRM1ngZI6OXmo0z997gN1ER1VSQic3RXt64F03R3J8XgBrNTf89Egb66fKzCEg424hH/V6yt6x59jlWS7qzt9AxIkEKXNSztQvi2ZqQXdmjkKVqSeic0r2Af8mRE0nxjhgjyAg0ZYM80ahsCmL/miAHeeXcjiKiRuGi8sW955wYxvQ3uh4Inhqv+EA7nibdyZW6lJ/TN3hU4D074ZQjNXYdDr96I4rsukA+xs4R1i68eax5hZb3pR1hkMdMW5umncAx/wIDAQABo4IEqjCCBKYwHwYDVR0jBBgwFoAUwriF1+G5E73RSLz9Xtx9kEJ6iqkwHQYDVR0OBBYEFLILQVavoUrbaWbGCbrsxzMr83gCMCIGA1UdEQQbMBmCF2ZsYXgubmV0dHN0LmNoYWxtZXJzLnNlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgYUGA1UdHwR+MHwwPKA6oDiGNmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xIaWdoQXNzdXJhbmNlQ0EzLmNybDA8oDqgOIY2aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwewYIKwYBBQUHAQEEbzBtMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xIaWdoQXNzdXJhbmNlQ0EzLmNydDAMBgNVHRMBAf8EAjAAMIICrwYKKwYBBAHWeQIEAgSCAp8EggKbApkAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVmIF/toAAAEAwBGMEQCIBWo2rxvgLXMwnF9U94vhcuN8U+zy84KqJx6nym9xEviAiAU5m6BkF/e/SsR9+OOWwxCqWkbg/F1NOSZ1FAtB2qwqAEvAKw7mu1/qWdHVxWebX1XVnL52YEAlB6b3v/soTE7dXgtAAABWYgX+4oAAAQBAQBaoaM4uzSwfI7vYX2xP2VBBAn0imied+GpgLgWYZJ+I5TmsAed0KvgpIKZxo0zE2O0Ps8hMp3m+VIJuydZgHfpT5jnVV+ig8GUXCYyjDcwWU/EhQzU69X/Ax9LeUhfobXmbzV7fNyfNpzdBxGesZgWNhi7fwTtVS3Mkmd+/TPzXQ4OKsd2MaudUACc5/o6nA9WPmr8wt5eJMYA5O2a3mJTaQR4gE3nEl+mluT8/yODJHkC+Ln+qoGR64IhvyX62qTw+97PackcZ1EwB8SpdlteLhzqtuUZfEjwb/U9uKLM8uhy3bbgGi7e4ZnweW8HH3VealY/QT+nWjzmcf4e9W8xAHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFZiBf8rAAABAMASDBGAiEArucDHojFeftqx0sWwDP7FwVWM3nBPJey0fT3TQuq3M0CIQDUJzOPNVaAgXO9X+NJxeoemATU6anBuuSgIis1Rc3zjgB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABWYgX/CcAAAQDAEcwRQIhAIN9ofFPDi8KvD7mdTJHpA1bP5FKhjmTQg3VrTi4z/7aAiAIj34uMyED3blarakNI/hqozglffzfFFsKHWg8gaGt0TANBgkqhkiG9w0BAQsFAAOCAQEAZ6pn5hkqAxN2kpll3BWfwWKYbQCdUFHGn/05AAe10st+k+iI3ueZi/zqkjfJjGADcJHOV5jXzm2K8eIhEKOgODNBR/TfaMnH6JK4s+zFNmLKMQRcRICRWMr/SjWmVa2vGnpIr0DsHVUU2cq8GmqpbuLHqY7Z3CuypZ+Uk7OP361KDDIMcpTgu5eNi54nc6/jSgxa3/x9Aw+OSIcF73KMPmWJ8usaK8TtnIjIkyHlQIgfAHzt/8jOBN1N5mznegYFVVtziC0i25jyBVMbbDmYFfif6mqn+GDV0txinD3ssaXUiDJsJTbNTbnlVTRYs5CQJmoY3J/411K87TbeshxlBg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://flax.nettst.chalmers.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://flax.nettst.chalmers.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://flax.nettst.chalmers.se/adfs/ls/" index="0" isDefault="true"/> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://flax.nettst.chalmers.se/adfs/ls/" index="1"/> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://flax.nettst.chalmers.se/adfs/ls/" index="2"/> - </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <shibmd:Scope regexp="false">nettst.chalmers.se</shibmd:Scope> @@ -293,27 +26,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://flax.nettst.chalmers.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://flax.nettst.chalmers.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="en">CHALMERSTest</OrganizationName> diff --git a/swamid-2.0/graylog.nordu.net-shibboleth.xml b/swamid-2.0/graylog.nordu.net-shibboleth.xml index 7f8a4d55..16f55032 100644 --- a/swamid-2.0/graylog.nordu.net-shibboleth.xml +++ b/swamid-2.0/graylog.nordu.net-shibboleth.xml @@ -81,6 +81,16 @@ pc0/wSWsXlCKKdvcilYf9uc4RGpsdIHYHlCIBveUNMaqK3Ce2niYAgSGVH3vejoq <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://graylog.nordu.net/Shibboleth.sso/SAML/POST" index="4"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://graylog.nordu.net/Shibboleth.sso/SAML/Artifact" index="5"/> </md:SPSSODescriptor> + <md:ContactPerson contactType="support"> + <md:GivenName>Sunet</md:GivenName> + <md:SurName>NOC</md:SurName> + <md:EmailAddress>mailto:noc@sunet.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>Sunet</md:GivenName> + <md:SurName>NOC</md:SurName> + <md:EmailAddress>mailto:noc@sunet.se</md:EmailAddress> + </md:ContactPerson> <md:ContactPerson contactType="administrative"> <md:GivenName>Fredrik</md:GivenName> <md:SurName>Pettai</md:SurName> diff --git a/swamid-2.0/hhs-se.zoom.us.xml b/swamid-2.0/hhs-se.zoom.us.xml index 557e7536..6736d316 100644 --- a/swamid-2.0/hhs-se.zoom.us.xml +++ b/swamid-2.0/hhs-se.zoom.us.xml @@ -21,29 +21,42 @@ <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> - <ds:X509Certificate>MIIFFzCCA/+gAwIBAgIHBFgs/vQRuzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCVVMxEDAO -BgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29t -LCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAx -BgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xNDA0 -MTEwMDQ4MDVaFw0xODA4MDMyMzM2NDJaMDcxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlk -YXRlZDESMBAGA1UEAwwJKi56b29tLnVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -okFee4Mpg9uh8LOOYygGRyhxXwsfvnh7FvtJT67CRryvMEHftbeD4b9xa7CSxrU5XfP6ICLxFplv -+4sntZy4o3h6ryBrV9BvMAkG1DavujorcSEbk+O0Rk9GpQFGOXvTZQN71mzv66ITuQn83t9+1vx9 -JTqapWmi/LtC1nTvkqNCjdfbTkIqoLjcUN+awRT+4WnDYp2h8oAMUGePwRMqebFQl7uTF3Ok0xyh -akmB0QU7EgM3jw7drHTW3A0MX3Ei9u23dhrmBGUDTs9oO6Zpu7LMkmCyFW5XCKokKeqbtXQulOCT -gRrd8i3paIwFBqISFiygYOKmVolL1zaUCm+LfQIDAQABo4IBqDCCAaQwDwYDVR0TAQH/BAUwAwEB -ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDYGA1UdHwQv -MC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS00MC5jcmwwUwYDVR0gBEww -SjBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFk -ZHkuY29tL3JlcG9zaXRvcnkvMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29j -c3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHku -Y29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDO -MB0GA1UdEQQWMBSCCSouem9vbS51c4IHem9vbS51czAdBgNVHQ4EFgQU7Iq18k6UpRo2UcsGL/qS -UFoZ64kwDQYJKoZIhvcNAQELBQADggEBAKBUJLQlb6o9kCVuFhGNj/7och4wo7K207guo9PuhDls -ipAo4NHubWMrmTRwSELUtQpP1T21uymzPKC2riko1+tOwNJjJ6hB7UMa8hwgC3dCq+TeTsMxNBgP -xLYUwl+W8g0iss0TTolx4DHrF4iSH2HcunwxDXtqkCtlIRiLhkU/q2DXPwyatLD9f4nypEowXARJ -F9AI1u80XBk4qks6VFI+F101ov7c11YqtKvzICNJSF/uTaoKU16ZMeV7Awt0stHY1ILdI40ht+YZ -kMpIITAqh9XwkMMbjOapCeNu6wfL/ywLEOskEvvxnEgP00VVk8S32kBKmNQGLPufut3obbI=</ds:X509Certificate> + <ds:X509Certificate>MIIGpDCCBYygAwIBAgIJAOZtkBRrr07MMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD +VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa +MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0 +cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj +dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE4MDYxMjE4MDIyMVoX +DTIwMDYxMjE4MDIyMVowNzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh +dGVkMRIwEAYDVQQDDAkqLnpvb20udXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDJstTPQTaYgnrfKFDpATrqb8kTp2tL3SIUwfmyI8AVM2aylL/q/ral +XtLeN0vqZyc+QfX694gk/a+lpcwXBO7OrmzbPuigGk7Y0+eILX10JAwaZf41w9Wd +j52WkKJtaPDtS41pT8sGidQL8CGKCjs2BtAImMGIxBP4/U/BbTWaX7Yp/wnwqzHi +i6UiWJzwC5v7Tglc7YkLqS/0uhCnEJlJeTghpT6ST1ZWmvlFvtRSGZLkneeER3Ex +QhQj7oefAgi98lDgPqcQ+Cw6GR3u9o+5KSj6t8WxmEimlAM230+9jv+lW6xr2k3B +vFuHSgu9VjxG4h/d7UP8+KW3iVRhbaaXAgMBAAGjggMzMIIDLzAMBgNVHRMBAf8E +AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMC +BaAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGln +MnMxLTgzNy5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUF +BwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv +MAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v +Y3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRl +cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRA +wr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20u +dXMwHQYDVR0OBBYEFG86ecvhrBVMcsS4mWYkSlO7jRdUMIIBfwYKKwYBBAHWeQIE +AgSCAW8EggFrAWkAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAA +AWP1KmVBAAAEAwBIMEYCIQDFkKMYerM9O8u25bsrdf085HoTpqv4gCVj6KnuI977 +3gIhAISFLgZRYmDjwgHHnm+IYl7Flp7XcU8qmdRp0lesnVwCAHYA7ku9t3XOYLrh +Qmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFj9SpqyQAABAMARzBFAiA0V+bR/z03 +OIJxTVGlG3MDVblzcxNuJONzkgp7WgusTgIhAJMKOXo1SLjOpmqnIjMqFRYELkfh +zgzFe3xa4xUxthGzAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgA +AAFj9SprlQAABAMARzBFAiEAzePsyzO9cNmhlohiOjXZ6tSu8nKFVDMd5fiKv2g7 +6tACIDIczvM/uV4uz2pOkY1N3CVQSEbrJC6/bLmJgJ3OI/jOMA0GCSqGSIb3DQEB +CwUAA4IBAQB3//DfcyK0b6D5eijWI414ttLUWJrDOhYPBdtNUzVlWV9jNarCjoAg +PgNJxkEmgJb4HWQzAeYruJOXGEbZp5LTdWCjrdj18xDh7EtnPIEeY2H6obW4xXe5 +K3jJKtkbHqa5j2Fc+W/dXVqo28kQKbMm+FF9Vj6cQ1B/xPdijb7M2rHL808qVYPp +J9y1vahFh07yyTOR61CRThhqYv63JHppUWgtolDLdVez4s3cjAiKuE5Ij+NJirNN +lEdeTAWOcOfqdylDPB2QZutYG+SN4J/C97wjbHlMM+xMPL3UOPOalx8MsPB6WHlg +xBe5fMnWUgOwr0Mvl+VgxjXb/PHfLMeY</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> diff --git a/swamid-2.0/hkrplay.hkr.se.xml b/swamid-2.0/hkrplay.hkr.se.xml new file mode 100644 index 00000000..23384ee6 --- /dev/null +++ b/swamid-2.0/hkrplay.hkr.se.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://hkrplay.hkr.se"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">Kristianstad University Play service</mdui:DisplayName> + <mdui:DisplayName xml:lang="sv">Högskolan Kristianstad Playtjänst</mdui:DisplayName> + <mdui:Description xml:lang="en">This service is for presentation of videos from Kristianstad University.</mdui:Description> + <mdui:Description xml:lang="sv">Denna tjänst används för presentationer av video från Högskolan Kristianstad.</mdui:Description> + <mdui:Logo height="94" width="83">https://hkr.se/gui/i/logotype.png</mdui:Logo> + <mdui:Logo xml:lang="sv" height="94" width="83">https:hkr.se/gui/i/logotype.png</mdui:Logo> + <mdui:Logo xml:lang="en" height="94" width="83">https://hkr.se/gui/i/logotype.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIB/DCCAWWgAwIBAgIUR0NIYWpM9T6CEGjdts8Bh/BZf6kwDQYJKoZIhvcNAQEFBQAwKzEXMBUGA1UEAwwOaGtycGxheS5oa3Iuc2UxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNjE0MDkwNjUxWhcNMTkwNjE0MDkwNjUxWjArMRcwFQYDVQQDDA5oa3JwbGF5Lmhrci5zZTEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2p2uj2tNIz/5TXvrs2ZNtsioLYhWtKs2sTMeOO+Zv0c0BBqVkoCGhBB2afbhIYB9ER+JHOwtQeHujCGa/RRvCbOi6n6gj9ZYaJoo5co8I0EkwVx09aaDVo+qxc2AUitPtNEeG7BvN5BSudlCiCQESu4hkNdUH+LSnMlDlsBkJWkCAwEAAaMdMBswGQYDVR0RBBIwEIIOaGtycGxheS5oa3Iuc2UwDQYJKoZIhvcNAQEFBQADgYEAKdQn8AwPrN0ne1OSQH/d1YjCLKq/8Tb+1eMFJQSOOGIYCaeEw3yDngzQbUkfpQkU3XPac+aOW1GZiXy6eOob0h9J5HK5aDDXWtAadT+KBPOXdTc1fRVdDUV7gQkNIVg4Me8gBm7krR7XQmNasMXgP4bpFlTHL1CMMJRZcGIgTNM=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIB/DCCAWWgAwIBAgIUR0NIYWpM9T6CEGjdts8Bh/BZf6kwDQYJKoZIhvcNAQEFBQAwKzEXMBUGA1UEAwwOaGtycGxheS5oa3Iuc2UxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNjE0MDkwNjUxWhcNMTkwNjE0MDkwNjUxWjArMRcwFQYDVQQDDA5oa3JwbGF5Lmhrci5zZTEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2p2uj2tNIz/5TXvrs2ZNtsioLYhWtKs2sTMeOO+Zv0c0BBqVkoCGhBB2afbhIYB9ER+JHOwtQeHujCGa/RRvCbOi6n6gj9ZYaJoo5co8I0EkwVx09aaDVo+qxc2AUitPtNEeG7BvN5BSudlCiCQESu4hkNdUH+LSnMlDlsBkJWkCAwEAAaMdMBswGQYDVR0RBBIwEIIOaGtycGxheS5oa3Iuc2UwDQYJKoZIhvcNAQEFBQADgYEAKdQn8AwPrN0ne1OSQH/d1YjCLKq/8Tb+1eMFJQSOOGIYCaeEw3yDngzQbUkfpQkU3XPac+aOW1GZiXy6eOob0h9J5HK5aDDXWtAadT+KBPOXdTc1fRVdDUV7gQkNIVg4Me8gBm7krR7XQmNasMXgP4bpFlTHL1CMMJRZcGIgTNM=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://hkrplay.hkr.se/user/logout"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://hkrplay.hkr.se/user/authenticate" index="0"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">HKRplay</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">HKRplay</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://hkrplay.hkr.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>NORDUnet</md:GivenName> + <md:SurName>SAML Admin</md:SurName> + <md:EmailAddress>mailto:saml@media.nordu.net</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/id.statenssc.se-adfs-services-trust.xml b/swamid-2.0/id.statenssc.se-adfs-services-trust.xml index 64bd601e..946de59c 100644 --- a/swamid-2.0/id.statenssc.se-adfs-services-trust.xml +++ b/swamid-2.0/id.statenssc.se-adfs-services-trust.xml @@ -31,653 +31,6 @@ </KeyInfo> </ds:Signature> --> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Annan myndighet"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC4DCCAcigAwIBAgIQTJDRE11esadK2AHqvGUBATANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFBREZTIEVuY3J5cHRpb24gLSBpZC5zdGF0ZW5zc2Muc2UwHhcNMTQwOTA3MjEyNzQxWhcNMTkwOTA3MjEyNzQxWjAsMSowKAYDVQQDEyFBREZTIEVuY3J5cHRpb24gLSBpZC5zdGF0ZW5zc2Muc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI9BftUUS6LbxyhTUbpziaaY+7WyOKUXkHguFyFiL6nSdAn4R14TuJFug8uJCCRY6UEcEAn18QWgW1FvUyf7Zbzpu+U0XGq4QRy+GTbCIWeLmQAc9QFAjbOSqv7TMkgHg2Jo46L8/0ttgr+olPYTO454Ft7XuOm27WasCxrYxOo7tTd3w1YXz9CUtVxdnKPf3stxa+3RqlatrKansieOnI6YbStnhdM42l4S0cSer4Eu5SOakpFQH/BSdNrVV0knQih7seyhv6TmeK0bCYWriPS4lAAPJ8sllzWDQmhX7w8HJB8DFtMdHG4lrmahH3r7uUd/2+uzHjAWBhu2xq80uZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALFrJzyXfTeY2jyFWVq9jDjxQCm7D6oMipzbn2auPNku5HeUtQaKrnxjp3HFGFkeHMw2WxCo+n2UUsGEnSm4MiszNfHinkVu7KnHxMp3CnkfS6NMWyyGZQ/Sfi71ubMHmEsQrv4GJX4Mcvw4yaI/Ae59IQeUSBLPNzcsvYBtwq3EM/vSwAQpD1PNZEwh8/B/8BsutnvbAEExlUtU9EKxzUX4xl1SNnvDKIMEVue4Qm8DrjhEuLl/8uImfHPCnHcqN4tEe6gJoxBw767istcZmNLTYcJkCEMkL79vetgFad8UZWjJyaUCj16S2bd8w3NlXrb26a1iFj0Fxx9+p7QOSxE=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/organisationsnummer" Optional="true"> - <auth:DisplayName>Organisationsnummer</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/personnummer" Optional="true"> - <auth:DisplayName>Personnummer</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>Efternamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>Förnamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.3" Optional="true"> - <auth:DisplayName>Organisationsnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>Personnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:0.9.2342.19200300.100.1.3" Optional="true"> - <auth:DisplayName>E-post OID</auth:DisplayName> - <auth:Description>Unik e-postadress med myndighetens officiella domän som suffix.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/myndighet" Optional="true"> - <auth:DisplayName>Myndighet</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://id.statenssc.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Annan myndighet"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC2jCCAcKgAwIBAgIQNiJSeyIIjZNIgrCFtM7wjzANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDEx5BREZTIFNpZ25pbmcgLSBpZC5zdGF0ZW5zc2Muc2UwHhcNMTQwOTA3MjEyNzQzWhcNMTkwOTA3MjEyNzQzWjApMScwJQYDVQQDEx5BREZTIFNpZ25pbmcgLSBpZC5zdGF0ZW5zc2Muc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvyasbdU+qo4Km/Ci2Y4dQynGCmV4N7mhiGZfZy4NGXJLAxY5a93M7pVHSanprju2M1IiwOu0TM7yR7glBW5kgry8G0/qwIEkcB0NtyDnSfF9qpVcwL7SQUL+pcVSRzOIMYaCHr3uydSkqfenSpCo2pQskT4fI3H6WuIt+ssttqzjh107bjfO7jaywV4VsvT6hx2j1PhW9H3h6c1ax6aMSRhBEcutS/SQ4JvULdcM/yITMs+YfN+5uRDUy2OpwPuXNTeNZ6N5lNH/zUCGdVCiz0GP5t6n6591u6vfo62PaIOLvKjmDpyhZEKBXnei2ccZiv01ErQn1U1EjUj3NG9MFAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFZAIg+ngKrFMBkD6dD3THPK8ky0FxH7hCSASthn1PdIRQCorKIemqglV8yc+hadK+jK6//vc0xRk102Ku6t3T1ThWlTZluJt/WcZ1hb1p+hq3ZaxLSZkzEiu5G2xCPsAXg3QBQO1JyW8j+VnT4ls+wm/QQyG96W42O7bws7b6GWKsmfJNQgbrZDAxFuXKcO8jTP6iqXoRUARSHCe1sUBP+vqKZXE1Pgvwdvo69tqmK3uIUPDlj7cPCs1y01xiPw4qhPzLYyW60epOaGvC2yy4ecsGV9F1NAIbNFU+V2Gdu91bKYAqTt+bNUBMc9ikKy0R84W9Gqj8/vlys8IL5IIWU=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" Optional="true"> - <auth:DisplayName>eduPersonPrincipalName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/organisationsnummer" Optional="true"> - <auth:DisplayName>Organisationsnummer</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/personnummer" Optional="true"> - <auth:DisplayName>Personnummer</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>Efternamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>Förnamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.3" Optional="true"> - <auth:DisplayName>Organisationsnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>Personnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/hermes" Optional="true"> - <auth:DisplayName>Hermes kod</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:0.9.2342.19200300.100.1.3" Optional="true"> - <auth:DisplayName>E-post OID</auth:DisplayName> - <auth:Description>Unik e-postadress med myndighetens officiella domän som suffix.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/myndighet" Optional="true"> - <auth:DisplayName>Myndighet</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/useridnoprefix" Optional="true"> - <auth:DisplayName>UserId No Prefix</auth:DisplayName> - <auth:Description>Internt använt UserID utan Hermes prefix</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://id.statenssc.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://id.statenssc.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> diff --git a/swamid-2.0/idp-fre-1.eduid.se-idp.xml b/swamid-2.0/idp-fre-1.eduid.se-idp.xml deleted file mode 100644 index c0d390a5..00000000 --- a/swamid-2.0/idp-fre-1.eduid.se-idp.xml +++ /dev/null @@ -1,75 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:mace:shibboleth:metadata:1.0" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" entityID="https://idp-fre-1.eduid.se/idp.xml"> - <ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <ns0:Extensions> - <ns1:Scope regexp="false">eduid.se</ns1:Scope> - </ns0:Extensions> - <ns0:KeyDescriptor use="encryption"> - <ns2:KeyInfo> - <ns2:X509Data> - <ns2:X509Certificate>MIICtjCCAZ4CCQCcz/piVprfwDANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJp -ZHAtZnJlLTEuZWR1aWQuc2UwHhcNMTMwNDA0MTM0NDQ0WhcNMjMwNDAyMTM0NDQ0 -WjAdMRswGQYDVQQDExJpZHAtZnJlLTEuZWR1aWQuc2UwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDZYoiNY7wsKOg0HuPEIOmFt4sNOPANo1WXOEAi4gdr -Ov5RyA+j4c5qtxgX30eT1mSS+xxd1UYy78jIR42QnvmwZRAw3XGzCT4u+41u+4KP -ZuzsNmueFruQ/FUj5YvYJdo9LKDXnhqj7GrOYwVKRx3TtV+76IXbY+OQF5mNXNdn -qFepNt6ukBGqdWjEi6fslbjVwCkRwN9gFm/f0xshITr79MEsmEbm97n8+TxNWx9o -Vx2cIGHVKur+iBR0ntY71jXCGb/0drVlogMluXUssMV9fZSP0W1HnlI2vNQrVA6p -0hzRsi+kGGAXn0/u1rhfJ7G6/Tz43OqhVqH5BeKs+0v/AgMBAAEwDQYJKoZIhvcN -AQEFBQADggEBANfLG7xG2d2bc8ib/XCMly48KEPYqNXIeDIHPR8MpEZrdCph4TUz -Y96pEbhM3Onn7iZTAqk7QUfVzj3qH35H8FG6XJuUlpeo11c94dsS6+euamdf+9qZ -ZP0uQyvYepSdQWCeBljDUxp/u6h9NdKpcwK9AvfBVCTNR0gdFNfADi1QtdAtW3Wx -N4TxcEV9YT6QopkdXKR+Vx+Bp8iM3ij+epA5M87hrrHUFd9s324x2ktl1cx0znS/ -6VT121qX752B4lzzych/glgqUaSZe6/iFq2LYxK5qPZAViEy6by4lYghzdKPjAvu -97NSksdDvmueTb8t8S2G2CqPc3Wus+M6yQw= -</ns2:X509Certificate> - </ns2:X509Data> - </ns2:KeyInfo> - </ns0:KeyDescriptor> - <ns0:KeyDescriptor use="signing"> - <ns2:KeyInfo> - <ns2:X509Data> - <ns2:X509Certificate>MIICtjCCAZ4CCQCcz/piVprfwDANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJp -ZHAtZnJlLTEuZWR1aWQuc2UwHhcNMTMwNDA0MTM0NDQ0WhcNMjMwNDAyMTM0NDQ0 -WjAdMRswGQYDVQQDExJpZHAtZnJlLTEuZWR1aWQuc2UwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDZYoiNY7wsKOg0HuPEIOmFt4sNOPANo1WXOEAi4gdr -Ov5RyA+j4c5qtxgX30eT1mSS+xxd1UYy78jIR42QnvmwZRAw3XGzCT4u+41u+4KP -ZuzsNmueFruQ/FUj5YvYJdo9LKDXnhqj7GrOYwVKRx3TtV+76IXbY+OQF5mNXNdn -qFepNt6ukBGqdWjEi6fslbjVwCkRwN9gFm/f0xshITr79MEsmEbm97n8+TxNWx9o -Vx2cIGHVKur+iBR0ntY71jXCGb/0drVlogMluXUssMV9fZSP0W1HnlI2vNQrVA6p -0hzRsi+kGGAXn0/u1rhfJ7G6/Tz43OqhVqH5BeKs+0v/AgMBAAEwDQYJKoZIhvcN -AQEFBQADggEBANfLG7xG2d2bc8ib/XCMly48KEPYqNXIeDIHPR8MpEZrdCph4TUz -Y96pEbhM3Onn7iZTAqk7QUfVzj3qH35H8FG6XJuUlpeo11c94dsS6+euamdf+9qZ -ZP0uQyvYepSdQWCeBljDUxp/u6h9NdKpcwK9AvfBVCTNR0gdFNfADi1QtdAtW3Wx -N4TxcEV9YT6QopkdXKR+Vx+Bp8iM3ij+epA5M87hrrHUFd9s324x2ktl1cx0znS/ -6VT121qX752B4lzzych/glgqUaSZe6/iFq2LYxK5qPZAViEy6by4lYghzdKPjAvu -97NSksdDvmueTb8t8S2G2CqPc3Wus+M6yQw= -</ns2:X509Certificate> - </ns2:X509Data> - </ns2:KeyInfo> - </ns0:KeyDescriptor> - <ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-fre-1.eduid.se/slo/soap"/> - <ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-fre-1.eduid.se/slo/post"/> - <ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-fre-1.eduid.se/slo/redirect"/> - <ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns0:NameIDFormat> - <ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</ns0:NameIDFormat> - <ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-fre-1.eduid.se/sso/redirect"/> - <ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-fre-1.eduid.se/sso/post"/> - <ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://idp-fre-1.eduid.se/sso/art"/> - <ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-fre-1.eduid.se/sso/ecp"/> - </ns0:IDPSSODescriptor> - <ns0:Organization> - <ns0:OrganizationName xml:lang="en">eduID TEST</ns0:OrganizationName> - <ns0:OrganizationDisplayName xml:lang="en">eduID TEST</ns0:OrganizationDisplayName> - <ns0:OrganizationURL xml:lang="en">http://www.eduid.se/</ns0:OrganizationURL> - </ns0:Organization> - <ns0:ContactPerson contactType="technical"> - <ns0:GivenName>eduID</ns0:GivenName> - <ns0:SurName>developers</ns0:SurName> - <ns0:EmailAddress>eduid-dev@SEGATE.SUNET.SE</ns0:EmailAddress> - </ns0:ContactPerson> - <ns0:ContactPerson contactType="support"> - <ns0:GivenName>Support</ns0:GivenName> - <ns0:EmailAddress>support@eduid.se</ns0:EmailAddress> - </ns0:ContactPerson> -</ns0:EntityDescriptor> diff --git a/swamid-2.0/idp-test.it.su.se.xml b/swamid-2.0/idp-test.it.su.se.xml new file mode 100644 index 00000000..68a376c0 --- /dev/null +++ b/swamid-2.0/idp-test.it.su.se.xml @@ -0,0 +1,120 @@ +<?xml version="1.0" encoding="UTF-8"?> +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idp-test.it.su.se/idp/shibboleth"> + <Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> + <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue> + <saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue> + </saml:Attribute> + </mdattr:EntityAttributes> + </Extensions> + <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> + <Extensions> + <shibmd:Scope regexp="false">su.se</shibmd:Scope> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">Stockholms universitet (test)</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Stockholm University (test)</mdui:DisplayName> + <mdui:Description xml:lang="sv">Identity Provider för medarbetare och studenter vid Stockholms universitet.</mdui:Description> + <mdui:Description xml:lang="en">The Stockholm university Identity Provider is used by employees and students at the university.</mdui:Description> + <mdui:InformationURL xml:lang="sv">http://www.su.se</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">http://www.su.se/english/</mdui:InformationURL> + <mdui:Logo xml:lang="sv" height="110" width="127">https://idp-test.it.su.se/idp/img/su-logo-sv_OLD.gif</mdui:Logo> + <mdui:Logo xml:lang="en" height="110" width="127">https://idp-test.it.su.se/idp/img/su-logo-en_OLD.gif</mdui:Logo> + <mdui:PrivacyStatementURL xml:lang="sv">https://www.su.se/medarbetare/it/it-tj%C3%A4nster/universitetskonto/policy-f%C3%B6r-hantering-av-personuppgifter-inom-ramen-f%C3%B6r-identitetsutgivaren-identity-provider-idp-1.383506</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://www.su.se/english/staff/it/it-services/policy-for-the-management-of-personal-information-within-the-scope-of-the-identity-provider-idp-1.384218</mdui:PrivacyStatementURL> + </mdui:UIInfo> + <mdui:DiscoHints> + <mdui:DomainHint>su.se</mdui:DomainHint> + <mdui:GeolocationHint>geo:59.3625,18.0586</mdui:GeolocationHint> + </mdui:DiscoHints> + </Extensions> + <KeyDescriptor> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIC+jCCAeKgAwIBAgIJAKvigKUJvExYMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV +BAMTEWlkcC10ZXN0Lml0LnN1LnNlMB4XDTEwMTEwOTA4NTAxNVoXDTIwMTEwNjA4 +NTAxNVowHDEaMBgGA1UEAxMRaWRwLXRlc3QuaXQuc3Uuc2UwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDiy33V1Re/N5Wih2L/TFGyAvHhzmOvT2BS3z6s +Gtum+WYGbVaGrJK6fD+HG89KoMtbbo8uAW0HJfhnOdbbUL2OEUo8quKbJSq5A/+0 +d7zCxteeZOBZ9yQF/cTNtgwVdreYitKD8E0LsTUBnpmomGS4icR3b3KyDVdgexof +85boL4QYGtDvvBLAR67YHnzFl6sMYY46/ptThge8FrRYE4IzMT7JiOzakrCje8tI +dDHjLFgIjR4e/oOD/qe/VQBBx+BXYOGK80iq5Q1I/MCIcYPNgu4QRaBM6sgCEbzZ +BAKvKUwOUG6ISQMClGjpzgGd22OClxXcjakMFuWHEDCh13IdAgMBAAGjPzA9MBwG +A1UdEQQVMBOCEWlkcC10ZXN0Lml0LnN1LnNlMB0GA1UdDgQWBBTENxJoYSkc0MtD +9crsO+Sb8o1vmTANBgkqhkiG9w0BAQUFAAOCAQEATQcvg19g3IBDwwTVfMFTVfFc +ltpedRKvdiS2XNq2jy+/97n2M2Xc4vpUqKJayxwpkN180VCV873zbI81MRCApeJH +wFYke5r9OSwriiTPgijAAOm6K8++PfNfYOOoo/G/7akcL4dmeu8vKzwE67GAPm+N ++uRvOFivpJ137xlATclXtP4riW0fqagqQDKwJVULLfyeve8+mDlpYg2/dz5hqb6V +UebM+vdVeYb0JLMqQevfKMQVbhC3sLuZEGHLh0VE/ZSY5GQGDAshuw0e7Xfrxcd6 +0P3iPg1br/W070Wfs66Q90o0xXbVvA/HJyxelHanrZszCvDN6RzhhDYA3jlqzw== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-test.it.su.se:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-test.it.su.se:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/> + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp-test.it.su.se/idp/profile/Shibboleth/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-test.it.su.se/idp/profile/SAML2/POST/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-test.it.su.se/idp/profile/SAML2/Redirect/SSO"/> + </IDPSSODescriptor> + <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> + <Extensions> + <shibmd:Scope regexp="false">su.se</shibmd:Scope> + </Extensions> + <KeyDescriptor> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIC+jCCAeKgAwIBAgIJAKvigKUJvExYMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV +BAMTEWlkcC10ZXN0Lml0LnN1LnNlMB4XDTEwMTEwOTA4NTAxNVoXDTIwMTEwNjA4 +NTAxNVowHDEaMBgGA1UEAxMRaWRwLXRlc3QuaXQuc3Uuc2UwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDiy33V1Re/N5Wih2L/TFGyAvHhzmOvT2BS3z6s +Gtum+WYGbVaGrJK6fD+HG89KoMtbbo8uAW0HJfhnOdbbUL2OEUo8quKbJSq5A/+0 +d7zCxteeZOBZ9yQF/cTNtgwVdreYitKD8E0LsTUBnpmomGS4icR3b3KyDVdgexof +85boL4QYGtDvvBLAR67YHnzFl6sMYY46/ptThge8FrRYE4IzMT7JiOzakrCje8tI +dDHjLFgIjR4e/oOD/qe/VQBBx+BXYOGK80iq5Q1I/MCIcYPNgu4QRaBM6sgCEbzZ +BAKvKUwOUG6ISQMClGjpzgGd22OClxXcjakMFuWHEDCh13IdAgMBAAGjPzA9MBwG +A1UdEQQVMBOCEWlkcC10ZXN0Lml0LnN1LnNlMB0GA1UdDgQWBBTENxJoYSkc0MtD +9crsO+Sb8o1vmTANBgkqhkiG9w0BAQUFAAOCAQEATQcvg19g3IBDwwTVfMFTVfFc +ltpedRKvdiS2XNq2jy+/97n2M2Xc4vpUqKJayxwpkN180VCV873zbI81MRCApeJH +wFYke5r9OSwriiTPgijAAOm6K8++PfNfYOOoo/G/7akcL4dmeu8vKzwE67GAPm+N ++uRvOFivpJ137xlATclXtP4riW0fqagqQDKwJVULLfyeve8+mDlpYg2/dz5hqb6V +UebM+vdVeYb0JLMqQevfKMQVbhC3sLuZEGHLh0VE/ZSY5GQGDAshuw0e7Xfrxcd6 +0P3iPg1br/W070Wfs66Q90o0xXbVvA/HJyxelHanrZszCvDN6RzhhDYA3jlqzw== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-test.it.su.se:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> + <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp-test.it.su.se:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + </AttributeAuthorityDescriptor> + <Organization> + <OrganizationName xml:lang="en">SU</OrganizationName> + <OrganizationDisplayName xml:lang="sv">Stockholms universitet (test)</OrganizationDisplayName> + <OrganizationDisplayName xml:lang="en">Stockholm University (test)</OrganizationDisplayName> + <OrganizationURL xml:lang="en">http://www.su.se</OrganizationURL> + </Organization> + <ContactPerson contactType="administrative"> + <Company>Stockholm University</Company> + <SurName>Helpdesk</SurName> + <EmailAddress>mailto:helpdesk@su.se</EmailAddress> + <TelephoneNumber>+46 8 16 1999</TelephoneNumber> + </ContactPerson> + <ContactPerson contactType="technical"> + <Company>Stockholm University</Company> + <SurName>Helpdesk</SurName> + <EmailAddress>mailto:helpdesk@su.se</EmailAddress> + <TelephoneNumber>+46 8 16 1999</TelephoneNumber> + </ContactPerson> + <ContactPerson contactType="support"> + <Company>Stockholm University</Company> + <SurName>Helpdesk</SurName> + <EmailAddress>mailto:helpdesk@su.se</EmailAddress> + <TelephoneNumber>+46 8 16 1999</TelephoneNumber> + </ContactPerson> +</EntityDescriptor> diff --git a/swamid-2.0/idp-test.suni.se-adfs-services-trust.xml b/swamid-2.0/idp-test.suni.se-adfs-services-trust.xml index 05ed857c..6449707a 100644 --- a/swamid-2.0/idp-test.suni.se-adfs-services-trust.xml +++ b/swamid-2.0/idp-test.suni.se-adfs-services-trust.xml @@ -1,148 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://idp-test.suni.se/adfs/services/trust"> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp-test.suni.se"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC4jCCAcqgAwIBAgIQek/EaOs9V7VFR7XG3cPV/TANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJBREZTIEVuY3J5cHRpb24gLSBpZHAtdGVzdC5zdW5pLnNlMB4XDTE3MDIxNTE1NTM0MFoXDTE4MDIxNTE1NTM0MFowLTErMCkGA1UEAxMiQURGUyBFbmNyeXB0aW9uIC0gaWRwLXRlc3Quc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLnQfl7WTniCN9Y4WD6FGtQTtfrU7cto9w/1p3lPZynmiYZ2XoVLCIFOjshhnTtUWSdj5ajAXEWkTE0wuLJKIffDblJbUcdxi1V9uOkHoytCRV7sN48hGm5ayu2aT6j6272R0P7iLhaoU5QR/AWsyo4A/UDRirGa/m0pJyyfhSuHqFmkl9f5voLZLvweHrgWj+ie1xkACeeiKnykKqLgBf4LI5z+PMlhMGbLTGsmH5+ljwUmBqiXh2FMG62//gOBDs7wq1iZIm1DV/4b7yKJrTJgStrgo7XVZfj9+BMbc3NRdYgL/WG6E4t6WP2rhtflDY9/xNm1l5nIW7Wd3+S760CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEABc10A6vq9oVHSxmqh7+hwpT8l6eRZhiBDmNAGUovbLnXeytV02vZc6IXNEI72Qzhh6g0FiGSucxRTrUyMX9FtjR/vBwk16KSLQn0FNNBxqV8Wet9mE5R+1fPGWzulp8YQtz5J31xchGoMieJ7M+TLV1Od0iQSqa3/9pfVV35ui4kiPXSyFhUtvRAn+fvSi8RYg6DVB4IRUskLOEMlYRq1SH8JfaiCwdbd5IzDA7Pe60qxrPVOyBJRylfR770ubyJAxhIvfU2m2nKOw2jALD98jDjQ7/1Nli9kA7vdf2NsMUgR76qGczGepjF2l4MIpV22RwMVbfnVsaC0mTpHMdQkg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://idp-test.suni.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp-test.suni.se"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC3DCCAcSgAwIBAgIQdLObATCTf61N9d9qj8ZV0zANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBpZHAtdGVzdC5zdW5pLnNlMB4XDTE3MDIxNTE1NTM0MFoXDTE4MDIxNTE1NTM0MFowKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gaWRwLXRlc3Quc3VuaS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWUL0Drry/FB46wntV1iIOsBg6QqXrvDlCGaJ/O1JhJ2/ZeqACcCKPZySJSQ+0x5R3V9rbbI4an1JM20Bktjf0xmfT2+80QgGjvNi2W5drem+t7SOAvCBa8RvkYkY2lX/wee6bInkAlsAtQZ9o9ffgYVxlOUW+USR+7XT6F9wtTVrZSX2QK4whj9JWdyA/sQLgjeWU8WFN506KZERm3ua1wpV5EoCOnShIamGhfpgaRVNPI9pcyw0gwXeMdDfPYhfBFni1Tn9tLdsYj878P/3irKwkcTtC3VgYnKsI9U6XJzG5w1wfzTJEnSp9HVhF7UaFcEYTgb3sXunGKwz49ABsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQf4xSVepvO2OtF1AokPidv0o1RHYsmJjREfn/bJVV0SQKaYCUx75rPaPUEQTqY3vLdongoJmRaM2hudr5fF+iGRsvIAPoZQcESOZ55k9ff2Ix4yj3CrH93RCbiWDlx80xgjIP5NrsZsrq9YSV6IQCml77qAwYdg7LqeLie1rmgh59PnrIxKO9JoDp8ZYJV1fAaaEpnuqbmUlL51RFNHsyujvc3i991yHCifeDVseOZchZAafmnHHphfsUdlInrohcy4p9nFC8/DdUmipViTAvB6HVvU18lw9dUBU8D4m+RitudnecZdxABWfb4l63j+PhPHDmHS1AuWF0Shs5yrXBQ==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:mace:dir:attribute-def:eduPersonEntitlement" Optional="true"> - <auth:DisplayName>eduPersonEntitlement</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" Optional="true"> - <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:mace:dir:attribute-def:norEduPersonNIN" Optional="true"> - <auth:DisplayName>norEduPersonNIN</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:mace:dir:attribute-def:vfu" Optional="true"> - <auth:DisplayName>vfu</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/cn" Optional="true"> - <auth:DisplayName>cn</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" Optional="true"> - <auth:DisplayName>Display Name</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://idp-test.suni.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-test.suni.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> @@ -202,25 +59,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-test.suni.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-test.suni.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:mace:dir:attribute-def:eduPersonEntitlement" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonEntitlement"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonScopedAffiliation"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:mace:dir:attribute-def:norEduPersonNIN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="norEduPersonNIN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:mace:dir:attribute-def:vfu" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="vfu"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="cn"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Display Name"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Södertörns högskola</OrganizationName> diff --git a/swamid-2.0/idp-v2.konstfack.se-adfs-services-trust.xml b/swamid-2.0/idp-v2.konstfack.se-adfs-services-trust.xml index 05f86228..62e3371b 100644 --- a/swamid-2.0/idp-v2.konstfack.se-adfs-services-trust.xml +++ b/swamid-2.0/idp-v2.konstfack.se-adfs-services-trust.xml @@ -4,622 +4,6 @@ <shibmd:Scope regexp="false">konstfack.se</shibmd:Scope> <shibmd:Scope regexp="false">student.konstfack.se</shibmd:Scope> </Extensions> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp-v2.konstfack.se"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFbjCCBFagAwIBAgIIWVVUmcWy8KMwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTYwMzE4MTEwODM4WhcNMTkwMzE4MTEwODM4WjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHDAaBgNVBAMTE2lkcC12Mi5rb25zdGZhY2suc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4aKJIr/SA+wVmhBWdivMqvsQGRaD7oDlOzpiOykD4P7DD7w9ex+xe/Gz+RTU5Hh8f++h4rRv6yMopON52WTEIe2S39LmQ+f0WWq1NsPkJFwynGmvVWmlR+gu8JgtWB19IGplBF5i7wLdN5W8ENcsm/mO7yvhqbLeKcNXtEdQuXbNnAVuA74cx5rkP7QesSO9nEfbfuIZTgg0kz5lza7wcqbzxmpvuTbrufU5iVLsLNtaF04OzUy0h0159GruioZ9olRZGAoiRiyK+zqNlbGa29LoChE4uVh6f55/fyvT5b3g2A4vq0/evDtdvy2FkjpIzitlVIBY01wIz+v74FGFAgMBAAGjggHiMIIB3jAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTI1LmNybDBjBgNVHSAEXDBaME4GC2CGSAGG/W4BBxcBMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMIGCBggrBgEFBQcBAQR2MHQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBGBggrBgEFBQcwAoY6aHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmaWcyLmNydDAfBgNVHSMEGDAWgBQlRYFoUCY4PTstLL7Natm2PbNmYzA3BgNVHREEMDAughNpZHAtdjIua29uc3RmYWNrLnNlghd3d3cuaWRwLXYyLmtvbnN0ZmFjay5zZTAdBgNVHQ4EFgQUSE3LMcug5Hdxxvf0OQ6En7Ft7aMwDQYJKoZIhvcNAQELBQADggEBACOXE7ZTDnPZjQLJOm+/Hs7hhruDNEGe92RxrcjItfsGZLHYXYIgppaZNpp2wduWBWCKZmVGq9zfNvRQDBdBU+VQ/O1YeGAytdc1Se31q6hHxcrka1P9FtY5Vpt22/uerSio/Bm2n/iVmWSb1D0oevRzXTZtpNFDHHnTxbQoezhFi1RkCv7oLgtTh2ZXTcZkrFg2UGYeStVApeXTCVdHzf5yoZf7rRsyt4RVwkkkQQRGOPsL8K4QJmX7aT5llbcdDchNQ/gnJxxL/EVkEmzRHRirFITQ4TD+IymODaYeJ5Fh+PD/tgYuYcQT2q0W3YoysFX/43oq0IJqtTJzVQnlPfk=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeID" Optional="true"> - <auth:DisplayName>employeeID</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp-v2.konstfack.se"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFbjCCBFagAwIBAgIIWVVUmcWy8KMwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTYwMzE4MTEwODM4WhcNMTkwMzE4MTEwODM4WjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHDAaBgNVBAMTE2lkcC12Mi5rb25zdGZhY2suc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4aKJIr/SA+wVmhBWdivMqvsQGRaD7oDlOzpiOykD4P7DD7w9ex+xe/Gz+RTU5Hh8f++h4rRv6yMopON52WTEIe2S39LmQ+f0WWq1NsPkJFwynGmvVWmlR+gu8JgtWB19IGplBF5i7wLdN5W8ENcsm/mO7yvhqbLeKcNXtEdQuXbNnAVuA74cx5rkP7QesSO9nEfbfuIZTgg0kz5lza7wcqbzxmpvuTbrufU5iVLsLNtaF04OzUy0h0159GruioZ9olRZGAoiRiyK+zqNlbGa29LoChE4uVh6f55/fyvT5b3g2A4vq0/evDtdvy2FkjpIzitlVIBY01wIz+v74FGFAgMBAAGjggHiMIIB3jAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTI1LmNybDBjBgNVHSAEXDBaME4GC2CGSAGG/W4BBxcBMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMIGCBggrBgEFBQcBAQR2MHQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBGBggrBgEFBQcwAoY6aHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmaWcyLmNydDAfBgNVHSMEGDAWgBQlRYFoUCY4PTstLL7Natm2PbNmYzA3BgNVHREEMDAughNpZHAtdjIua29uc3RmYWNrLnNlghd3d3cuaWRwLXYyLmtvbnN0ZmFjay5zZTAdBgNVHQ4EFgQUSE3LMcug5Hdxxvf0OQ6En7Ft7aMwDQYJKoZIhvcNAQELBQADggEBACOXE7ZTDnPZjQLJOm+/Hs7hhruDNEGe92RxrcjItfsGZLHYXYIgppaZNpp2wduWBWCKZmVGq9zfNvRQDBdBU+VQ/O1YeGAytdc1Se31q6hHxcrka1P9FtY5Vpt22/uerSio/Bm2n/iVmWSb1D0oevRzXTZtpNFDHHnTxbQoezhFi1RkCv7oLgtTh2ZXTcZkrFg2UGYeStVApeXTCVdHzf5yoZf7rRsyt4RVwkkkQQRGOPsL8K4QJmX7aT5llbcdDchNQ/gnJxxL/EVkEmzRHRirFITQ4TD+IymODaYeJ5Fh+PD/tgYuYcQT2q0W3YoysFX/43oq0IJqtTJzVQnlPfk=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeID" Optional="true"> - <auth:DisplayName>employeeID</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://idp-v2.konstfack.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.konstfack.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFbjCCBFagAwIBAgIIWVVUmcWy8KMwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTYwMzE4MTEwODM4WhcNMTkwMzE4MTEwODM4WjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHDAaBgNVBAMTE2lkcC12Mi5rb25zdGZhY2suc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4aKJIr/SA+wVmhBWdivMqvsQGRaD7oDlOzpiOykD4P7DD7w9ex+xe/Gz+RTU5Hh8f++h4rRv6yMopON52WTEIe2S39LmQ+f0WWq1NsPkJFwynGmvVWmlR+gu8JgtWB19IGplBF5i7wLdN5W8ENcsm/mO7yvhqbLeKcNXtEdQuXbNnAVuA74cx5rkP7QesSO9nEfbfuIZTgg0kz5lza7wcqbzxmpvuTbrufU5iVLsLNtaF04OzUy0h0159GruioZ9olRZGAoiRiyK+zqNlbGa29LoChE4uVh6f55/fyvT5b3g2A4vq0/evDtdvy2FkjpIzitlVIBY01wIz+v74FGFAgMBAAGjggHiMIIB3jAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTI1LmNybDBjBgNVHSAEXDBaME4GC2CGSAGG/W4BBxcBMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMIGCBggrBgEFBQcBAQR2MHQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBGBggrBgEFBQcwAoY6aHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmaWcyLmNydDAfBgNVHSMEGDAWgBQlRYFoUCY4PTstLL7Natm2PbNmYzA3BgNVHREEMDAughNpZHAtdjIua29uc3RmYWNrLnNlghd3d3cuaWRwLXYyLmtvbnN0ZmFjay5zZTAdBgNVHQ4EFgQUSE3LMcug5Hdxxvf0OQ6En7Ft7aMwDQYJKoZIhvcNAQELBQADggEBACOXE7ZTDnPZjQLJOm+/Hs7hhruDNEGe92RxrcjItfsGZLHYXYIgppaZNpp2wduWBWCKZmVGq9zfNvRQDBdBU+VQ/O1YeGAytdc1Se31q6hHxcrka1P9FtY5Vpt22/uerSio/Bm2n/iVmWSb1D0oevRzXTZtpNFDHHnTxbQoezhFi1RkCv7oLgtTh2ZXTcZkrFg2UGYeStVApeXTCVdHzf5yoZf7rRsyt4RVwkkkQQRGOPsL8K4QJmX7aT5llbcdDchNQ/gnJxxL/EVkEmzRHRirFITQ4TD+IymODaYeJ5Fh+PD/tgYuYcQT2q0W3YoysFX/43oq0IJqtTJzVQnlPfk=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFbjCCBFagAwIBAgIIWVVUmcWy8KMwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTYwMzE4MTEwODM4WhcNMTkwMzE4MTEwODM4WjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHDAaBgNVBAMTE2lkcC12Mi5rb25zdGZhY2suc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4aKJIr/SA+wVmhBWdivMqvsQGRaD7oDlOzpiOykD4P7DD7w9ex+xe/Gz+RTU5Hh8f++h4rRv6yMopON52WTEIe2S39LmQ+f0WWq1NsPkJFwynGmvVWmlR+gu8JgtWB19IGplBF5i7wLdN5W8ENcsm/mO7yvhqbLeKcNXtEdQuXbNnAVuA74cx5rkP7QesSO9nEfbfuIZTgg0kz5lza7wcqbzxmpvuTbrufU5iVLsLNtaF04OzUy0h0159GruioZ9olRZGAoiRiyK+zqNlbGa29LoChE4uVh6f55/fyvT5b3g2A4vq0/evDtdvy2FkjpIzitlVIBY01wIz+v74FGFAgMBAAGjggHiMIIB3jAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTI1LmNybDBjBgNVHSAEXDBaME4GC2CGSAGG/W4BBxcBMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMIGCBggrBgEFBQcBAQR2MHQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBGBggrBgEFBQcwAoY6aHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmaWcyLmNydDAfBgNVHSMEGDAWgBQlRYFoUCY4PTstLL7Natm2PbNmYzA3BgNVHREEMDAughNpZHAtdjIua29uc3RmYWNrLnNlghd3d3cuaWRwLXYyLmtvbnN0ZmFjay5zZTAdBgNVHQ4EFgQUSE3LMcug5Hdxxvf0OQ6En7Ft7aMwDQYJKoZIhvcNAQELBQADggEBACOXE7ZTDnPZjQLJOm+/Hs7hhruDNEGe92RxrcjItfsGZLHYXYIgppaZNpp2wduWBWCKZmVGq9zfNvRQDBdBU+VQ/O1YeGAytdc1Se31q6hHxcrka1P9FtY5Vpt22/uerSio/Bm2n/iVmWSb1D0oevRzXTZtpNFDHHnTxbQoezhFi1RkCv7oLgtTh2ZXTcZkrFg2UGYeStVApeXTCVdHzf5yoZf7rRsyt4RVwkkkQQRGOPsL8K4QJmX7aT5llbcdDchNQ/gnJxxL/EVkEmzRHRirFITQ4TD+IymODaYeJ5Fh+PD/tgYuYcQT2q0W3YoysFX/43oq0IJqtTJzVQnlPfk=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-v2.konstfack.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-v2.konstfack.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-v2.konstfack.se/adfs/ls/" index="0" isDefault="true"/> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://idp-v2.konstfack.se/adfs/ls/" index="1"/> - </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <shibmd:Scope regexp="false">konstfack.se</shibmd:Scope> @@ -662,71 +46,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-v2.konstfack.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-v2.konstfack.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2013/11/alternateloginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Alternate Login ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="employeeID"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Konstfack</OrganizationName> @@ -739,7 +58,7 @@ <ContactPerson contactType="support"> <GivenName>Håkan</GivenName> <SurName>Pettersson</SurName> - <EmailAddress>netsupport@konstfack.se</EmailAddress> + <EmailAddress>mailto:netsupport@konstfack.se</EmailAddress> <TelephoneNumber>+46-8-4504100</TelephoneNumber> </ContactPerson> </EntityDescriptor> diff --git a/swamid-2.0/idp-v2.suni.se-adfs-services-trust.xml b/swamid-2.0/idp-v2.suni.se-adfs-services-trust.xml index 71f738b2..89712104 100644 --- a/swamid-2.0/idp-v2.suni.se-adfs-services-trust.xml +++ b/swamid-2.0/idp-v2.suni.se-adfs-services-trust.xml @@ -3,605 +3,6 @@ <Extensions> <shibmd:Scope xmlns="" regexp="false">suni.se</shibmd:Scope> </Extensions> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp-v2.suni.se"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFMjCCBBqgAwIBAgIQAm3ZwLUL7U5eOFDOgDO7bDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNjAzMTUwMDAwMDBaFw0xOTAzMjAxMjAwMDBaMHsxCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xETAPBgNVBAcTCEh1ZGRpbmdlMR8wHQYDVQQKDBZTw7ZkZXJ0w7ZybnMgaMO2Z3Nrb2xhMQswCQYDVQQLEwJJVDEXMBUGA1UEAxMOaWRwLXYyLnN1bmkuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXlJ5/dL14M8QLLElvZWd3UQYlu5Ofu5amzIWCbxSisc2dga7auPgo4q+NDWhQMFI1kVYKD5T4AaKVbM6FSwW1alOsaDmVYkqv/z21bTa4bzqwg/GXtlIoxgQI3spHoVCqn2lB4iWD9YHb+85F+BlY4OBgLzUCpXM2w6eIMEfqghRc0XaDUvX1+eymVkKMQ+UNpc9IDkwvaKgQVaEo1hRl76bEVytBtAerMylEvAa7AFs5VBXCA6aoW4hXvYNnL6jJv5gh4kD1vH1WvOA0WlR0wRaO5nRwwPm1kMREXhweP9/l2AXPB9FuceGBz3P16SZKZ2TO4zXhqiEXZFIMqn5AgMBAAGjggHHMIIBwzAfBgNVHSMEGDAWgBRn/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUWx+gXBAJLGLQqiZF+QPFw1TJmbgwGQYDVR0RBBIwEIIOaWRwLXYyLnN1bmkuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAEyWyos2TCFAjsW4+VnJikhoydbbI8h/gMpvJImJbsQBhCCN/j0oJi6wDJ08vWC5gKlLG2YHOlhXN5piygmfIXcfF/BkTL++RuF072Ve7pL0NAcETL3xSXnKHqfKzxqjg9t2gInnqdkowtlx7RZdXIabHYCA3tY6r7cg0MCKQJjJvsMfgqYZjSVnZB1AXiJf0NNkH4Dd0zJPW3FjUa7c1pHW4IQFKZkPFlwT5G1VwGJXxJD/oZBgh5dXB/FE1wAJtQyCneg0yKP6T77dPXG96ev15NV7qcFeo7haDeMbGCtDNjzCP/vhiUo1gHYXOUKMkeIIlsyOnWYZApO96h0WfDk=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/norEduPersonNIN" Optional="true"> - <auth:DisplayName>norEduPersonNIN</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp-v2.suni.se"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFMjCCBBqgAwIBAgIQAm3ZwLUL7U5eOFDOgDO7bDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNjAzMTUwMDAwMDBaFw0xOTAzMjAxMjAwMDBaMHsxCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xETAPBgNVBAcTCEh1ZGRpbmdlMR8wHQYDVQQKDBZTw7ZkZXJ0w7ZybnMgaMO2Z3Nrb2xhMQswCQYDVQQLEwJJVDEXMBUGA1UEAxMOaWRwLXYyLnN1bmkuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXlJ5/dL14M8QLLElvZWd3UQYlu5Ofu5amzIWCbxSisc2dga7auPgo4q+NDWhQMFI1kVYKD5T4AaKVbM6FSwW1alOsaDmVYkqv/z21bTa4bzqwg/GXtlIoxgQI3spHoVCqn2lB4iWD9YHb+85F+BlY4OBgLzUCpXM2w6eIMEfqghRc0XaDUvX1+eymVkKMQ+UNpc9IDkwvaKgQVaEo1hRl76bEVytBtAerMylEvAa7AFs5VBXCA6aoW4hXvYNnL6jJv5gh4kD1vH1WvOA0WlR0wRaO5nRwwPm1kMREXhweP9/l2AXPB9FuceGBz3P16SZKZ2TO4zXhqiEXZFIMqn5AgMBAAGjggHHMIIBwzAfBgNVHSMEGDAWgBRn/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUWx+gXBAJLGLQqiZF+QPFw1TJmbgwGQYDVR0RBBIwEIIOaWRwLXYyLnN1bmkuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAEyWyos2TCFAjsW4+VnJikhoydbbI8h/gMpvJImJbsQBhCCN/j0oJi6wDJ08vWC5gKlLG2YHOlhXN5piygmfIXcfF/BkTL++RuF072Ve7pL0NAcETL3xSXnKHqfKzxqjg9t2gInnqdkowtlx7RZdXIabHYCA3tY6r7cg0MCKQJjJvsMfgqYZjSVnZB1AXiJf0NNkH4Dd0zJPW3FjUa7c1pHW4IQFKZkPFlwT5G1VwGJXxJD/oZBgh5dXB/FE1wAJtQyCneg0yKP6T77dPXG96ev15NV7qcFeo7haDeMbGCtDNjzCP/vhiUo1gHYXOUKMkeIIlsyOnWYZApO96h0WfDk=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/norEduPersonNIN" Optional="true"> - <auth:DisplayName>norEduPersonNIN</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonEntitlement" Optional="true"> - <auth:DisplayName>eduPersonEntitlement</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" Optional="true"> - <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://idp-v2.suni.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp-v2.suni.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> @@ -660,73 +61,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-v2.suni.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-v2.suni.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2013/11/alternateloginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Alternate Login ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/norEduPersonNIN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="norEduPersonNIN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/eduPersonEntitlement" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonEntitlement"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonScopedAffiliation"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Södertörns högskola</OrganizationName> diff --git a/swamid-2.0/idp.chalmers.se-adfs-services-trust.xml b/swamid-2.0/idp.chalmers.se-adfs-services-trust.xml index 5b837945..6880b119 100644 --- a/swamid-2.0/idp.chalmers.se-adfs-services-trust.xml +++ b/swamid-2.0/idp.chalmers.se-adfs-services-trust.xml @@ -8,286 +8,6 @@ </saml:Attribute> </attr:EntityAttributes> </Extensions> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp.chalmers.se"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIEgjCCA2qgAwIBAgIRAJmWfwVBm8cQS1Ty7e6QuJgwDQYJKoZIhvcNAQEFBQAwNjELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRFUkVOQTEWMBQGA1UEAxMNVEVSRU5BIFNTTCBDQTAeFw0xMTAxMjcwMDAwMDBaFw0xNDAxMjYyMzU5NTlaMF0xCzAJBgNVBAYTAlNFMSYwJAYDVQQKEx1DaGFsbWVycyBUZWtuaXNrYSBIb2dza29sYSBBQjEMMAoGA1UECxMDSVRTMRgwFgYDVQQDEw9pZHAuY2hhbG1lcnMuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj5S9nh00xzrsXmphDbOz4RPwG0JONHrBtVOm6NNwTTQhl8eZSG4oIT/ATXAaQjGXAnz04HDShP6xKwsPN0wZTpuEci4XLlbUaWvcuefPAwGO8Be/HWEB03ilM+FLmJ55CYvpFfxbuElA30YzQcw2xU637g/+rshELRCMZB9Thp3j0tZ09sQTXbodnStm3hN0azuqvtXhZ63+q47GpocyiOlj7wHY6zZ4OfCj2YxFIeiLBBur6/mBKH3uA/xkuIv6NPAN+BI0L4iH1q+umCjeE/qfzWLO3Fe3ngYTWx0YFEIduRWCz7fyLUITNJBSK7YENFdIB0g8wXBWcTVpAv08RAgMBAAGjggFiMIIBXjAfBgNVHSMEGDAWgBQMvZNoDPPeq6NJays3V0fqkOO57TAdBgNVHQ4EFgQU6ZdOotf55GTP/djvkXZgjXBGSqQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwGgYDVR0RBBMwEYIPaWRwLmNoYWxtZXJzLnNlMA0GCSqGSIb3DQEBBQUAA4IBAQBsPH77mopZLCpQgcrIYyZJfGKrXb7rQ4NNaBOR8o/KLNptvY7NPtOnu0HRJrYfZIx4Abj0VgDs/CBWSnBJQcE+aGMQmcPhrSDua9S5p+Cpq4AV7bhCRIovWPFPNQ7TTYRKCkFCmnkM/Y3EyliddxM1JsIL5rw+k8/O/KUJPCSff7yDsSmse5qUrJ12Nh+aG/MB4NknOJuAsLjs0HpIjdVTNFb9dbhrE+8x3AiL0Nk9G69gff1V7uxndvWhCoDUW3RVkpj9xssfHj4atp9F7t3q0bKdt7Y3HWQm8wpSJd7OUWI2WXbA6kjI2YZtFcUCOzy32crsMxLXKsHJyMp/XYyw</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://idp.chalmers.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="idp.chalmers.se"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIH8zCCBtugAwIBAgIQDaNbpG1dZnWHBOxGpbv0rTANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExJzAlBgNVBAMTHlRFUkVOQSBTU0wgSGlnaCBBc3N1cmFuY2UgQ0EgMzAeFw0xNzAxMTcwMDAwMDBaFw0xOTAxMjIxMjAwMDBaMIIBCDEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCU0UxFDASBgNVBAUTCzU1NjQ3OS01NTk4MRowGAYDVQQJExFDaGFsbWVyc3BsYXRzZW4gNDESMBAGA1UEERMJU0UtNDEyIDk2MQswCQYDVQQGEwJTRTEaMBgGA1UECAwRVsOkc3RyYSBHw7Z0YWxhbmQxEjAQBgNVBAcMCUfDtnRlYm9yZzEnMCUGA1UECgweQ2hhbG1lcnMgVGVrbmlza2EgSMO2Z3Nrb2xhIEFCMQwwCgYDVQQLEwNJVEExGDAWBgNVBAMTD2lkcC5jaGFsbWVycy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFvAWT7LPS4Gl0ywiMIHcPGzNFqgqtg1NveV5iPnHgTlh+T72kcQ099F2ueXIP0mC5r6Eguy8Hv4sTHajnLPmaRFWgs8VXbIRI+8UdmAeWomJAZbkS9iUbsToii+ShKGrvOoIenCagRbmjp+Sjz571sOZ8D/LQCWguvyQgeXToZXUD63OGsqu/FdOdWQUKcxxu2fAbqpJmdzetQmNVfdXPBulhGvhIDYU/3y2E+wUH45+4TQAYMOvcAuQpdVcuQf35G1IHRVbfnwbiDmIKAbkgAJKyETtNYzzkKEO7Mk7BVrlN8Hr7ny37Y+j6AVYm4SXgwJwOfbfuyZupGoqr1xGkCAwEAAaOCA+owggPmMB8GA1UdIwQYMBaAFMK4hdfhuRO90Ui8/V7cfZBCeoqpMB0GA1UdDgQWBBS6y7/8EjtLFGwWYPrfbZOSIHUdsjAaBgNVHREEEzARgg9pZHAuY2hhbG1lcnMuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBhQYDVR0fBH4wfDA8oDqgOIY2aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3JsMDygOqA4hjZodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMSGlnaEFzc3VyYW5jZUNBMy5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3J0MAwGA1UdEwEB/wQCMAAwggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWaxG10EAAAQDAEgwRgIhAJ8aHnkMZUnmS8b14TxpxJ6bF0D+FyupZHydymr6eiUUAiEAxuc4R2xGwsTpTyiGrzjOhpFp1m8OxCXm6yy8DYnk8K8AdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAVmsRtgtAAAEAwBHMEUCIFKcHShfX2Vx0U6nMdOybcllepBjF/LBXosy+tF7uJ0gAiEAiKWCgJ8xNHsiPrnOjsSbgK/em6CxvJpTm7izwgd5jIwAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVmsRto2AAAEAwBIMEYCIQDgfq25uMuMnrenJ51ZO7iod0XsZtmlYPAXkVMga4xdSQIhAIQmrpUzpznhNfawdvezpjQWlDF8G18HFD0woxX11Do2AHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFZrEbX8gAABAMARjBEAiAM8ZPi1tdEYR0RyY8lmlacibWB/jNVvhx6Xk3C+UNqVgIgDNDJu1z9oSB0H3Kn06flyp8sM7/2MbFpYItnoRLgJYgwDQYJKoZIhvcNAQELBQADggEBAE9MAeAKr+x0//3fQrt9lbyrJzEfISNp4g85PGGwVoBZL1LBDAMqLhtpnzVxpXBjQ51w94F2EM/dZVTQRnOjMby13diSqiui8FhGapmVJ6QR+Asw8r2JLQPpwE/isyaSy2JE4nBDZI8zf4uGxYGMu9/TACsGwnz9TO8pWsFgq9K7OgH+zibB3vGjTqZGy6nETbQcuHyZry6RDQM4edU5GNAVWDebpgWlRGfp648tPOaaku10gWwv3eWjOIEF/3SjGJ4/QvoQZD+bTc6kKPIdvI9wr3Hmn4rFA+kR8p3Pq6vwaiZmdEV2v+iKJG0QArS/ZIhQ3ogLOxWoYHNMu/G4K9I=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIEazCCA1OgAwIBAgIQYiCzN6Gt8LkhjGEzm+oYbzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDEyMDAwMDAwMFoXDTE3MDEyNDIzNTk1OVowPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRgwFgYDVQQDEw9pZHAuY2hhbG1lcnMuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmWN/0UvY2KySOfg77U+ORidbq0YyqVSUxTEN5HT0WRRF/k7bdhyNp1mf8OuzefbFbTRwUyqi8BaFSdGaB2ifbyYhprchRdBXQzfS9OSzKRWQrRPPJRc7YF+h0OR2Byjy9Wkm3qzOzbv96DSihNuyhd+q+jUBUoJ+MWAj+K1/rsghrvAcKtedADR+62QaCQCkD6Pv7+njyWWAA1cJAm5KoEzXqANi3SkTwqUYB6PCMKnUBsh/w0I6Qv5lD0i/OXCZJguPhcGM5M/wSZq6iDLdtZ/EDNm82UXO3j+zBFDLSbiWuh74+/dtOyJKYZn5q9lGbhVqvFs/smAztKUSHndmbAgMBAAGjggFsMIIBaDAfBgNVHSMEGDAWgBQMvZNoDPPeq6NJays3V0fqkOO57TAdBgNVHQ4EFgQUaL0QFrip30INB0btXzbf1qhorUswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYLKwYBBAGyMQECAh0wCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMG0GCCsGAQUFBwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRjcy50ZXJlbmEub3JnMBoGA1UdEQQTMBGCD2lkcC5jaGFsbWVycy5zZTANBgkqhkiG9w0BAQUFAAOCAQEAll6pgh+zFiNIwql7sPVIQqhOCRjz1fOYfJUNAQQKiNeiWtZHC0PU7gcdKUmyDEmvdVuvMjnmuBzMCmTwYWBroWPMJCoHvWQGGTElForaG2AU7ghASUeGn2rtXdnj62dbhNhuh/yZfywKmCbRoKYsQB6/6TkmkQcXm7teOqzq3jOjlnJmMCRRSM8z7ZDI6KkcX+FFfsNR9zp76Xi3T6hsfNQJOD593JA7Ub8rX2p3YQIYLNGARfR7fAQoSBgibcGX6buthzFl1Af+ghyy99nezrJ1srvD81AKG7a55znKBcQLPTTsqMlaG9tM9ERe/wQhf9zEUBPDB8PLmA+FfmR3Mg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://idp.chalmers.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://idp.chalmers.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIEgjCCA2qgAwIBAgIRAJmWfwVBm8cQS1Ty7e6QuJgwDQYJKoZIhvcNAQEFBQAwNjELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRFUkVOQTEWMBQGA1UEAxMNVEVSRU5BIFNTTCBDQTAeFw0xMTAxMjcwMDAwMDBaFw0xNDAxMjYyMzU5NTlaMF0xCzAJBgNVBAYTAlNFMSYwJAYDVQQKEx1DaGFsbWVycyBUZWtuaXNrYSBIb2dza29sYSBBQjEMMAoGA1UECxMDSVRTMRgwFgYDVQQDEw9pZHAuY2hhbG1lcnMuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj5S9nh00xzrsXmphDbOz4RPwG0JONHrBtVOm6NNwTTQhl8eZSG4oIT/ATXAaQjGXAnz04HDShP6xKwsPN0wZTpuEci4XLlbUaWvcuefPAwGO8Be/HWEB03ilM+FLmJ55CYvpFfxbuElA30YzQcw2xU637g/+rshELRCMZB9Thp3j0tZ09sQTXbodnStm3hN0azuqvtXhZ63+q47GpocyiOlj7wHY6zZ4OfCj2YxFIeiLBBur6/mBKH3uA/xkuIv6NPAN+BI0L4iH1q+umCjeE/qfzWLO3Fe3ngYTWx0YFEIduRWCz7fyLUITNJBSK7YENFdIB0g8wXBWcTVpAv08RAgMBAAGjggFiMIIBXjAfBgNVHSMEGDAWgBQMvZNoDPPeq6NJays3V0fqkOO57TAdBgNVHQ4EFgQU6ZdOotf55GTP/djvkXZgjXBGSqQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AudGNzLnRlcmVuYS5vcmcwGgYDVR0RBBMwEYIPaWRwLmNoYWxtZXJzLnNlMA0GCSqGSIb3DQEBBQUAA4IBAQBsPH77mopZLCpQgcrIYyZJfGKrXb7rQ4NNaBOR8o/KLNptvY7NPtOnu0HRJrYfZIx4Abj0VgDs/CBWSnBJQcE+aGMQmcPhrSDua9S5p+Cpq4AV7bhCRIovWPFPNQ7TTYRKCkFCmnkM/Y3EyliddxM1JsIL5rw+k8/O/KUJPCSff7yDsSmse5qUrJ12Nh+aG/MB4NknOJuAsLjs0HpIjdVTNFb9dbhrE+8x3AiL0Nk9G69gff1V7uxndvWhCoDUW3RVkpj9xssfHj4atp9F7t3q0bKdt7Y3HWQm8wpSJd7OUWI2WXbA6kjI2YZtFcUCOzy32crsMxLXKsHJyMp/XYyw</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIH8zCCBtugAwIBAgIQDaNbpG1dZnWHBOxGpbv0rTANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExJzAlBgNVBAMTHlRFUkVOQSBTU0wgSGlnaCBBc3N1cmFuY2UgQ0EgMzAeFw0xNzAxMTcwMDAwMDBaFw0xOTAxMjIxMjAwMDBaMIIBCDEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCU0UxFDASBgNVBAUTCzU1NjQ3OS01NTk4MRowGAYDVQQJExFDaGFsbWVyc3BsYXRzZW4gNDESMBAGA1UEERMJU0UtNDEyIDk2MQswCQYDVQQGEwJTRTEaMBgGA1UECAwRVsOkc3RyYSBHw7Z0YWxhbmQxEjAQBgNVBAcMCUfDtnRlYm9yZzEnMCUGA1UECgweQ2hhbG1lcnMgVGVrbmlza2EgSMO2Z3Nrb2xhIEFCMQwwCgYDVQQLEwNJVEExGDAWBgNVBAMTD2lkcC5jaGFsbWVycy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFvAWT7LPS4Gl0ywiMIHcPGzNFqgqtg1NveV5iPnHgTlh+T72kcQ099F2ueXIP0mC5r6Eguy8Hv4sTHajnLPmaRFWgs8VXbIRI+8UdmAeWomJAZbkS9iUbsToii+ShKGrvOoIenCagRbmjp+Sjz571sOZ8D/LQCWguvyQgeXToZXUD63OGsqu/FdOdWQUKcxxu2fAbqpJmdzetQmNVfdXPBulhGvhIDYU/3y2E+wUH45+4TQAYMOvcAuQpdVcuQf35G1IHRVbfnwbiDmIKAbkgAJKyETtNYzzkKEO7Mk7BVrlN8Hr7ny37Y+j6AVYm4SXgwJwOfbfuyZupGoqr1xGkCAwEAAaOCA+owggPmMB8GA1UdIwQYMBaAFMK4hdfhuRO90Ui8/V7cfZBCeoqpMB0GA1UdDgQWBBS6y7/8EjtLFGwWYPrfbZOSIHUdsjAaBgNVHREEEzARgg9pZHAuY2hhbG1lcnMuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBhQYDVR0fBH4wfDA8oDqgOIY2aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3JsMDygOqA4hjZodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMSGlnaEFzc3VyYW5jZUNBMy5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3J0MAwGA1UdEwEB/wQCMAAwggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWaxG10EAAAQDAEgwRgIhAJ8aHnkMZUnmS8b14TxpxJ6bF0D+FyupZHydymr6eiUUAiEAxuc4R2xGwsTpTyiGrzjOhpFp1m8OxCXm6yy8DYnk8K8AdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAVmsRtgtAAAEAwBHMEUCIFKcHShfX2Vx0U6nMdOybcllepBjF/LBXosy+tF7uJ0gAiEAiKWCgJ8xNHsiPrnOjsSbgK/em6CxvJpTm7izwgd5jIwAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVmsRto2AAAEAwBIMEYCIQDgfq25uMuMnrenJ51ZO7iod0XsZtmlYPAXkVMga4xdSQIhAIQmrpUzpznhNfawdvezpjQWlDF8G18HFD0woxX11Do2AHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFZrEbX8gAABAMARjBEAiAM8ZPi1tdEYR0RyY8lmlacibWB/jNVvhx6Xk3C+UNqVgIgDNDJu1z9oSB0H3Kn06flyp8sM7/2MbFpYItnoRLgJYgwDQYJKoZIhvcNAQELBQADggEBAE9MAeAKr+x0//3fQrt9lbyrJzEfISNp4g85PGGwVoBZL1LBDAMqLhtpnzVxpXBjQ51w94F2EM/dZVTQRnOjMby13diSqiui8FhGapmVJ6QR+Asw8r2JLQPpwE/isyaSy2JE4nBDZI8zf4uGxYGMu9/TACsGwnz9TO8pWsFgq9K7OgH+zibB3vGjTqZGy6nETbQcuHyZry6RDQM4edU5GNAVWDebpgWlRGfp648tPOaaku10gWwv3eWjOIEF/3SjGJ4/QvoQZD+bTc6kKPIdvI9wr3Hmn4rFA+kR8p3Pq6vwaiZmdEV2v+iKJG0QArS/ZIhQ3ogLOxWoYHNMu/G4K9I=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIEazCCA1OgAwIBAgIQYiCzN6Gt8LkhjGEzm+oYbzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTE0MDEyMDAwMDAwMFoXDTE3MDEyNDIzNTk1OVowPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRgwFgYDVQQDEw9pZHAuY2hhbG1lcnMuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmWN/0UvY2KySOfg77U+ORidbq0YyqVSUxTEN5HT0WRRF/k7bdhyNp1mf8OuzefbFbTRwUyqi8BaFSdGaB2ifbyYhprchRdBXQzfS9OSzKRWQrRPPJRc7YF+h0OR2Byjy9Wkm3qzOzbv96DSihNuyhd+q+jUBUoJ+MWAj+K1/rsghrvAcKtedADR+62QaCQCkD6Pv7+njyWWAA1cJAm5KoEzXqANi3SkTwqUYB6PCMKnUBsh/w0I6Qv5lD0i/OXCZJguPhcGM5M/wSZq6iDLdtZ/EDNm82UXO3j+zBFDLSbiWuh74+/dtOyJKYZn5q9lGbhVqvFs/smAztKUSHndmbAgMBAAGjggFsMIIBaDAfBgNVHSMEGDAWgBQMvZNoDPPeq6NJays3V0fqkOO57TAdBgNVHQ4EFgQUaL0QFrip30INB0btXzbf1qhorUswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYLKwYBBAGyMQECAh0wCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMG0GCCsGAQUFBwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRjcy50ZXJlbmEub3JnMBoGA1UdEQQTMBGCD2lkcC5jaGFsbWVycy5zZTANBgkqhkiG9w0BAQUFAAOCAQEAll6pgh+zFiNIwql7sPVIQqhOCRjz1fOYfJUNAQQKiNeiWtZHC0PU7gcdKUmyDEmvdVuvMjnmuBzMCmTwYWBroWPMJCoHvWQGGTElForaG2AU7ghASUeGn2rtXdnj62dbhNhuh/yZfywKmCbRoKYsQB6/6TkmkQcXm7teOqzq3jOjlnJmMCRRSM8z7ZDI6KkcX+FFfsNR9zp76Xi3T6hsfNQJOD593JA7Ub8rX2p3YQIYLNGARfR7fAQoSBgibcGX6buthzFl1Af+ghyy99nezrJ1srvD81AKG7a55znKBcQLPTTsqMlaG9tM9ERe/wQhf9zEUBPDB8PLmA+FfmR3Mg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.chalmers.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.chalmers.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.chalmers.se/adfs/ls/" index="0" isDefault="true"/> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://idp.chalmers.se/adfs/ls/" index="1"/> - </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <shibmd:Scope regexp="false">chalmers.se</shibmd:Scope> @@ -334,27 +54,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.chalmers.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.chalmers.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="en">CHALMERS</OrganizationName> diff --git a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml index 063a87a3..15ff70e3 100644 --- a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml +++ b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml @@ -1,5 +1,19 @@ <?xml version="1.0" encoding="UTF-8"?> <ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:mace:shibboleth:metadata:1.0" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" entityID="https://idp.dev.eduid.se/idp.xml"> + <ns0:Extensions> + <attr:EntityAttributes xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"> + <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue> + <saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue> + <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</saml:AttributeValue> + <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</saml:AttributeValue> + </saml:Attribute> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> + </samla:Attribute> + </attr:EntityAttributes> + </ns0:Extensions> <ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <ns0:Extensions> <ns1:Scope regexp="false">eduid.se</ns1:Scope> diff --git a/swamid-2.0/idp.it.su.se-idp-shibboleth.xml b/swamid-2.0/idp.it.su.se-idp-shibboleth.xml index 0d5e60fd..68577b60 100644 --- a/swamid-2.0/idp.it.su.se-idp-shibboleth.xml +++ b/swamid-2.0/idp.it.su.se-idp-shibboleth.xml @@ -2,6 +2,10 @@ <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="https://idp.it.su.se/idp/shibboleth"> <Extensions> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" xmlns="" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue> + </samla:Attribute> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue> <saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue> diff --git a/swamid-2.0/idp2.it.gu.se-idp-shibboleth.xml b/swamid-2.0/idp2.it.gu.se-idp-shibboleth.xml index 495ec9eb..7476399d 100644 --- a/swamid-2.0/idp2.it.gu.se-idp-shibboleth.xml +++ b/swamid-2.0/idp2.it.gu.se-idp-shibboleth.xml @@ -1,10 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- - This is example metadata only. Do *NOT* supply it as is without review, - and do *NOT* provide it in real time to your partners. - - This metadata is not dynamic - it will not change as your configuration changes. ---> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idp2.it.gu.se/idp/shibboleth"> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0"> <Extensions> @@ -188,7 +182,5 @@ ocfXlxiISI9q8HuuNs3FvJhJZWITD4pgq6hDioWmYyDa5Xjr7d9e2oOJD9C25Te2 </ds:KeyInfo> </KeyDescriptor> <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp2.it.gu.se:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> - <!-- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp2.it.gu.se:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> --> - <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above --> </AttributeAuthorityDescriptor> </EntityDescriptor> diff --git a/swamid-2.0/indico.test.uu.se-shibboleth.xml b/swamid-2.0/indico.test.uu.se-shibboleth.xml new file mode 100644 index 00000000..c196de44 --- /dev/null +++ b/swamid-2.0/indico.test.uu.se-shibboleth.xml @@ -0,0 +1,120 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://indico.test.uu.se/shibboleth"> + <md:Extensions> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> + </samla:Attribute> + <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"> + <saml:AttributeValue>https://refeds.org/sirtfi</saml:AttributeValue> + </saml:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> + <md:Extensions> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://indico.test.uu.se/Shibboleth.sso/Login"/> + <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://indico.test.uu.se/Shibboleth.sso/Login" index="1"/> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Indico TEST</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Indico TEST</mdui:DisplayName> + <mdui:Description xml:lang="sv">Indico är ett evenemangshanteringssystem för möten, konferenser och föreläsningar.</mdui:Description> + <mdui:Description xml:lang="en">Indico is an event management system for meetings, conferences and lectures.</mdui:Description> + <mdui:Logo xml:lang="en" height="52" width="196">https://indico.test.uu.se/images/logo_indico.png</mdui:Logo> + <mdui:Logo xml:lang="sv" height="52" width="196">https://indico.test.uu.se/images/logo_indico.png</mdui:Logo> + <mdui:InformationURL xml:lang="en">https://indico.test.uu.se/about</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="en">https://indico.test.uu.se/static/custom/privacy-policy-en</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://indico.test.uu.se/static/custom/privacy-policy-sv</mdui:PrivacyStatementURL> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:KeyName>uuc-web031-t.its.uu.se</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=uuc-web031-t.its.uu.se</ds:X509SubjectName> + <ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAKmas4P9C3JXMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV +BAMMFz11dWMtd2ViMDMxLXQuaXRzLnV1LnNlMCAXDTE4MDUzMTE0MDI0OVoYDzIw +NjgwNTE4MTQwMjQ5WjAiMSAwHgYDVQQDDBc9dXVjLXdlYjAzMS10Lml0cy51dS5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAeFrmGgAfLo+1vYbj2 +QfFTfWNPMYdcmTi0AL4Won4sobNBoFZ566tlP8uJ9StRWjoXwJjsPr3ojQk16SQ6 +Am8006g4qEFOwM4oTzRHCPrWILtu6TJ5X1VIX/mw7KArOKjpGpWUtMzScWzt6sI8 +OlZJac3ZDa2VFAExxdSbNWGm+Lts94YoZ9+oCOaTdD9+JVFe/YKof4xd025WOEzd +tPWVwDLAZm6bQytDCxafopnqNSwfWOgrYSyl6TpXKrjPMt6sy2n2OTpC357jf1py +rSsAsEEW2wJlIpBICCLtpK5JedguOVMuoxqC63JfnKenWR7Vq6oz/WFhTcy3jhZ9 +fOsCAwEAAaNQME4wHQYDVR0OBBYEFNpK6GpcCaTD+WhRfMTFnItjQhX9MB8GA1Ud +IwQYMBaAFNpK6GpcCaTD+WhRfMTFnItjQhX9MAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAGj8EeeTu8QdbK8s2CJsW7IFcMVVa4FDJVGbYHeTe1aSdMPE +rewZLCim0tdt0pB35iUUTwIlDvGVbJp51bfdHygb/BYyTBAHW8MiXwWBkDYT1TzQ +3+d+Iw/m9lidoo5NCNpnpM4P7z+DMkJ2odeqDpsFJ07e7nFDCscL5ysAcbRMoNNQ +Nv/PH3X/ski2V+wFVkIUmAfyvuiKWrYNeabHObiz+Rj8NUk2Swuxfw3lQQAfCSzG +Mp0Rv5wuTB3e5oRzX1Kc9vkb89kkRSUf6ktQ4Qo/ij0sg59GqkSAFJ6Ng1qmjP0+ +acjhlnJDt40YvXKkX07QZm3Ti5EjNpo4xpmj7+U= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://indico.test.uu.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://indico.test.uu.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://indico.test.uu.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://indico.test.uu.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://indico.test.uu.se/Shibboleth.sso/SLO/Artifact"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://indico.test.uu.se/Shibboleth.sso/NIM/SOAP"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://indico.test.uu.se/Shibboleth.sso/NIM/Redirect"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://indico.test.uu.se/Shibboleth.sso/NIM/POST"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://indico.test.uu.se/Shibboleth.sso/NIM/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://indico.test.uu.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://indico.test.uu.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://indico.test.uu.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://indico.test.uu.se/Shibboleth.sso/SAML/POST" index="5"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://indico.test.uu.se/Shibboleth.sso/SAML/Artifact" index="6"/> + <md:AttributeConsumingService index="0"> + <md:ServiceName xml:lang="en">Indico TEST</md:ServiceName> + <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="sv">Uppsala universitet</md:OrganizationName> + <md:OrganizationName xml:lang="en">Uppsala University</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Uppsala universitet</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Uppsala University</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="sv">http://www.uu.se/</md:OrganizationURL> + <md:OrganizationURL xml:lang="en">http://www.uu.se/en/</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:Company>Uppsala universitet</md:Company> + <md:EmailAddress>mailto:drift@uadm.uu.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security"> + <md:GivenName>Uppsala University Computer Security Incident Response Team</md:GivenName> + <md:EmailAddress>mailto:security@uu.se</md:EmailAddress> + <md:TelephoneNumber>+46-18-4717560</md:TelephoneNumber> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/itslearning.com.xml b/swamid-2.0/itslearning.com.xml deleted file mode 100644 index 774682d5..00000000 --- a/swamid-2.0/itslearning.com.xml +++ /dev/null @@ -1,122 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="urn:mace:saml2v2.no:services:com.itslearning"> - <Extensions> - <attr:EntityAttributes xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"> - <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> - <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> - <samla:AttributeValue>http://www.swamid.se/category/eu-adequate-protection</samla:AttributeValue> - </samla:Attribute> - </attr:EntityAttributes> - </Extensions> - <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <Extensions> - <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> - <mdui:DisplayName xml:lang="en">itslearning</mdui:DisplayName> - <mdui:DisplayName xml:lang="sv">itslearning</mdui:DisplayName> - <mdui:Description xml:lang="en">itslearning is a cloud-based LMS that connects people with passions, ideas, and each other.</mdui:Description> - <mdui:Description xml:lang="sv">itslearning is a cloud-based LMS that connects people with passions, ideas, and each other.</mdui:Description> - <mdui:InformationURL xml:lang="sv">https://itslearning.com/global/higher-education/lms-overview/</mdui:InformationURL> - <mdui:InformationURL xml:lang="en">https://itslearning.com/global/higher-education/lms-overview/</mdui:InformationURL> - <mdui:PrivacyStatementURL xml:lang="sv">https://itslearning.com/global/privacy-policy/</mdui:PrivacyStatementURL> - <mdui:PrivacyStatementURL xml:lang="en">https://itslearning.com/global/privacy-policy/</mdui:PrivacyStatementURL> - </mdui:UIInfo> - </Extensions> - <KeyDescriptor use="signing"> - <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> - <ds:X509Data> - <ds:X509Certificate> - MIIGIzCCBQugAwIBAgIRALUG/lMf4ilOPuZcvQG5yDowDQYJKoZIhvcNAQELBQAw - gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO - BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD - VQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBT - ZXJ2ZXIgQ0EwHhcNMTUwNzE0MDAwMDAwWhcNMTgwNzEzMjM1OTU5WjCCAQUxCzAJ - BgNVBAYTAk5PMQ0wCwYDVQQREwQ1MDU5MRIwEAYDVQQIEwlIT1JEQUxBTkQxDzAN - BgNVBAcTBkJlcmdlbjEcMBoGA1UECRMTRWR2YXJkIEdyaWVncyBWZWkgMzEYMBYG - A1UEChMPSXRzIExlYXJuaW5nIEFTMRswGQYDVQQLExJpdHNsZWFybmluZyBGcmFu - Y2UxNTAzBgNVBAsTLElzc3VlZCB0aHJvdWdoIEl0cyBMZWFybmluZyBBUyBFLVBL - SSBNYW5hZ2VyMRcwFQYDVQQLEw5JbnN0YW50U1NMIFBybzEdMBsGA1UEAxMUYXV0 - aC5pdHNsZWFybmluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB - AQCnMiSYW33IAVgQLVF/43Ke524DM0pehzOVUrZJjwM+VNB5Iz1t0Zd5ZLJ71rPR - HyYTrtlrwiW4bdCOXpj8q8r3x368YawR3vW9pTxvBzADDUE60HLqNnaLzXbEtgOJ - x/fN/y1vEe/ysL7sFgfZYsK6Esa+ZckzRmhjhIA8Y7AzFxnUwo99S5/MfwAjRpkV - lChPFgWFW4zecI+qj092VaDJHpfoGR15cv6onHrqUE8gqKsSZ2LrHrzNCoVGO00R - RS0i0T+yEccvLB0GlIwgK1NJO3BPar25hIV2NHXTck5tn9iLlyXNChKZK0lJMACb - kyiA4etM//NW0xCZG9DHVLCvAgMBAAGjggH4MIIB9DAfBgNVHSMEGDAWgBSa8yva - z61Pti+7KkhIKhK3G0LBJDAdBgNVHQ4EFgQUziNakwabutZPrjgskjLsLwud1aMw - DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH - AwEGCCsGAQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYB - BQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECAjBa - BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9S - U0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGLBggr - BgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29t - L0NPTU9ET1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j - cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA5BgNVHREE - MjAwghRhdXRoLml0c2xlYXJuaW5nLmNvbYIYd3d3LmF1dGguaXRzbGVhcm5pbmcu - Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQBWP/nHSKbTILdOwcCKxyTcG6IYDkUUnwFG - QPRO8dRu0p55j5m2scN+svm3PqrejqNobeh80VcNahdHY/runY+JpzdXohBsS+oL - E7t8lBPW4IlNpRi3OBOywnJ0cGIn5PyaMgDyQoWorgBey2m+wfVtWOlyqSIzHdDC - +2lyPs5rvfbdSzfPeRv+D6/5k/GwCDOz+u/h0ynqDkZojEWShYP0ROckhhUQRxPl - JNq2fHe+JwzyEqLJ/k5UcBzrwmzqy5K2Gaj2i6ySiAmoCVhF9/Dl5Tae6bv55IGI - RZNHXVWClNE2/q9xZotJor1siWGA0F3sZjTHTYK7176mUNDWJyjX - </ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="encryption"> - <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> - <ds:X509Data> - <ds:X509Certificate> - MIIGIzCCBQugAwIBAgIRALUG/lMf4ilOPuZcvQG5yDowDQYJKoZIhvcNAQELBQAw - gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO - BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD - VQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBT - ZXJ2ZXIgQ0EwHhcNMTUwNzE0MDAwMDAwWhcNMTgwNzEzMjM1OTU5WjCCAQUxCzAJ - BgNVBAYTAk5PMQ0wCwYDVQQREwQ1MDU5MRIwEAYDVQQIEwlIT1JEQUxBTkQxDzAN - BgNVBAcTBkJlcmdlbjEcMBoGA1UECRMTRWR2YXJkIEdyaWVncyBWZWkgMzEYMBYG - A1UEChMPSXRzIExlYXJuaW5nIEFTMRswGQYDVQQLExJpdHNsZWFybmluZyBGcmFu - Y2UxNTAzBgNVBAsTLElzc3VlZCB0aHJvdWdoIEl0cyBMZWFybmluZyBBUyBFLVBL - SSBNYW5hZ2VyMRcwFQYDVQQLEw5JbnN0YW50U1NMIFBybzEdMBsGA1UEAxMUYXV0 - aC5pdHNsZWFybmluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB - AQCnMiSYW33IAVgQLVF/43Ke524DM0pehzOVUrZJjwM+VNB5Iz1t0Zd5ZLJ71rPR - HyYTrtlrwiW4bdCOXpj8q8r3x368YawR3vW9pTxvBzADDUE60HLqNnaLzXbEtgOJ - x/fN/y1vEe/ysL7sFgfZYsK6Esa+ZckzRmhjhIA8Y7AzFxnUwo99S5/MfwAjRpkV - lChPFgWFW4zecI+qj092VaDJHpfoGR15cv6onHrqUE8gqKsSZ2LrHrzNCoVGO00R - RS0i0T+yEccvLB0GlIwgK1NJO3BPar25hIV2NHXTck5tn9iLlyXNChKZK0lJMACb - kyiA4etM//NW0xCZG9DHVLCvAgMBAAGjggH4MIIB9DAfBgNVHSMEGDAWgBSa8yva - z61Pti+7KkhIKhK3G0LBJDAdBgNVHQ4EFgQUziNakwabutZPrjgskjLsLwud1aMw - DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH - AwEGCCsGAQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYB - BQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECAjBa - BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9S - U0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGLBggr - BgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29t - L0NPTU9ET1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j - cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA5BgNVHREE - MjAwghRhdXRoLml0c2xlYXJuaW5nLmNvbYIYd3d3LmF1dGguaXRzbGVhcm5pbmcu - Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQBWP/nHSKbTILdOwcCKxyTcG6IYDkUUnwFG - QPRO8dRu0p55j5m2scN+svm3PqrejqNobeh80VcNahdHY/runY+JpzdXohBsS+oL - E7t8lBPW4IlNpRi3OBOywnJ0cGIn5PyaMgDyQoWorgBey2m+wfVtWOlyqSIzHdDC - +2lyPs5rvfbdSzfPeRv+D6/5k/GwCDOz+u/h0ynqDkZojEWShYP0ROckhhUQRxPl - JNq2fHe+JwzyEqLJ/k5UcBzrwmzqy5K2Gaj2i6ySiAmoCVhF9/Dl5Tae6bv55IGI - RZNHXVWClNE2/q9xZotJor1siWGA0F3sZjTHTYK7176mUNDWJyjX - </ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.itslearning.com/elogin/SingleLogoutHandler.aspx"/> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.itslearning.com/eLogin/AssertionConsumerService.aspx"/> - </SPSSODescriptor> - <Organization> - <OrganizationName xml:lang="en">itslearning</OrganizationName> - <OrganizationDisplayName xml:lang="en">itslearning</OrganizationDisplayName> - <OrganizationURL xml:lang="en">http://www.itslearning.eu</OrganizationURL> - </Organization> - <ContactPerson xml:lang="en" contactType="technical"> - <EmailAddress>support@itslearning.com</EmailAddress> - </ContactPerson> - <ContactPerson xml:lang="en" contactType="support"> - <EmailAddress>support@itslearning.com</EmailAddress> - </ContactPerson> -</EntityDescriptor> diff --git a/swamid-2.0/kantarainitiative.org-confluence-plugins-servlet-samlsso.xml b/swamid-2.0/kantarainitiative.org-confluence-plugins-servlet-samlsso.xml index 3f3def10..c2e5177e 100644 --- a/swamid-2.0/kantarainitiative.org-confluence-plugins-servlet-samlsso.xml +++ b/swamid-2.0/kantarainitiative.org-confluence-plugins-servlet-samlsso.xml @@ -1,6 +1,13 @@ <?xml version="1.0" encoding="UTF-8"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://kantarainitiative.org/confluence/plugins/servlet/samlsso"> <md:SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">Kantara Initiative</mdui:DisplayName> + <mdui:Description xml:lang="en">The Kantara Initiative is the global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice.</mdui:Description> + <mdui:Logo xml:lang="en" height="76" width="220">https://kantarainitiative.org/confluence/download/attachments/2293776/global.gif</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> @@ -47,4 +54,9 @@ PMS4rjAWc41dsrr8CuH3t/NKbvDc9Rn6U+qLGttLcJ1Jlpw2i3fPGGJ+osSsX9+h3KUdLv9j7zJB <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://kantarainitiative.org/confluence/plugins/servlet/samlsso" index="0"/> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">Kantara Initiative Inc</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Kantara Initiative Inc</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://kantarainitiative.org</md:OrganizationURL> + </md:Organization> </md:EntityDescriptor> diff --git a/swamid-2.0/kauplay.kau.se.xml b/swamid-2.0/kauplay.kau.se.xml new file mode 100644 index 00000000..f276e273 --- /dev/null +++ b/swamid-2.0/kauplay.kau.se.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://kauplay.kau.se"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Kau play</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Kau play</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är Karlstads universitets play tjänst</mdui:Description> + <mdui:Description xml:lang="en">This is Karlstad University's streaming service</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://play.kau.se/Om</mdui:InformationURL> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICMjCCAZugAwIBAgIUJthSm5mO42eUMlr5toLKJCLgBMowDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNDIwMTE1NTE1WhcNMTkwNDIwMTE1NTE1WjA9MSkwJwYDVQQDDCAzMDAtbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyiDNnoLi56KGDLRoJ0Y2dBj4G7++BtnhkBGqIB0AwF9O0hNgB5smGf6biR+D+qjhrux4tGLM3NBgeevoCBhb5aupP4/0MBeelhdDmoPfApYRVIXp0N0rSy0gVFRtr0sw9T0txuBq3jB/XzVHRmWA8dSm9H0kkoZEzWRViGWroPcCAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEALwp3i9iN8738mOgmVLI6L/Q9CwtHpJ8HxPENk02v2gjOS5G81kkyjNT6cN5N5FXaLO/X3XmYMx/k3XWZuInvYHfWnGXb2geWycE1P/n150H4j7pq4RNKmoI0D2vlgdngcqjul/2iWjbUdEhOM3eZHbEdQA0Vwbk/PGV8mAuQfbI=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICMjCCAZugAwIBAgIUJthSm5mO42eUMlr5toLKJCLgBMowDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNDIwMTE1NTE1WhcNMTkwNDIwMTE1NTE1WjA9MSkwJwYDVQQDDCAzMDAtbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyiDNnoLi56KGDLRoJ0Y2dBj4G7++BtnhkBGqIB0AwF9O0hNgB5smGf6biR+D+qjhrux4tGLM3NBgeevoCBhb5aupP4/0MBeelhdDmoPfApYRVIXp0N0rSy0gVFRtr0sw9T0txuBq3jB/XzVHRmWA8dSm9H0kkoZEzWRViGWroPcCAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEALwp3i9iN8738mOgmVLI6L/Q9CwtHpJ8HxPENk02v2gjOS5G81kkyjNT6cN5N5FXaLO/X3XmYMx/k3XWZuInvYHfWnGXb2geWycE1P/n150H4j7pq4RNKmoI0D2vlgdngcqjul/2iWjbUdEhOM3eZHbEdQA0Vwbk/PGV8mAuQfbI=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://kauplay.kau.se/user/logout"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://kauplay.kau.se/user/authenticate" index="0"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">KauPlay</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">KauPlay</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://kauplay.kau.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>NORDUnet</md:GivenName> + <md:SurName>SAML Admin</md:SurName> + <md:EmailAddress>mailto:saml@media.nordu.net</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/local.cloudmore.com-shibboleth.xml b/swamid-2.0/local.cloudmore.com-shibboleth.xml index 31331663..25dc1b0e 100644 --- a/swamid-2.0/local.cloudmore.com-shibboleth.xml +++ b/swamid-2.0/local.cloudmore.com-shibboleth.xml @@ -32,7 +32,7 @@ <mdui:Description xml:lang="en">Cloud Brokerage Platform for IT, Business and Public Sector</mdui:Description> <mdui:InformationURL xml:lang="en">http://web.cloudmore.com/</mdui:InformationURL> <mdui:Logo xml:lang="en" height="300" width="300">https://cloudmore.com/Files/Uploads/Shibboleth/Cloudmore-green-icon.png</mdui:Logo> - <mdui:PrivacyStatementURL xml:lang="en">https://web.cloudmore.com/hubfs/terms/Cloudmore%20Privacy%20Policy%20v2017-04.pdf</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">http://web.cloudmore.com/privacy/cloudmore-data-processing-terms</mdui:PrivacyStatementURL> </mdui:UIInfo> </md:Extensions> <md:KeyDescriptor> diff --git a/swamid-2.0/login.temp1235.hhs.se-adfs-services-trust.xml b/swamid-2.0/login.temp1235.hhs.se-adfs-services-trust.xml index c8cd7f68..432e6b1a 100644 --- a/swamid-2.0/login.temp1235.hhs.se-adfs-services-trust.xml +++ b/swamid-2.0/login.temp1235.hhs.se-adfs-services-trust.xml @@ -1,599 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://login.temp1235.hhs.se/adfs/services/trust"> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Test ADFS4 - Handelshögskolan i Stockholm"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC7DCCAdSgAwIBAgIQcXfC7I8AAZVDQZlpS80QEDANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBsb2dpbi50ZW1wMTIzNS5oaHMuc2UwHhcNMTcwMTIxMjA1MzE3WhcNMTgwMTIxMjA1MzE3WjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBsb2dpbi50ZW1wMTIzNS5oaHMuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSO706ECYl5LgivGf++RRzmJCdC6OypGGI1YHiVNeUhNBEE2pJ2IFr0ZXGpyrx7+bJRGdlZQG75fHsJE+5Fi3+gtNhMbsAnTfvR3PkX4JzAcl32bzxeKKIHQaou6TyPSCVM7hZQ9NnjrKamekIB52hxga7G4lo1tcnVZFYYBXl5CXvfHhnKkVfmUYKQvak8SQCkk7VkbbpFE9zmbpw7TewzWLcOVmHVjqMcMPh8xTwL/uWtiD5nUx43ZKKykXAt8MMutrXVeaXsWz6ii5sls46cfyA79luYnY52UyjLFfAfFJA9PcCg+JucYWkXMtjBzpVFmcUbF2u5NNryvfEC3aLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC0725ACqttJd6WGETAS2legpdN+dB9WIqOWqP8ub1uxyg0cx6aKtmLK2zXt3NGaJm9XmVb+v6uqToFurIAPYaguwABHy3JkTNNnO66BCtgN1CRtRm+fBz2RaEJ2zt4NIswOwsvEl7R6FWOihzQJ6fk4DEXAIhLQrCn/ti0yCFWhHqjd74Dvr2xHzppv9BLhDOn6RwdYj/EzSG1xe9oPvn1jyUUxGZzRro4e+25W/l2X2RDautBAYZq3bV+k5ak489U5EYQgcGrFWSs9DmAKk2qUwW6qvMDppD5kVTMfIEbeMUUftAo2VkG//Ym9Q3+A0/KkkpFmsG3taxLxgtm1VCg=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://www.hhs.se/ws/2005/05/claims/firstname" Optional="true"> - <auth:DisplayName>First Name</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://www.hhs.se/ws/2005/05/claims/lastname" Optional="true"> - <auth:DisplayName>Last Name</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://login.temp1235.hhs.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Test ADFS4 - Handelshögskolan i Stockholm"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC5jCCAc6gAwIBAgIQFLE+JRWbr6dO/DnzzRd18jANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBsb2dpbi50ZW1wMTIzNS5oaHMuc2UwHhcNMTcwMTIxMjA1MzE4WhcNMTgwMTIxMjA1MzE4WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBsb2dpbi50ZW1wMTIzNS5oaHMuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb2zXOedFExa2buAnsMwWosysFcvUISb+hTP7Y7cDfLYLC4HYgeaVl+f0utv9EAKooMKbCOOoqypXfZvR4thEj4nASEd9l1SrK7bfTK21w7bpsgPW1YyLYyMeSWREIm2eB+vD19o8K0zF0bJ68ZjtQp/ZeuCB+UAOmwlcRv36tc4ky/MOgAudjG2nozN2Qol4/bjSpxy9X8Vk2AGLeEusv7U2kFnVUUO8LFSJrSukys7+KRrTJa+NoXQa9EXq1y9yPitLYiIfDu8OV0rJuNkidLkhVRluYlp8wsL5xtAPYMABkUCjejYW7OrGfejYTRSgzwRdUrDW2/003XR8eRvMDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHnffSwWY95Eu+s8rq4Paazq0tfXYVxkqfRcFFEOeI1Gyq7OGe2YSRTw8dW6/2wsQOZrbLsgRoLhn04B1+gt2wpP29JsKJwVjeKCEtXEqEIm6gmetPCW27pbkLMTUeMYan6jkI9jww7zR8nrwtulBlmzrAcivcNTDiSTq/W+3ec8wg2KPoY0ie5bk3XI5dhrYFzzb6XzVamGvUKYYx6DqOIP/nsTZy21y+4mOoo8bS0snippT2rUlbrFwn8fneuHv7NzEvp0bOSd78ke+hnEQDd44R9XhBU5RT5zvB24Tv6+dUXoSJN6TbauPgtUtGdEV/euSkTlkJoU1Ejbh5qupWY=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://bullshit/id2" Optional="true"> - <auth:DisplayName>Dummy value</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://www.hhs.se/ws/2005/05/claims/firstname" Optional="true"> - <auth:DisplayName>First Name</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://www.hhs.se/ws/2005/05/claims/lastname" Optional="true"> - <auth:DisplayName>Last Name</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://login.temp1235.hhs.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://login.temp1235.hhs.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> @@ -641,72 +47,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.temp1235.hhs.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.temp1235.hhs.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://bullshit/id2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Dummy value"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://www.hhs.se/ws/2005/05/claims/firstname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="First Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://www.hhs.se/ws/2005/05/claims/lastname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Last Name"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Handelshögskolan i Stockholm (TEST)</OrganizationName> diff --git a/swamid-2.0/login1.fhs.se-adfs-services-trust.xml b/swamid-2.0/login1.fhs.se-adfs-services-trust.xml index 4bd790bc..804a2289 100644 --- a/swamid-2.0/login1.fhs.se-adfs-services-trust.xml +++ b/swamid-2.0/login1.fhs.se-adfs-services-trust.xml @@ -1,28 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://login1.fhs.se/adfs/services/trust"> - <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC3DCCAcSgAwIBAgIQeWr7QXhH9JlNlt0yAGXDnzANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIEVuY3J5cHRpb24gLSBsb2dpbjEuZmhzLnNlMB4XDTE4MDMyOTA4NDgyM1oXDTE5MDMyOTA4NDgyM1owKjEoMCYGA1UEAxMfQURGUyBFbmNyeXB0aW9uIC0gbG9naW4xLmZocy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfSk8YUwkg2sQvT4Rvo3eHVG6E0TSKvd2REO8iTzMpmMS4D+xRmduJi/d2GBczY5GKzjsm8Ykfz/kF+0zKUyLXjSBxyf1c/HY7ShULcZQI2hYIk9pIafLym1log++Yq1x7A8toQmbIqFQkNfzerb1FSlHhDH9y1ENcVY57Xy4mQGXGdgvUKB7cID4hHPfLvNb9rECmxnznb0aSfumIf169LA662B2QcZOfvdC6L+/okJLoa69X4/wkfYhyXXXaCCmd1EGN4CzXiPKD5LCDFC28hhAC6eaU4e0z+T3u8+HQZTkAP4QnJk18NDqDeS9BTo7iifwjOhScIK+WOTGdgxB0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFqWIanhTOtPbdyNc3ILtasZPG7srR86xgIUBL4Bb5RZbdEsXSDDYnJGsstwgKb0f8aGeVUaqgq+a/VrNwMIaTbj9bMU85kcJuipj5mhsJ1YY5zgPvpK1uum/AWjPHjn21JQGpqfxJngGJl54FWNhAJL85k+H/3MODSIzrH5Kmyuq+1qU9E5vlvoVJn0WPxowJS7Y9PimatpbNSio/lQ0Rk14GOn6C2/NwBm3wGqpRqRcYsXoYCGDL9ACbiUiBazcslBsURJsTagU68UHytrSsifzRiUdpzOzCf8FICfLDLYFq010hpSUgRWp5uffHpZGUhoHh2tjDym3XZ3TyH70GA==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC1jCCAb6gAwIBAgIQQFxK+48DP6JHunIm7oDFRDANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDExxBREZTIFNpZ25pbmcgLSBsb2dpbjEuZmhzLnNlMB4XDTE4MDMyOTA4NDgyMloXDTE5MDMyOTA4NDgyMlowJzElMCMGA1UEAxMcQURGUyBTaWduaW5nIC0gbG9naW4xLmZocy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOU4TbE5Q9vYKOIeo4LAdYb156uXz8MfGNddJ0LV5MaVACDzDvX2I+7yXXFfHB/Y39HeJlWzYaR8Nae8vyeCiC2pnt9WXe+kvsdfGwCgCCmbv2DuCcgnprquqUCO6uU9fqMi1hgMMHpGcE+33SyZoXdrIRJ+b4DV2mfmaW0LKNxsz2KU9NYpe41tybMYL1FDw0sGYTyHsdTORvGueO7ccInPCAh8yeVRLu9qIya3yvNxb41/dSmk3Gw/K3VFCaV5wXG4npLmcLWYw+8d+xN8SDRaxys0nojEFtzFM/0Bp4WjdiY74sHwG8UeVL4NmmOSkII2BDsYaKgzzoAmMREx9i0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAt3KSlG7b58D4w9jqz29ZgUuJYCBxQbc+64w0/9mFu2NWwV1F0+4SdnGJGKhyGC8hbegTC+CW464xoRpQJQZfT1hwwt/oRfy3VR+1mZffMvq6bHXZFhWqTasQNZOqgEzTj+bmpUQZnK1UJhM5wR0aM2nPkvkNfMh+Ee1EOlITJs8Gv7hnO6f9I+gp1YixBe9LZs5yTnPrOUYxOcDfn8RE8+H+NwJ9NotK192T5ek7Lqy6TTt09uWYFuGhVW2aJdmI0IaoLhccJyuTHLG5vR+67QCkJ3Qkg7qymh4wLi4pYdjdq+qBKIRmPRNswQhGx0GpamGwDdzboBWJT2cgQbVESg==</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login1.fhs.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login1.fhs.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login1.fhs.se/adfs/ls/" index="0" isDefault="true"/> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://login1.fhs.se/adfs/ls/" index="1"/> - </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <shibmd:Scope regexp="false">fhs.se</shibmd:Scope> @@ -35,8 +12,8 @@ <mdui:Description xml:lang="en">Identity Provider for Swedish Defence University</mdui:Description> <mdui:InformationURL xml:lang="sv">http://www.fhs.se</mdui:InformationURL> <mdui:InformationURL xml:lang="en">http://www.fhs.se/en/</mdui:InformationURL> - <mdui:Logo xml:lang="sv" height="118" width="106">https://www.fhs.se/files/sidhuvud/logotyp-sv.jpg</mdui:Logo> - <mdui:Logo xml:lang="en" height="116" width="103">https://www.fhs.se/files/sidhuvud/logotyp-en.jpg</mdui:Logo> + <mdui:Logo xml:lang="sv" height="671" width="2494">https://login1.fhs.se/adfs/portal/logo/logo.jpg</mdui:Logo> + <mdui:Logo xml:lang="en" height="671" width="2494">https://login1.fhs.se/adfs/portal/logo/logo.jpg</mdui:Logo> <mdui:Keywords xml:lang="sv">fhs</mdui:Keywords> <mdui:Keywords xml:lang="en">fhs</mdui:Keywords> </mdui:UIInfo> @@ -91,6 +68,6 @@ <Company>Swedish Defence University</Company> <SurName>FHS IT Helpdesk</SurName> <EmailAddress>mailto:helpdesk@fhs.se</EmailAddress> - <TelephoneNumber>+46 08 55342545</TelephoneNumber> + <TelephoneNumber>+46 8 55342545</TelephoneNumber> </ContactPerson> </EntityDescriptor> diff --git a/swamid-2.0/lubcat.lub.lu.se-shibboleth.xml b/swamid-2.0/lubcat.lub.lu.se-shibboleth.xml new file mode 100644 index 00000000..7b542aef --- /dev/null +++ b/swamid-2.0/lubcat.lub.lu.se-shibboleth.xml @@ -0,0 +1,101 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://lubcat.lub.lu.se/shibboleth"> + <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> + <md:Extensions> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://lubcat.lub.lu.se/Shibboleth.sso/Login"/> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">LUBcat</mdui:DisplayName> + <mdui:DisplayName xml:lang="sv">LUBcat</mdui:DisplayName> + <mdui:Description xml:lang="en">LUBcat, the library catalogue at Lund University</mdui:Description> + <mdui:Description xml:lang="sv">LUBcat, bibliotekskatalogen vid Lunds universitet</mdui:Description> + <mdui:InformationURL xml:lang="en">https://lubcat.lub.lu.se</mdui:InformationURL> + <mdui:InformationURL xml:lang="sv">https://lubcat.lub.lu.se</mdui:InformationURL> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:KeyName>koha.lub.lu.se</ds:KeyName> + <ds:KeyName>lubcat.lub.lu.se</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=lubcat.lub.lu.se</ds:X509SubjectName> + <ds:X509Certificate> + MIIEBzCCAm+gAwIBAgIJAIHg4MxNUmPGMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV + BAMTEGx1YmNhdC5sdWIubHUuc2UwHhcNMTgwNjExMTIzMDQ0WhcNMjgwNjA4MTIz + MDQ0WjAbMRkwFwYDVQQDExBsdWJjYXQubHViLmx1LnNlMIIBojANBgkqhkiG9w0B + AQEFAAOCAY8AMIIBigKCAYEA478CYAV83v5lkx8hEYaf7/o3EVMOzO6bOwZNYQXA + FZKdeKDREdoUFKdKESN0W9Zaf3jYh09HVAvyB4Op2FyYLD3WmBe7CsAmM9Lq4XHb + oD7VeNWHX6CEpwkqH9RUNOsrak+TWpn1a4GXIkr+OxGV6NlygT7SpeoCvobLaN/p + MB/KOttd+ZJn5zPq4G21pTqrwX2E9WfB2qhficu8ZPMpBPsCgdedNJ4RI/R/P+4M + Jbq5qw1w6HL5ABvEYhb3+QZnfTL51KQjLkAwChIXv3UMJ07zvnUPtv+a5px+loKZ + z/k/UvWmRpRqxW2ozu3ERLMomUGOpmTw7klsWhje3F5bkjihr12hxL4xueOxOepe + +oENcA7kEjN0k+LwyzWBIRpTqihGN96XAzxUDDzMHkvAFfGbXf/dujNKpq1TLUu3 + BCwkGRp0wJPKJVM6zwj9Mpb2w7ikjGhB7QymtITTLMBkG+VP1/g8ZsSzvw2YXNe3 + xCroPqROjrNFPpdLhUdFgZl9AgMBAAGjTjBMMCsGA1UdEQQkMCKCEGx1YmNhdC5s + dWIubHUuc2WGDmtvaGEubHViLmx1LnNlMB0GA1UdDgQWBBRGRbUDwyLZ2eb2CqbZ + mIpO8yb84DANBgkqhkiG9w0BAQsFAAOCAYEA4fnM3jPZJ9zLTZyKjGXKZ8iHS4zz + QU6uunRmYoJD+AsBvp2prwqheuRFNSubDie8SKGp6dDh7AB7tftgc0vpRw7V2Mjs + 6H7IChJFgyNNMwnE5RzCWtG9j3W9H4m/bDIbxv/wQ7VhPvb1KYJrzUtMdnk5e4zK + Isq2i3XNAcxl3QbfRTwPG9AHG/B/pC47whMZODuLn7Hpph/nN67uYzVFHDxGeV+e + IkAp1ME/ryAqL4rZSet1XkclYUmS48aopuDfpkc8cuklvb1RJPG9RZCG5r/hC4ru + Eiah3eRwEGOm7SZmdZqj5TxfBJ1Yb4JsKv8YipKX6FzgH2+pZ24UQbQOY1udJSTB + zE6te6lGnmK4XEttAgDsoJ4SpzWysOmwmEWfR/OjR1CLLWw+L2asChQMnBIjs4hD + 7kFnEFNDxKL+4WcCvRtmibI4F/VjdbzCUq1buF9aE4aethWECHR2umzuv2E8q0Ey + JIHl0vtDDiOXzxkUj9hAnkua5AhIWpkqePOP + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://lubcat.lub.lu.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SAML/POST" index="5"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://lubcat.lub.lu.se/Shibboleth.sso/SAML/Artifact" index="6"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">LU</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Lund University</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">lu.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:Company>Lund University</md:Company> + <md:SurName>Dave Sherohman</md:SurName> + <md:EmailAddress>mailto:dave.sherohman@ub.lu.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/medlem.consensus.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml b/swamid-2.0/medlem.consensus.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml new file mode 100644 index 00000000..dd5f9242 --- /dev/null +++ b/swamid-2.0/medlem.consensus.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://medlem.consensus.liu.se/saml/simplesamlwww/module.php/saml/sp/metadata.php/AgeraMedlem"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Medlemsportalen</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Member Portal</mdui:DisplayName> + <mdui:Description xml:lang="sv">Medlemsportalen för Consensus Linköping</mdui:Description> + <mdui:Description xml:lang="en">Member Portal for Consensus Linköping</mdui:Description> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDrDCCApQCCQDMDwvLD8QR3zANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEgMB4GA1UEAwwXbWVkbGVtLmNvbnNlbnN1cy5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwHhcNMTgwNzA0MTIxOTI2WhcNMjgwNzAzMTIxOTI2WjCBlzELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEgMB4GA1UEAwwXbWVkbGVtLmNvbnNlbnN1cy5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBu9VSSdGpSKvqukGYMhSNTBAB4Cnrq96xX2YaI/CpkBnBzESG5TI7ExRf1ezZZFj629oS6L9oYxJRioG8Nkz/z0K4eoApdLMVomxXkXNx9WgmlB1jPo16kP9m+ZB39A0SsxtrM0M7ooHUY0/35Dl+FzLAX2BrA/zcn3ChJqrC1aaPyLW4H3zlp1VV5Gs/UsRWrLm0mzrwv+M0YyI1sL87vKmKqjzA55QjR567/eU4wWTKBRsWOwtbQei42ef4WICl1U9bKmAviGVucxHO7ZDKEXfMlhnRv/qVWYqJxej0y/olidOEE562VtioQCP/L6CqbHaqYLa8nn1ms+jHL6hNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACfza86hMDbKnftHXmgwudphMd6eGOAdYJsUmkiPWO+zkUH1C3ZKjOetCAXYBYLZ+W3m5t0vX38J4ye97dJDoCLRg4qNipJ38AdJF+7SJUih8yDnT0IvXk6k3irxdGaq7GujouiR6i52KiObC7RKLviGri2203IZTLkP3Kf1BUSmrlluo8hWHDVf//CGfQnX29h+LWaz5DyEyLgNBjBWx6DO90n423Z2m1f4sdB8ITs1a8EyI3lL8tZTb6xtHWeAiTJV+UHXArODOsgFlvr9Kv7JhiNLyIXXjPoKlF+QRLiGzJq4w/I379gg3OorNhFI73JxTbYgs1QOtVnWmzWojt8=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDrDCCApQCCQDMDwvLD8QR3zANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEgMB4GA1UEAwwXbWVkbGVtLmNvbnNlbnN1cy5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwHhcNMTgwNzA0MTIxOTI2WhcNMjgwNzAzMTIxOTI2WjCBlzELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEgMB4GA1UEAwwXbWVkbGVtLmNvbnNlbnN1cy5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBu9VSSdGpSKvqukGYMhSNTBAB4Cnrq96xX2YaI/CpkBnBzESG5TI7ExRf1ezZZFj629oS6L9oYxJRioG8Nkz/z0K4eoApdLMVomxXkXNx9WgmlB1jPo16kP9m+ZB39A0SsxtrM0M7ooHUY0/35Dl+FzLAX2BrA/zcn3ChJqrC1aaPyLW4H3zlp1VV5Gs/UsRWrLm0mzrwv+M0YyI1sL87vKmKqjzA55QjR567/eU4wWTKBRsWOwtbQei42ef4WICl1U9bKmAviGVucxHO7ZDKEXfMlhnRv/qVWYqJxej0y/olidOEE562VtioQCP/L6CqbHaqYLa8nn1ms+jHL6hNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACfza86hMDbKnftHXmgwudphMd6eGOAdYJsUmkiPWO+zkUH1C3ZKjOetCAXYBYLZ+W3m5t0vX38J4ye97dJDoCLRg4qNipJ38AdJF+7SJUih8yDnT0IvXk6k3irxdGaq7GujouiR6i52KiObC7RKLviGri2203IZTLkP3Kf1BUSmrlluo8hWHDVf//CGfQnX29h+LWaz5DyEyLgNBjBWx6DO90n423Z2m1f4sdB8ITs1a8EyI3lL8tZTb6xtHWeAiTJV+UHXArODOsgFlvr9Kv7JhiNLyIXXjPoKlF+QRLiGzJq4w/I379gg3OorNhFI73JxTbYgs1QOtVnWmzWojt8=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://medlem.consensus.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-logout.php/AgeraMedlem"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://medlem.consensus.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="0"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://medlem.consensus.liu.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://medlem.consensus.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://medlem.consensus.liu.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem/artifact" index="3"/> + </md:SPSSODescriptor> + <md:ContactPerson contactType="technical"> + <md:GivenName>Johan</md:GivenName> + <md:SurName>Sölve</md:SurName> + <md:EmailAddress>webb@montania.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/medlem.gotastudentkar.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml b/swamid-2.0/medlem.gotastudentkar.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml new file mode 100644 index 00000000..d036cc0c --- /dev/null +++ b/swamid-2.0/medlem.gotastudentkar.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://medlem.gotastudentkar.se/saml/simplesamlwww/module.php/saml/sp/metadata.php/AgeraMedlem"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Medlemsportalen</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Member Portal</mdui:DisplayName> + <mdui:Description xml:lang="sv">Medlemsportalen för Göta studentkår</mdui:Description> + <mdui:Description xml:lang="en">Member Portal for Göta studentkår</mdui:Description> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDrjCCApYCCQDOi6fRpM1uGzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEhMB8GA1UEAwwYbWVkbGVtLmdvdGFzdHVkZW50a2FyLnNlMR8wHQYJKoZIhvcNAQkBFhB3ZWJiQG1vbnRhbmlhLnNlMB4XDTE4MDcwNDEzMzExN1oXDTI4MDcwMzEzMzExN1owgZgxCzAJBgNVBAYTAlNFMREwDwYDVQQHDAhIYWxtc3RhZDEbMBkGA1UECgwSTW9udGFuaWEgU3lzdGVtIEFCMRUwEwYDVQQLDAxBZ2VyYSBNZWRsZW0xITAfBgNVBAMMGG1lZGxlbS5nb3Rhc3R1ZGVudGthci5zZTEfMB0GCSqGSIb3DQEJARYQd2ViYkBtb250YW5pYS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlY3sLNuur0tS9ZGkjFHkrH4xPL1K3u0HmuHyKMsfW8o7pB8/IhQnhpoCyN87C7NrIBEk+leFS2WOJ/5REBQM7+JFpOGBSx/SBAqKI6u6rmoXYuWsW+0MJlKFB04QD3bo0mWNdz5ZgmS39cddPBUwsPUMpRryA/JDgl2/yq8w4DHK8rN0j9thrMzpajbzztxE1RV9kF/wjBv/2hIvNaQs3qKRNEcVLwsP0rN5yfXbglRSBPyvpwhj1LJwdJ8lkMqQXcfKySmODB7vUCR2bz01WwaoPENzrKNTsDWootKnz1abNxi5N+vfKmvOTalg4g1yMqFhWyqnYV8hUvWAFpk60CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg4qAK4Cb6Xbnt2IbFB6qrPrFelK+M8wO1Lo8zBziApQPxF2wlWkazODQrGxPl3gMWr8Y5LlwptdNQcmUzXL5Pm7dlKkvmh0inFnnDrZ+M1kzSw41qrs4Lf/mriHA0aOG7uXF17+sDZdVUVkBDt9YOys9tBw4sorPkrprOcmcGH4bLhLfJJrmsq3Viz84QY5pxuIEDN8viGdPRNGuhQTufMaoht6F00jEVCIj2FeCnubiCCzWDDVUR2wXrodQ/3eVS0mbzqb3AWwHn0EPevrkNZqF6x1Uab86z2zZ1E3y2zJRND8N5wGug8YQujyIXvvzuBNhfSiq7/XcHxKINYILwQ==</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDrjCCApYCCQDOi6fRpM1uGzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEhMB8GA1UEAwwYbWVkbGVtLmdvdGFzdHVkZW50a2FyLnNlMR8wHQYJKoZIhvcNAQkBFhB3ZWJiQG1vbnRhbmlhLnNlMB4XDTE4MDcwNDEzMzExN1oXDTI4MDcwMzEzMzExN1owgZgxCzAJBgNVBAYTAlNFMREwDwYDVQQHDAhIYWxtc3RhZDEbMBkGA1UECgwSTW9udGFuaWEgU3lzdGVtIEFCMRUwEwYDVQQLDAxBZ2VyYSBNZWRsZW0xITAfBgNVBAMMGG1lZGxlbS5nb3Rhc3R1ZGVudGthci5zZTEfMB0GCSqGSIb3DQEJARYQd2ViYkBtb250YW5pYS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlY3sLNuur0tS9ZGkjFHkrH4xPL1K3u0HmuHyKMsfW8o7pB8/IhQnhpoCyN87C7NrIBEk+leFS2WOJ/5REBQM7+JFpOGBSx/SBAqKI6u6rmoXYuWsW+0MJlKFB04QD3bo0mWNdz5ZgmS39cddPBUwsPUMpRryA/JDgl2/yq8w4DHK8rN0j9thrMzpajbzztxE1RV9kF/wjBv/2hIvNaQs3qKRNEcVLwsP0rN5yfXbglRSBPyvpwhj1LJwdJ8lkMqQXcfKySmODB7vUCR2bz01WwaoPENzrKNTsDWootKnz1abNxi5N+vfKmvOTalg4g1yMqFhWyqnYV8hUvWAFpk60CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg4qAK4Cb6Xbnt2IbFB6qrPrFelK+M8wO1Lo8zBziApQPxF2wlWkazODQrGxPl3gMWr8Y5LlwptdNQcmUzXL5Pm7dlKkvmh0inFnnDrZ+M1kzSw41qrs4Lf/mriHA0aOG7uXF17+sDZdVUVkBDt9YOys9tBw4sorPkrprOcmcGH4bLhLfJJrmsq3Viz84QY5pxuIEDN8viGdPRNGuhQTufMaoht6F00jEVCIj2FeCnubiCCzWDDVUR2wXrodQ/3eVS0mbzqb3AWwHn0EPevrkNZqF6x1Uab86z2zZ1E3y2zJRND8N5wGug8YQujyIXvvzuBNhfSiq7/XcHxKINYILwQ==</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://medlem.gotastudentkar.se/saml/simplesamlwww/module.php/saml/sp/saml2-logout.php/AgeraMedlem"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://medlem.gotastudentkar.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="0"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://medlem.gotastudentkar.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://medlem.gotastudentkar.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://medlem.gotastudentkar.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem/artifact" index="3"/> + </md:SPSSODescriptor> + <md:ContactPerson contactType="technical"> + <md:GivenName>Johan</md:GivenName> + <md:SurName>Sölve</md:SurName> + <md:EmailAddress>webb@montania.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/medlem.lintek.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml b/swamid-2.0/medlem.lintek.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml new file mode 100644 index 00000000..4c40343f --- /dev/null +++ b/swamid-2.0/medlem.lintek.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://medlem.lintek.liu.se/saml/simplesamlwww/module.php/saml/sp/metadata.php/AgeraMedlem"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Medlemsportalen</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Member Portal</mdui:DisplayName> + <mdui:Description xml:lang="sv">Medlemsportalen för Linköpings teknologers studentkår</mdui:Description> + <mdui:Description xml:lang="en">Member Portal for Linköping Union of Technology and Science Students</mdui:Description> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDvjCCAqYCCQChX/KBdFYWXTANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCU0UxCjAIBgNVBAgMAS0xETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEdMBsGA1UEAwwUbWVkbGVtLmxpbnRlay5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwHhcNMTgwNzA0MTE1ODU1WhcNMjgwNzAzMTE1ODU1WjCBoDELMAkGA1UEBhMCU0UxCjAIBgNVBAgMAS0xETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEdMBsGA1UEAwwUbWVkbGVtLmxpbnRlay5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUSflkj4/v3zciaRRGV88x81tuYumdPZETLOqjWhm7b/eDiTJ8MFcmNtjHW7VEZFGSqwE3iL4Zeu6C7CJQ1HUhNjiSATrapknwNUJ7amBiqMlPymF23OSfP49dN3bnwD3+rwf9g7KCNWe6OUEX+2rg+JGm3nYGODqaEJPyjvwdZO3ZubJlYNeb0RuTYy/LVHMvlVmC2ro4nGC40MEgu0ZABzeUGNmmTZGdC6Gcw3uecTfMeHPz7PtY3JBvU1HBqjel6LIB4OY6QdwmASmfr4ypcjgLqPS7VdPbVkWgyiL766oZGW0UKp03IrxkT93CLoZqTQJkSo5+W2k6cvGa3n95AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKaDARKMMuzNA4fROSv07ZFq+TvasLI0Psc7vqcv2zwtcAsmQw940X94v202Y2+r6Om1ZPHPqXMNjFPBAJWqFb1YOceX+XAQvunT3WUfohqlZQyVDlyRmBwzJSgPTo5Tg5qeiDR6/h1YASRaJfdDY4h0VjnBvEpoYCd2fj6qBWJ10KmFdkTo3sA+7e4tOO1Z6s/E/EWt39DA3Nq0JBkB4Jgspl7njcsytDGVzaN4eravKLvLdsbm/W5b56V8f1hL3XLQ3WIAAx7lyVTAU8i1uAOvrxycMPR+HfCS9rD2MVjWmbsiZdDBzbenqdXdR2av5E0czXVzuj5Pav8pqkxOFLY=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDvjCCAqYCCQChX/KBdFYWXTANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCU0UxCjAIBgNVBAgMAS0xETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEdMBsGA1UEAwwUbWVkbGVtLmxpbnRlay5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwHhcNMTgwNzA0MTE1ODU1WhcNMjgwNzAzMTE1ODU1WjCBoDELMAkGA1UEBhMCU0UxCjAIBgNVBAgMAS0xETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEdMBsGA1UEAwwUbWVkbGVtLmxpbnRlay5saXUuc2UxHzAdBgkqhkiG9w0BCQEWEHdlYmJAbW9udGFuaWEuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUSflkj4/v3zciaRRGV88x81tuYumdPZETLOqjWhm7b/eDiTJ8MFcmNtjHW7VEZFGSqwE3iL4Zeu6C7CJQ1HUhNjiSATrapknwNUJ7amBiqMlPymF23OSfP49dN3bnwD3+rwf9g7KCNWe6OUEX+2rg+JGm3nYGODqaEJPyjvwdZO3ZubJlYNeb0RuTYy/LVHMvlVmC2ro4nGC40MEgu0ZABzeUGNmmTZGdC6Gcw3uecTfMeHPz7PtY3JBvU1HBqjel6LIB4OY6QdwmASmfr4ypcjgLqPS7VdPbVkWgyiL766oZGW0UKp03IrxkT93CLoZqTQJkSo5+W2k6cvGa3n95AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKaDARKMMuzNA4fROSv07ZFq+TvasLI0Psc7vqcv2zwtcAsmQw940X94v202Y2+r6Om1ZPHPqXMNjFPBAJWqFb1YOceX+XAQvunT3WUfohqlZQyVDlyRmBwzJSgPTo5Tg5qeiDR6/h1YASRaJfdDY4h0VjnBvEpoYCd2fj6qBWJ10KmFdkTo3sA+7e4tOO1Z6s/E/EWt39DA3Nq0JBkB4Jgspl7njcsytDGVzaN4eravKLvLdsbm/W5b56V8f1hL3XLQ3WIAAx7lyVTAU8i1uAOvrxycMPR+HfCS9rD2MVjWmbsiZdDBzbenqdXdR2av5E0czXVzuj5Pav8pqkxOFLY=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://medlem.lintek.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-logout.php/AgeraMedlem"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://medlem.lintek.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="0"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://medlem.lintek.liu.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://medlem.lintek.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://medlem.lintek.liu.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem/artifact" index="3"/> + </md:SPSSODescriptor> + <md:ContactPerson contactType="technical"> + <md:GivenName>Johan</md:GivenName> + <md:SurName>Sölve</md:SurName> + <md:EmailAddress>webb@montania.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/medlem.stuff.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml b/swamid-2.0/medlem.stuff.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml new file mode 100644 index 00000000..7751b612 --- /dev/null +++ b/swamid-2.0/medlem.stuff.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://medlem.stuff.liu.se/saml/simplesamlwww/module.php/saml/sp/metadata.php/AgeraMedlem"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Medlemsportalen</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Member Portal</mdui:DisplayName> + <mdui:Description xml:lang="sv">Medlemsportalen för StuFF</mdui:Description> + <mdui:Description xml:lang="en">Member Portal for StuFF</mdui:Description> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDpDCCAowCCQDTYedhFyC/YjANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEcMBoGA1UEAwwTbWVkbGVtLnN0dWZmLmxpdS5zZTEfMB0GCSqGSIb3DQEJARYQd2ViYkBtb250YW5pYS5zZTAeFw0xODA3MDQxMjEzMDFaFw0yODA3MDMxMjEzMDFaMIGTMQswCQYDVQQGEwJTRTERMA8GA1UEBwwISGFsbXN0YWQxGzAZBgNVBAoMEk1vbnRhbmlhIFN5c3RlbSBBQjEVMBMGA1UECwwMQWdlcmEgTWVkbGVtMRwwGgYDVQQDDBNtZWRsZW0uc3R1ZmYubGl1LnNlMR8wHQYJKoZIhvcNAQkBFhB3ZWJiQG1vbnRhbmlhLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQoJmAJhgqKSS0MzTeeHeE56i04rUEddn9tu/x5F6boC+ggG14UnPUbXhCfo9ZjDHQO28+yCWdRhfWAmvCWfmKkhSx4CpgfE9Yn6mw8+CrssfUUUAkzvqddc7a3ZjL7LPmSntWi3zQE0fzUQv7X4YOzMc9mVQ2TMzy4aKhwGS6ib41m8T4AGRwUEZFbKMt+wDq3YslBfcTTQyc62cRGl3xNsc+Z39Pa43Sb6bqjc9IClpjHObXxRyUpnq2eRg6GRE8yR0wXQG4kwZZAZ/jXS5Mp7xMuCID6qFiNGC+c5AUhCJ8iLmqF+0wmgJq11MeNcng0LtFWNW6VDwlWqtTEdDQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAid7qCYqN9v+CrkPEIUUgSpUiqi+38KasiemtdjbcHL7qSqFjv+KpS5DSvSu+PWsr4q4unHtzzAl08HcKwr8xOab3w1t/qq20cocyPCD+nSJIbtc8kWF7hjj+R6DUFVxe9dK05GUAB7QQHovYIaKKQCyLcPwFJk+u2CK/rLfcQOI7tLmd/nUX+4AbEMa0hdETGJ4Ahfp9lP7PdxAmBmR2WWa5gdga9C8dwuLphzeJtEdXpVBiyocfeUZB8mHNExRezzjFVp/K5QfHnXeTGO6CNrdX4F41BASRmCPTMQYTjFcMfRGpmJIdF4qCloFubbPEXSnGi909x2gdYyH6p3LFz</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDpDCCAowCCQDTYedhFyC/YjANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCU0UxETAPBgNVBAcMCEhhbG1zdGFkMRswGQYDVQQKDBJNb250YW5pYSBTeXN0ZW0gQUIxFTATBgNVBAsMDEFnZXJhIE1lZGxlbTEcMBoGA1UEAwwTbWVkbGVtLnN0dWZmLmxpdS5zZTEfMB0GCSqGSIb3DQEJARYQd2ViYkBtb250YW5pYS5zZTAeFw0xODA3MDQxMjEzMDFaFw0yODA3MDMxMjEzMDFaMIGTMQswCQYDVQQGEwJTRTERMA8GA1UEBwwISGFsbXN0YWQxGzAZBgNVBAoMEk1vbnRhbmlhIFN5c3RlbSBBQjEVMBMGA1UECwwMQWdlcmEgTWVkbGVtMRwwGgYDVQQDDBNtZWRsZW0uc3R1ZmYubGl1LnNlMR8wHQYJKoZIhvcNAQkBFhB3ZWJiQG1vbnRhbmlhLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQoJmAJhgqKSS0MzTeeHeE56i04rUEddn9tu/x5F6boC+ggG14UnPUbXhCfo9ZjDHQO28+yCWdRhfWAmvCWfmKkhSx4CpgfE9Yn6mw8+CrssfUUUAkzvqddc7a3ZjL7LPmSntWi3zQE0fzUQv7X4YOzMc9mVQ2TMzy4aKhwGS6ib41m8T4AGRwUEZFbKMt+wDq3YslBfcTTQyc62cRGl3xNsc+Z39Pa43Sb6bqjc9IClpjHObXxRyUpnq2eRg6GRE8yR0wXQG4kwZZAZ/jXS5Mp7xMuCID6qFiNGC+c5AUhCJ8iLmqF+0wmgJq11MeNcng0LtFWNW6VDwlWqtTEdDQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAid7qCYqN9v+CrkPEIUUgSpUiqi+38KasiemtdjbcHL7qSqFjv+KpS5DSvSu+PWsr4q4unHtzzAl08HcKwr8xOab3w1t/qq20cocyPCD+nSJIbtc8kWF7hjj+R6DUFVxe9dK05GUAB7QQHovYIaKKQCyLcPwFJk+u2CK/rLfcQOI7tLmd/nUX+4AbEMa0hdETGJ4Ahfp9lP7PdxAmBmR2WWa5gdga9C8dwuLphzeJtEdXpVBiyocfeUZB8mHNExRezzjFVp/K5QfHnXeTGO6CNrdX4F41BASRmCPTMQYTjFcMfRGpmJIdF4qCloFubbPEXSnGi909x2gdYyH6p3LFz</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://medlem.stuff.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-logout.php/AgeraMedlem"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://medlem.stuff.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="0"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://medlem.stuff.liu.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://medlem.stuff.liu.se/saml/simplesamlwww/module.php/saml/sp/saml2-acs.php/AgeraMedlem" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://medlem.stuff.liu.se/saml/simplesamlwww/module.php/saml/sp/saml1-acs.php/AgeraMedlem/artifact" index="3"/> + </md:SPSSODescriptor> + <md:ContactPerson contactType="technical"> + <md:GivenName>Johan</md:GivenName> + <md:SurName>Sölve</md:SurName> + <md:EmailAddress>webb@montania.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/openexam.bmc.uu.se-simplesaml.xml b/swamid-2.0/openexam.bmc.uu.se-simplesaml.xml index 7108da8a..fe46a178 100644 --- a/swamid-2.0/openexam.bmc.uu.se-simplesaml.xml +++ b/swamid-2.0/openexam.bmc.uu.se-simplesaml.xml @@ -12,15 +12,14 @@ <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> <md:Extensions> <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">OpenExam - Elektroniska tentor (CBE)</mdui:DisplayName> <mdui:DisplayName xml:lang="en">OpenExam - Electronic Exams (CBE)</mdui:DisplayName> - <mdui:DisplayName xml:lang="sv">OpenExam - Elektroniska Tentor (CBE)</mdui:DisplayName> - <mdui:Description xml:lang="en">OpenExam is a service platform for cunducting electronic exams.</mdui:Description> - <mdui:Description xml:lang="sv">OpenExam är en service platform för att genomföra elektroniska tentor.</mdui:Description> - <mdui:InformationURL xml:lang="en">http://openexam.bmc.uu.se/about</mdui:InformationURL> - <mdui:InformationURL xml:lang="sv">http://openexam.bmc.uu.se/about</mdui:InformationURL> - <mdui:PrivacyStatementURL xml:lang="en">http://openexam.bmc.uu.se/privacy</mdui:PrivacyStatementURL> - <mdui:PrivacyStatementURL xml:lang="sv">http://openexam.bmc.uu.se/privacy</mdui:PrivacyStatementURL> - <mdui:Logo width="100" height="100">https://openexam.bmc.uu.se/images/logo-medium-normal.png</mdui:Logo> + <mdui:Description xml:lang="sv">OpenExam är en serviceplattform för att genomföra elektroniska tentor.</mdui:Description> + <mdui:Description xml:lang="en">OpenExam is a service platform for conducting electronic exams.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://openexam.test.uu.se/about-sv</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://openexam.test.uu.se/about-en</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://openexam.test.uu.se/privacy-policy-sv</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://openexam.test.uu.se/privacy-policy-en</mdui:PrivacyStatementURL> </mdui:UIInfo> </md:Extensions> <md:KeyDescriptor use="signing"> @@ -45,20 +44,19 @@ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://openexam.bmc.uu.se/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact" index="3"/> </md:SPSSODescriptor> <md:Organization> - <md:OrganizationName xml:lang="en">Uppsala University</md:OrganizationName> <md:OrganizationName xml:lang="sv">Uppsala universitet</md:OrganizationName> - <md:OrganizationDisplayName xml:lang="en">Uppsala University</md:OrganizationDisplayName> + <md:OrganizationName xml:lang="en">Uppsala University</md:OrganizationName> <md:OrganizationDisplayName xml:lang="sv">Uppsala universitet</md:OrganizationDisplayName> - <md:OrganizationURL xml:lang="en">http://www.uu.se</md:OrganizationURL> + <md:OrganizationDisplayName xml:lang="en">Uppsala University</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="sv">http://www.uu.se/</md:OrganizationURL> + <md:OrganizationURL xml:lang="en">http://www.uu.se/en/</md:OrganizationURL> </md:Organization> + <md:ContactPerson contactType="technical"> + <md:Company>Uppsala universitet</md:Company> + <md:EmailAddress>mailto:drift@uadm.uu.se</md:EmailAddress> + </md:ContactPerson> <md:ContactPerson contactType="support"> - <md:GivenName>OpenExam</md:GivenName> + <md:Company>Uppsala universitet</md:Company> <md:EmailAddress>mailto:openexam@bmc.uu.se</md:EmailAddress> </md:ContactPerson> - <md:ContactPerson contactType="technical"> - <md:GivenName>Anders</md:GivenName> - <md:SurName>Lövgren</md:SurName> - <md:EmailAddress>mailto:anders.lovgren@bmc.uu.se</md:EmailAddress> - <md:TelephoneNumber>+46 18 4714016</md:TelephoneNumber> - </md:ContactPerson> </md:EntityDescriptor> diff --git a/swamid-2.0/pilot.idp.eduid.se-idp.xml b/swamid-2.0/pilot.idp.eduid.se-idp.xml deleted file mode 100644 index ff1e5deb..00000000 --- a/swamid-2.0/pilot.idp.eduid.se-idp.xml +++ /dev/null @@ -1,82 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:mace:shibboleth:metadata:1.0" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" entityID="https://pilot.idp.eduid.se/idp.xml"> - <ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <ns0:Extensions> - <ns1:Scope regexp="false">pilot.eduid.se</ns1:Scope> - </ns0:Extensions> - <ns0:KeyDescriptor use="encryption"> - <ns2:KeyInfo> - <ns2:X509Data> - <ns2:X509Certificate>MIIDXjCCAhagAwIBAgIEUpw56jANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDExUy -MDEzMTIwMi5pZHAuZWR1aWQuc2UwHhcNMTMxMjAyMDc0MjM2WhcNMTYxMjAxMDc0 -MzI5WjAgMR4wHAYDVQQDExUyMDEzMTIwMi5pZHAuZWR1aWQuc2UwggFSMA0GCSqG -SIb3DQEBAQUAA4IBPwAwggE6AoIBMQDBUWjILLi4wc4It2A1IJHOx1ho87XAYYqR -GPXGZg978+sJsesZamPR7wnxqYnXng+lCrKO3xEtrLE1JxzrEGY4xUMtnVOJmwgZ -G8+TVmppZsmIu/sQd0+uF+fFAc9BgYx+xL/KEpJLDM/BaoQnt5AIz1L8iG3L6hur -D8/79EN4Bp8tNG1WcX5Y8TjNk+4V9kd/GGZKaABH79aq2gD5W3F/j/A66b/qByq2 -LrbCZi1C9ED8X3oFeKXAQd/r82koj8ErKAaPfQXa6oxBn+hFwJ53bC4ixW84gOlI -oAZovK7uAE9xBoJOoW86rGRfFhJy7Jl41JqsjbOXGwKG0Ze4i00yJskiNWDiZh5n -ZgxnTY9vu1JMEIoVEhdaoeuXThUidFcHUKoGgfq8iQHIh9ehqhFpAgMBAAGjQDA+ -MAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUOJHQvHUg -3gPXPmJFWbX+GzVCxWEwDQYJKoZIhvcNAQELBQADggExAIqLh7pcjkYAr3n3msYf -PRasAPR+5OIdi7DSDNpPaPQnlSTGz0XwesxUvwhTuir7SDuqOzhoTW07jM8p8GQI -1cxdaHxnaxF+O5iNkU5Pgx0XhyktXfGeB4uhB33bULN0SfpgaEyyXbOGTRz06Th4 -3AW90cP+5odC/z+yHhcOHq4VcdOg3jZZtTBghQ08u3i7cJLIG5Auc0PZb37hgLRy -lAKHUrahuhbPDQhFjBwBX6rmRlDlMqNLhDdmlNPxg6xUbNpJIi6OnG/YpVRjbgcg -1JUccanKdjA79iR/QeMGaJHmBm/iVTmq4XQSaeBi3nfkTrxZdHD+UsP7TXorwD9Y -p5fHVO1o2XawoMuliRxlRkSbfW79b1XeKXBkV93clVkWc4M2VxBAsaT6yEwOLdif -7js= -</ns2:X509Certificate> - </ns2:X509Data> - </ns2:KeyInfo> - </ns0:KeyDescriptor> - <ns0:KeyDescriptor use="signing"> - <ns2:KeyInfo> - <ns2:X509Data> - <ns2:X509Certificate>MIIDXjCCAhagAwIBAgIEUpw56jANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDExUy -MDEzMTIwMi5pZHAuZWR1aWQuc2UwHhcNMTMxMjAyMDc0MjM2WhcNMTYxMjAxMDc0 -MzI5WjAgMR4wHAYDVQQDExUyMDEzMTIwMi5pZHAuZWR1aWQuc2UwggFSMA0GCSqG -SIb3DQEBAQUAA4IBPwAwggE6AoIBMQDBUWjILLi4wc4It2A1IJHOx1ho87XAYYqR -GPXGZg978+sJsesZamPR7wnxqYnXng+lCrKO3xEtrLE1JxzrEGY4xUMtnVOJmwgZ -G8+TVmppZsmIu/sQd0+uF+fFAc9BgYx+xL/KEpJLDM/BaoQnt5AIz1L8iG3L6hur -D8/79EN4Bp8tNG1WcX5Y8TjNk+4V9kd/GGZKaABH79aq2gD5W3F/j/A66b/qByq2 -LrbCZi1C9ED8X3oFeKXAQd/r82koj8ErKAaPfQXa6oxBn+hFwJ53bC4ixW84gOlI -oAZovK7uAE9xBoJOoW86rGRfFhJy7Jl41JqsjbOXGwKG0Ze4i00yJskiNWDiZh5n -ZgxnTY9vu1JMEIoVEhdaoeuXThUidFcHUKoGgfq8iQHIh9ehqhFpAgMBAAGjQDA+ -MAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUOJHQvHUg -3gPXPmJFWbX+GzVCxWEwDQYJKoZIhvcNAQELBQADggExAIqLh7pcjkYAr3n3msYf -PRasAPR+5OIdi7DSDNpPaPQnlSTGz0XwesxUvwhTuir7SDuqOzhoTW07jM8p8GQI -1cxdaHxnaxF+O5iNkU5Pgx0XhyktXfGeB4uhB33bULN0SfpgaEyyXbOGTRz06Th4 -3AW90cP+5odC/z+yHhcOHq4VcdOg3jZZtTBghQ08u3i7cJLIG5Auc0PZb37hgLRy -lAKHUrahuhbPDQhFjBwBX6rmRlDlMqNLhDdmlNPxg6xUbNpJIi6OnG/YpVRjbgcg -1JUccanKdjA79iR/QeMGaJHmBm/iVTmq4XQSaeBi3nfkTrxZdHD+UsP7TXorwD9Y -p5fHVO1o2XawoMuliRxlRkSbfW79b1XeKXBkV93clVkWc4M2VxBAsaT6yEwOLdif -7js= -</ns2:X509Certificate> - </ns2:X509Data> - </ns2:KeyInfo> - </ns0:KeyDescriptor> - <ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://pilot.idp.eduid.se/slo/soap"/> - <ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://pilot.idp.eduid.se/slo/post"/> - <ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://pilot.idp.eduid.se/slo/redirect"/> - <ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns0:NameIDFormat> - <ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</ns0:NameIDFormat> - <ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://pilot.idp.eduid.se/sso/redirect"/> - <ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://pilot.idp.eduid.se/sso/post"/> - <ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://pilot.idp.eduid.se/sso/art"/> - </ns0:IDPSSODescriptor> - <ns0:Organization> - <ns0:OrganizationName xml:lang="en">eduID PILOT</ns0:OrganizationName> - <ns0:OrganizationDisplayName xml:lang="en">eduID PILOT</ns0:OrganizationDisplayName> - <ns0:OrganizationURL xml:lang="en">http://www.eduid.se/</ns0:OrganizationURL> - </ns0:Organization> - <ns0:ContactPerson contactType="technical"> - <ns0:GivenName>eduID</ns0:GivenName> - <ns0:SurName>developers</ns0:SurName> - <ns0:EmailAddress>eduid-dev@SEGATE.SUNET.SE</ns0:EmailAddress> - </ns0:ContactPerson> - <ns0:ContactPerson contactType="support"> - <ns0:GivenName>Support</ns0:GivenName> - <ns0:EmailAddress>support@eduid.se</ns0:EmailAddress> - </ns0:ContactPerson> -</ns0:EntityDescriptor> diff --git a/swamid-2.0/play.ju.se.xml b/swamid-2.0/play.ju.se.xml new file mode 100644 index 00000000..7197ef69 --- /dev/null +++ b/swamid-2.0/play.ju.se.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://play.ju.se"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">Jönköping University Play service</mdui:DisplayName> + <mdui:DisplayName xml:lang="sv">Högskolan i Jönköping Playtjänst</mdui:DisplayName> + <mdui:Description xml:lang="en">This service is for presentation of videos from Jönköping University.</mdui:Description> + <mdui:Description xml:lang="sv">Denna tjänst används för presentationer av video från Högskolan i Jönköping.</mdui:Description> + <mdui:Logo height="77" width="299">https://lpw.hj.se/images/hj/gfx/hj-sv.png</mdui:Logo> + <mdui:Logo xml:lang="sv" height="77" width="299">https://lpw.hj.se/images/hj/gfx/hj-sv.png</mdui:Logo> + <mdui:Logo xml:lang="en" height="77" width="299">https://lpw.hj.se/images/hj/gfx/hj-sv.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICMjCCAZugAwIBAgIUNTWT26lK8ZSiQUyTUl0RoiGV4yAwDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzI0LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNTI5MTEzMjA1WhcNMTkwNTI5MTEzMjA1WjA9MSkwJwYDVQQDDCAzMjQtbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA25ss28aYBmKyumvI41hpQoQPep9uwhcb9WG0VX6p+nTi7rkk6DvZibfwNCeU4guo0kViuQRLxKbL4R5qmlGdnDrbK2rxdZqXiANu8Oq2EH+3APqHx1c3isv3cbPV0ckQ99IAbtz+sQ7sZe4DB1tRU7he/fdTS/A+z17ud9ZaAUECAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzI0LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEAfpxmxPLqbkH8TqyCeBa/Cxp4wipA/W5G2hNG1o3PByooHQDqmM/WTVJVaA+r0TWexfFFF8SiqBoLjmB7/AKr0MyNnAqBga+1dELItmj+NWd6/+8ioYnMcOWFo2mOXSQbis9a4qC2z0ZEGNu3vylTiHWLVJobCwgemrnAguSHEoI=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIICMjCCAZugAwIBAgIUNTWT26lK8ZSiQUyTUl0RoiGV4yAwDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzI0LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNTI5MTEzMjA1WhcNMTkwNTI5MTEzMjA1WjA9MSkwJwYDVQQDDCAzMjQtbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA25ss28aYBmKyumvI41hpQoQPep9uwhcb9WG0VX6p+nTi7rkk6DvZibfwNCeU4guo0kViuQRLxKbL4R5qmlGdnDrbK2rxdZqXiANu8Oq2EH+3APqHx1c3isv3cbPV0ckQ99IAbtz+sQ7sZe4DB1tRU7he/fdTS/A+z17ud9ZaAUECAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzI0LW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEAfpxmxPLqbkH8TqyCeBa/Cxp4wipA/W5G2hNG1o3PByooHQDqmM/WTVJVaA+r0TWexfFFF8SiqBoLjmB7/AKr0MyNnAqBga+1dELItmj+NWd6/+8ioYnMcOWFo2mOXSQbis9a4qC2z0ZEGNu3vylTiHWLVJobCwgemrnAguSHEoI=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://play.ju.se/user/logout"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://play.ju.se/user/authenticate" index="0"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">JU play - Jönköping University</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">JU play - Jönköping University</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://play.ju.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>NORDUnet</md:GivenName> + <md:SurName>SAML Admin</md:SurName> + <md:EmailAddress>mailto:saml@media.nordu.net</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/play.kau.se.xml b/swamid-2.0/play.kau.se.xml index c93fc6c8..1018b5c8 100644 --- a/swamid-2.0/play.kau.se.xml +++ b/swamid-2.0/play.kau.se.xml @@ -20,14 +20,14 @@ <md:KeyDescriptor use="signing"> <ds:KeyInfo> <ds:X509Data> - <ds:X509Certificate>MIICMjCCAZugAwIBAgIUJthSm5mO42eUMlr5toLKJCLgBMowDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNDIwMTE1NTE1WhcNMTkwNDIwMTE1NTE1WjA9MSkwJwYDVQQDDCAzMDAtbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyiDNnoLi56KGDLRoJ0Y2dBj4G7++BtnhkBGqIB0AwF9O0hNgB5smGf6biR+D+qjhrux4tGLM3NBgeevoCBhb5aupP4/0MBeelhdDmoPfApYRVIXp0N0rSy0gVFRtr0sw9T0txuBq3jB/XzVHRmWA8dSm9H0kkoZEzWRViGWroPcCAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEALwp3i9iN8738mOgmVLI6L/Q9CwtHpJ8HxPENk02v2gjOS5G81kkyjNT6cN5N5FXaLO/X3XmYMx/k3XWZuInvYHfWnGXb2geWycE1P/n150H4j7pq4RNKmoI0D2vlgdngcqjul/2iWjbUdEhOM3eZHbEdQA0Vwbk/PGV8mAuQfbI=</ds:X509Certificate> + <ds:X509Certificate>MIIDgDCCAmgCCQCROUvZYUy6nTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9yazEVMBMGA1UECgwMS2FsdHVyYSBJbmMuMRQwEgYDVQQDDAtwbGF5LmthdS5zZTElMCMGCSqGSIb3DQEJARYWc2FtbF9hZG1pbkBrYWx0dXJhLmNvbTAeFw0xNDEyMTgxMzAxMTRaFw0yNDEyMTcxMzAxMTRaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRUwEwYDVQQKDAxLYWx0dXJhIEluYy4xFDASBgNVBAMMC3BsYXkua2F1LnNlMSUwIwYJKoZIhvcNAQkBFhZzYW1sX2FkbWluQGthbHR1cmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XggMy5SNVvIqdLuynaM29/WMVAh5Utt7G8nyNJUDqsQ7Zh6ghh0RThxtLnmokPjljs9Kw2aVzAMz+hrf28q+F5915a3q6loTrfm0llxYeRn21023aGxki44p6/B5/8hmQSJQC8JfaI9PcMzI5FxBo/U10waEIeGXzaCCNIofCGa2eqeSVEdhCcT8kKE10E2WZy+8avd4E421POuaJW9osnqGh8m06FtaWqB+MiiETxzxIvMVZvIoF1bSjvDlV1+V0JB0Sl0SO6yU8aGO6P60LPK+y3RkeNkamMgKoLEFnZRUYeoukbLzrXuEyMUMYVFGpe+8MnK9APT3Ti+HHc6ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBzixsmpkDzazpnjcFicXmJGnRepcawDfirRKOyMCBIaXBi2lX7uWlicl3nD3FXT134aNCBSxrSK1iahiWVbkP5Oc/dleytoKRGgfRWlfgPXf94JcztaHOPu6C4Q2OdF9GvoE0bGzt9uiRMFBcajfgu0Ct0qjWxWyxtW7eOOC01cXX5lXoSmL90jjIJ2qkITpsWafpe2g+EBGaR+VcpYb3i/3j2U7f8XNDMdd6mObznD3l8246bgHMq2Eghw/qKLU6I1Vom23R0oy6xBUo+CDpYVqejh6r9bvkHPVj1o6dlJtSzbruZkUOhw9yqQR7iQjaRG0TSg/DZRfM4EpsjTJUC</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo> <ds:X509Data> - <ds:X509Certificate>MIICMjCCAZugAwIBAgIUJthSm5mO42eUMlr5toLKJCLgBMowDQYJKoZIhvcNAQEFBQAwPTEpMCcGA1UEAwwgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNDIwMTE1NTE1WhcNMTkwNDIwMTE1NTE1WjA9MSkwJwYDVQQDDCAzMDAtbWVkaWFzcGFjZS5rYWx0dXJhLm5vcmR1Lm5ldDEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyiDNnoLi56KGDLRoJ0Y2dBj4G7++BtnhkBGqIB0AwF9O0hNgB5smGf6biR+D+qjhrux4tGLM3NBgeevoCBhb5aupP4/0MBeelhdDmoPfApYRVIXp0N0rSy0gVFRtr0sw9T0txuBq3jB/XzVHRmWA8dSm9H0kkoZEzWRViGWroPcCAwEAAaMvMC0wKwYDVR0RBCQwIoIgMzAwLW1lZGlhc3BhY2Uua2FsdHVyYS5ub3JkdS5uZXQwDQYJKoZIhvcNAQEFBQADgYEALwp3i9iN8738mOgmVLI6L/Q9CwtHpJ8HxPENk02v2gjOS5G81kkyjNT6cN5N5FXaLO/X3XmYMx/k3XWZuInvYHfWnGXb2geWycE1P/n150H4j7pq4RNKmoI0D2vlgdngcqjul/2iWjbUdEhOM3eZHbEdQA0Vwbk/PGV8mAuQfbI=</ds:X509Certificate> + <ds:X509Certificate>MIIDgDCCAmgCCQCROUvZYUy6nTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9yazEVMBMGA1UECgwMS2FsdHVyYSBJbmMuMRQwEgYDVQQDDAtwbGF5LmthdS5zZTElMCMGCSqGSIb3DQEJARYWc2FtbF9hZG1pbkBrYWx0dXJhLmNvbTAeFw0xNDEyMTgxMzAxMTRaFw0yNDEyMTcxMzAxMTRaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRUwEwYDVQQKDAxLYWx0dXJhIEluYy4xFDASBgNVBAMMC3BsYXkua2F1LnNlMSUwIwYJKoZIhvcNAQkBFhZzYW1sX2FkbWluQGthbHR1cmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XggMy5SNVvIqdLuynaM29/WMVAh5Utt7G8nyNJUDqsQ7Zh6ghh0RThxtLnmokPjljs9Kw2aVzAMz+hrf28q+F5915a3q6loTrfm0llxYeRn21023aGxki44p6/B5/8hmQSJQC8JfaI9PcMzI5FxBo/U10waEIeGXzaCCNIofCGa2eqeSVEdhCcT8kKE10E2WZy+8avd4E421POuaJW9osnqGh8m06FtaWqB+MiiETxzxIvMVZvIoF1bSjvDlV1+V0JB0Sl0SO6yU8aGO6P60LPK+y3RkeNkamMgKoLEFnZRUYeoukbLzrXuEyMUMYVFGpe+8MnK9APT3Ti+HHc6ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBzixsmpkDzazpnjcFicXmJGnRepcawDfirRKOyMCBIaXBi2lX7uWlicl3nD3FXT134aNCBSxrSK1iahiWVbkP5Oc/dleytoKRGgfRWlfgPXf94JcztaHOPu6C4Q2OdF9GvoE0bGzt9uiRMFBcajfgu0Ct0qjWxWyxtW7eOOC01cXX5lXoSmL90jjIJ2qkITpsWafpe2g+EBGaR+VcpYb3i/3j2U7f8XNDMdd6mObznD3l8246bgHMq2Eghw/qKLU6I1Vom23R0oy6xBUo+CDpYVqejh6r9bvkHPVj1o6dlJtSzbruZkUOhw9yqQR7iQjaRG0TSg/DZRfM4EpsjTJUC</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> diff --git a/swamid-2.0/play.mau.se.xml b/swamid-2.0/play.mau.se.xml new file mode 100644 index 00000000..e5b55e2a --- /dev/null +++ b/swamid-2.0/play.mau.se.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://play.mau.se"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="sv">Mau play</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Mau play</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är Malmö universitets play tjänst</mdui:Description> + <mdui:Description xml:lang="en">This is Malmö University's streaming service</mdui:Description> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIB8zCCAVygAwIBAgIUXDvnYY8aJOJARL71LyNhcC1q9acwDQYJKoZIhvcNAQEFBQAwKDEUMBIGA1UEAwwLcGxheS5tYXUuc2UxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNTI4MTMwODM2WhcNMTkwNTI4MTMwODM2WjAoMRQwEgYDVQQDDAtwbGF5Lm1hdS5zZTEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Vb2Os9nVyCv6XG+nNgbRJYW64d4lyLCoWJN2ZlPjVKwR4+LFY/Z6VFDF6rPOX8NBJYsFXW2nIwyjkpYzea3QT/7Jt5EDTpvWT3+ZBc7FSy7yApYTJfhvlfzJYBni8zU+H0p4DSVsEA6M7WfRabV8jf805pmMRbHG8YFpKCu13cCAwEAAaMaMBgwFgYDVR0RBA8wDYILcGxheS5tYXUuc2UwDQYJKoZIhvcNAQEFBQADgYEAhrAt4rhs8VPUBSNF6d0o6cZJcw/h8XigVpR7BdhfkSpR+mKWZIb4SQX/T8AKWJ1GyW0YlJFASvTkda5OVyNnlLaGUNVXYKYSps2MmYQIGoxp8TUyPMKXx2p9sC80HNrqTmOcaBO0CySicIrWPjkmbAF9cpZ1pQ1HH9sEqrjTEAw=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIB8zCCAVygAwIBAgIUXDvnYY8aJOJARL71LyNhcC1q9acwDQYJKoZIhvcNAQEFBQAwKDEUMBIGA1UEAwwLcGxheS5tYXUuc2UxEDAOBgNVBAoMB2thbHR1cmEwHhcNMTgwNTI4MTMwODM2WhcNMTkwNTI4MTMwODM2WjAoMRQwEgYDVQQDDAtwbGF5Lm1hdS5zZTEQMA4GA1UECgwHa2FsdHVyYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Vb2Os9nVyCv6XG+nNgbRJYW64d4lyLCoWJN2ZlPjVKwR4+LFY/Z6VFDF6rPOX8NBJYsFXW2nIwyjkpYzea3QT/7Jt5EDTpvWT3+ZBc7FSy7yApYTJfhvlfzJYBni8zU+H0p4DSVsEA6M7WfRabV8jf805pmMRbHG8YFpKCu13cCAwEAAaMaMBgwFgYDVR0RBA8wDYILcGxheS5tYXUuc2UwDQYJKoZIhvcNAQEFBQADgYEAhrAt4rhs8VPUBSNF6d0o6cZJcw/h8XigVpR7BdhfkSpR+mKWZIb4SQX/T8AKWJ1GyW0YlJFASvTkda5OVyNnlLaGUNVXYKYSps2MmYQIGoxp8TUyPMKXx2p9sC80HNrqTmOcaBO0CySicIrWPjkmbAF9cpZ1pQ1HH9sEqrjTEAw=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://play.mau.se/user/logout"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://play.mau.se/user/authenticate" index="0"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">Mau play</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Mau play</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://play.mau.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>NORDUnet</md:GivenName> + <md:SurName>SAML Admin</md:SurName> + <md:EmailAddress>mailto:saml@media.nordu.net</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/play.sh.se.xml b/swamid-2.0/play.sh.se.xml index 30ff7879..9cd72df0 100644 --- a/swamid-2.0/play.sh.se.xml +++ b/swamid-2.0/play.sh.se.xml @@ -41,7 +41,8 @@ <md:OrganizationURL xml:lang="en">https://play.sh.se</md:OrganizationURL> </md:Organization> <md:ContactPerson contactType="technical"> - <md:SurName>Administrator</md:SurName> - <md:EmailAddress>saml_admin@kaltura.com</md:EmailAddress> + <md:GivenName>NORDUnet</md:GivenName> + <md:SurName>SAML Admin</md:SurName> + <md:EmailAddress>saml@media.nordu.net</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor> diff --git a/swamid-2.0/play.shh.se.xml b/swamid-2.0/play.shh.se.xml new file mode 100644 index 00000000..05fa88e2 --- /dev/null +++ b/swamid-2.0/play.shh.se.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://play.shh.se"> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/nren-service</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">Sophiahemmet University play service</mdui:DisplayName> + <mdui:DisplayName xml:lang="sv">Sophiahemmet Högskolas playtjänst</mdui:DisplayName> + <mdui:Description xml:lang="en">This is Sophiahemmet University’s streaming service.</mdui:Description> + <mdui:Description xml:lang="sv">Detta är Sophiahemmet Högskolas playtjänst</mdui:Description> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIFFTCCA/2gAwIBAgIJAP2taPVBJTORMA0GCSqGSIb3DQEBBQUAMIG3MQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xHzAdBgNVBAoUFlNvcGhpYWhlbW1ldCBIw7Znc2tvbGExITAfBgNVBAsUGEbDtnJ2YWx0bmluZ3NhdmRlbG5pbmdlbjEUMBIGA1UEAxMLcGxheS5zaGguc2UxJjAkBgkqhkiG9w0BCQEWF2pvYWtpbS5sZWhuc3Ryb21Ac2hoLnNlMB4XDTE4MDYxMTA5MTYyNloXDTI4MDYxMDA5MTYyNlowgbcxCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xEjAQBgNVBAcTCVN0b2NraG9sbTEfMB0GA1UEChQWU29waGlhaGVtbWV0IEjDtmdza29sYTEhMB8GA1UECxQYRsO2cnZhbHRuaW5nc2F2ZGVsbmluZ2VuMRQwEgYDVQQDEwtwbGF5LnNoaC5zZTEmMCQGCSqGSIb3DQEJARYXam9ha2ltLmxlaG5zdHJvbUBzaGguc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMgETbDyZeCfo14RJN0CmzN2QhWQc6yg16seF8LIsLWIjB3rjsJAuEJoQu89bcWmP5UP34cU6Q1MTATng4oDNJPxaD9Qcc+T42kyPnSQPXw/LvfIKr5jv6EvuZ/oEpuGnB7Zg4QiaWOdYYTxo47CcFFFqN837nffnR6UMLRt62bSG5wAH5c8ERXFdLPMr+PL79hsQDByuFcvC2X15RuKPUtVnHYOjIivdfYZssMsfoOGk6tC4nyaWiBRg4zldR1UZCdcXPVZiP3Mve3aoqRRf7olUEZErvesiRT/J2tEqMqnytIpol5s2K76QbVvJBL+ePyr27ztI+V5kbAti4qDU7AgMBAAGjggEgMIIBHDAdBgNVHQ4EFgQUjjz5ooBxJTlV9mXdjEmdEVc7spcwgewGA1UdIwSB5DCB4YAUjjz5ooBxJTlV9mXdjEmdEVc7spehgb2kgbowgbcxCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xEjAQBgNVBAcTCVN0b2NraG9sbTEfMB0GA1UEChQWU29waGlhaGVtbWV0IEjDtmdza29sYTEhMB8GA1UECxQYRsO2cnZhbHRuaW5nc2F2ZGVsbmluZ2VuMRQwEgYDVQQDEwtwbGF5LnNoaC5zZTEmMCQGCSqGSIb3DQEJARYXam9ha2ltLmxlaG5zdHJvbUBzaGguc2WCCQD9rWj1QSUzkTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBWnjQaWqI+hZyS110KINZc/olLi7FbV953D7kM2vQN/bkaz3X8vlw7vrUfFdfTyEOALHM8uXMynTMW2QMdF5wpOM14+Rtt9it9fswB6Sa+qnXakuCCM/uRy9Fm5OXevPv0+squ2TbhK7lP2iJwVKB5vXVX9jz/RDrw/w7BeQ+8f0yjvk3a5OPp2jUyOP7rfSjn0XkrEe3Vpo8L2kLEiPnC+3bOF+y+WUYWFk/qBzsJ1aOKXz5UbG8SmuAv6BKECkVopkU/dPQtUmd/rqR4tGGFL7EJY9Q2q42uj3lQdNAWK6fryG3vv7Hs5lmVBXsyK9te3+NzLfomPEJoDZR4s47s</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIFFTCCA/2gAwIBAgIJAP2taPVBJTORMA0GCSqGSIb3DQEBBQUAMIG3MQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xHzAdBgNVBAoUFlNvcGhpYWhlbW1ldCBIw7Znc2tvbGExITAfBgNVBAsUGEbDtnJ2YWx0bmluZ3NhdmRlbG5pbmdlbjEUMBIGA1UEAxMLcGxheS5zaGguc2UxJjAkBgkqhkiG9w0BCQEWF2pvYWtpbS5sZWhuc3Ryb21Ac2hoLnNlMB4XDTE4MDYxMTA5MTYyNloXDTI4MDYxMDA5MTYyNlowgbcxCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xEjAQBgNVBAcTCVN0b2NraG9sbTEfMB0GA1UEChQWU29waGlhaGVtbWV0IEjDtmdza29sYTEhMB8GA1UECxQYRsO2cnZhbHRuaW5nc2F2ZGVsbmluZ2VuMRQwEgYDVQQDEwtwbGF5LnNoaC5zZTEmMCQGCSqGSIb3DQEJARYXam9ha2ltLmxlaG5zdHJvbUBzaGguc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMgETbDyZeCfo14RJN0CmzN2QhWQc6yg16seF8LIsLWIjB3rjsJAuEJoQu89bcWmP5UP34cU6Q1MTATng4oDNJPxaD9Qcc+T42kyPnSQPXw/LvfIKr5jv6EvuZ/oEpuGnB7Zg4QiaWOdYYTxo47CcFFFqN837nffnR6UMLRt62bSG5wAH5c8ERXFdLPMr+PL79hsQDByuFcvC2X15RuKPUtVnHYOjIivdfYZssMsfoOGk6tC4nyaWiBRg4zldR1UZCdcXPVZiP3Mve3aoqRRf7olUEZErvesiRT/J2tEqMqnytIpol5s2K76QbVvJBL+ePyr27ztI+V5kbAti4qDU7AgMBAAGjggEgMIIBHDAdBgNVHQ4EFgQUjjz5ooBxJTlV9mXdjEmdEVc7spcwgewGA1UdIwSB5DCB4YAUjjz5ooBxJTlV9mXdjEmdEVc7spehgb2kgbowgbcxCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xEjAQBgNVBAcTCVN0b2NraG9sbTEfMB0GA1UEChQWU29waGlhaGVtbWV0IEjDtmdza29sYTEhMB8GA1UECxQYRsO2cnZhbHRuaW5nc2F2ZGVsbmluZ2VuMRQwEgYDVQQDEwtwbGF5LnNoaC5zZTEmMCQGCSqGSIb3DQEJARYXam9ha2ltLmxlaG5zdHJvbUBzaGguc2WCCQD9rWj1QSUzkTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBWnjQaWqI+hZyS110KINZc/olLi7FbV953D7kM2vQN/bkaz3X8vlw7vrUfFdfTyEOALHM8uXMynTMW2QMdF5wpOM14+Rtt9it9fswB6Sa+qnXakuCCM/uRy9Fm5OXevPv0+squ2TbhK7lP2iJwVKB5vXVX9jz/RDrw/w7BeQ+8f0yjvk3a5OPp2jUyOP7rfSjn0XkrEe3Vpo8L2kLEiPnC+3bOF+y+WUYWFk/qBzsJ1aOKXz5UbG8SmuAv6BKECkVopkU/dPQtUmd/rqR4tGGFL7EJY9Q2q42uj3lQdNAWK6fryG3vv7Hs5lmVBXsyK9te3+NzLfomPEJoDZR4s47s</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://play.shh.se/user/logout"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://play.shh.se/user/authenticate" index="0"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">Sophiahemmet Högskola</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Sophiahemmet Högskola</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://play.shh.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>NORDUnet</md:GivenName> + <md:SurName>SAML Admin</md:SurName> + <md:EmailAddress>saml@media.nordu.net</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/prestaging.cloudmore.com-shibboleth.xml b/swamid-2.0/prestaging.cloudmore.com-shibboleth.xml index fa1838e8..04f6f61e 100644 --- a/swamid-2.0/prestaging.cloudmore.com-shibboleth.xml +++ b/swamid-2.0/prestaging.cloudmore.com-shibboleth.xml @@ -33,7 +33,7 @@ <mdui:Description xml:lang="en">Cloud Brokerage Platform for IT, Business and Public Sector</mdui:Description> <mdui:InformationURL xml:lang="en">http://web.cloudmore.com/</mdui:InformationURL> <mdui:Logo xml:lang="en" height="300" width="300">https://cloudmore.com/Files/Uploads/Shibboleth/Cloudmore-green-icon.png</mdui:Logo> - <mdui:PrivacyStatementURL xml:lang="en">https://web.cloudmore.com/hubfs/terms/Cloudmore%20Privacy%20Policy%20v2017-04.pdf</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">http://web.cloudmore.com/privacy/cloudmore-data-processing-terms</mdui:PrivacyStatementURL> </mdui:UIInfo> </md:Extensions> <md:KeyDescriptor> diff --git a/swamid-2.0/proquest-ra21.mnt.se-shibboleth.xml b/swamid-2.0/proquest-ra21.mnt.se-shibboleth.xml index 6fc8b4fe..049a34f3 100644 --- a/swamid-2.0/proquest-ra21.mnt.se-shibboleth.xml +++ b/swamid-2.0/proquest-ra21.mnt.se-shibboleth.xml @@ -1,8 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- -This is example metadata only. Do *NOT* supply it as is without review, -and do *NOT* provide it in real time to your partners. - --> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://proquest-ra21.mnt.se/shibboleth"> <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> @@ -78,4 +74,14 @@ ozpzY2SFlw== <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://proquest-ra21.mnt.se/Shibboleth.sso/SAML/POST" index="5"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://proquest-ra21.mnt.se/Shibboleth.sso/SAML/Artifact" index="6"/> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">The RA21 Project</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Resource Access for the 21st Century (RA21)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://ra21.org</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID</md:GivenName> + <md:SurName>Operations</md:SurName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> </md:EntityDescriptor> diff --git a/swamid-2.0/ra.se-leg.se-shibboleth.xml b/swamid-2.0/ra.se-leg.se-shibboleth.xml index 606c0459..a9af6272 100644 --- a/swamid-2.0/ra.se-leg.se-shibboleth.xml +++ b/swamid-2.0/ra.se-leg.se-shibboleth.xml @@ -26,10 +26,10 @@ </md:Extensions> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:Extensions> - <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://ra.se-leg.se/Shibboleth.sso/Login/eduid-dev"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://ra.se-leg.se/Shibboleth.sso/Login/eduid"/> <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://ra.se-leg.se/Shibboleth.sso/Login/sunet-siths"/> - <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://ra.se-leg.se/Shibboleth.sso/DS/swamid-test"/> - <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://ra.se-leg.se/Shibboleth.sso/DS/swamid-test" index="1"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://ra.se-leg.se/Shibboleth.sso/DS/ndn"/> + <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://ra.se-leg.se/Shibboleth.sso/DS/ndn" index="1"/> </md:Extensions> <md:KeyDescriptor> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> @@ -37,29 +37,30 @@ <ds:KeyName>ra.se-leg.se</ds:KeyName> <ds:X509Data> <ds:X509SubjectName>CN=ra.se-leg.se</ds:X509SubjectName> - <ds:X509Certificate>MIIEDDCCAnSgAwIBAgIJAKj4PEYDXmGDMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV -BAMTDHJhLnNlLWxlZy5zZTAeFw0xODA0MDYxMTI3MDlaFw0yODA0MDYxMTI3MDla -MBcxFTATBgNVBAMTDHJhLnNlLWxlZy5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGP -ADCCAYoCggGBAPBitjY82g71TZFD2FoQny+nWi47CWCDcfwac8KY2bli6Gbv1274 -by+g+KQPjvlf4rutKH8TCX0vLwW/Z8z3xKa1r9Jjntj91MdkXhj30+SB/NHvDdDX -hjodh/o52Jq4STgFelXT8rPin9wl59AzixDYSc2FhvP1wgUm8yinl8I8DbYYntuk -wEMg2jNpIfMD75fgZ/2OiIA07GtT2NYmidePP4Oh+6fnqm8UCdT78CAJq/68AWVn -Nb4gPj/xVa/B6PNQfBbcMU4HhCbheog88oVuozkeVJGdcjkxDb/m0JajD7vCxg7A -7vsUQEy73Xz5YkXSnbuvPSLWxw9LM3sNHPMGtiGEjXkTT0ivP8ck8q7yIng08ePL -I7z4DE7HAQOtegsy83Wj09svOgD9f4Zbqs9hKZCIMZPEJ4plTEBCdOkjsBSFvv+d -/pbTApQYgndvSQSX4DJhSpIuspBI7Jbbnom6PUfA/qcwz6OC3Ov9IpS5aQGW4A/Z -nO+4CM+vuuvmtwIDAQABo1swWTA4BgNVHREEMTAvggxyYS5zZS1sZWcuc2WGH2h0 -dHBzOi8vcmEuc2UtbGVnLnNlL3NoaWJib2xldGgwHQYDVR0OBBYEFMjWjw0gad/q -TG1L3UlhDczozvD9MA0GCSqGSIb3DQEBCwUAA4IBgQCwC0R5ll6/7Sfj4kdsMrfh -AmAgwcf1IxqkjEPbhI1y5TRMLhB7Ajex1O2dClv/LcUn47gihDDeQPivWZMAOhSi -VZ5zvPiFDLSq0qQCr71A/tZQSMTg4Soiy2Pdq9DIsxob2DHV23irjvl6HgdMhxXp -FIoQ2lf9irpBLaNvOrp1js+FM4PrcAL1vMYUzcUSF01wOevaTtzL/qdQ/ISOmnEK -TQQgR3l0tQ1DQmLQIrp1PIlrc9pqPf4m9UR10EcFr88Tl9eyBrNHmkXBDelmEFTj -qGwPATq188LAtfp6xExopWG4OZo2ioiJ67ruOErNB4FXmOBI77/Q8ftWKhs+BsXE -4tk58laYNiye7lEJym+7UeDMdIwGsOhQaQDaQc5HAfdlUaqLCTXEoXGvH/6dEfeH -Rs8MaY+DpvgNti0cN9bXRD3aFqi5yC4tWiiHVpYts3442WPSNS3aXxPDgPs+aChd -T19tniO2NrPKbky6hf0eG9p/Z3d05JLLmxujdGeASX4= -</ds:X509Certificate> + <ds:X509Certificate> + MIIEDDCCAnSgAwIBAgIJAKj4PEYDXmGDMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV + BAMTDHJhLnNlLWxlZy5zZTAeFw0xODA0MDYxMTI3MDlaFw0yODA0MDYxMTI3MDla + MBcxFTATBgNVBAMTDHJhLnNlLWxlZy5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGP + ADCCAYoCggGBAPBitjY82g71TZFD2FoQny+nWi47CWCDcfwac8KY2bli6Gbv1274 + by+g+KQPjvlf4rutKH8TCX0vLwW/Z8z3xKa1r9Jjntj91MdkXhj30+SB/NHvDdDX + hjodh/o52Jq4STgFelXT8rPin9wl59AzixDYSc2FhvP1wgUm8yinl8I8DbYYntuk + wEMg2jNpIfMD75fgZ/2OiIA07GtT2NYmidePP4Oh+6fnqm8UCdT78CAJq/68AWVn + Nb4gPj/xVa/B6PNQfBbcMU4HhCbheog88oVuozkeVJGdcjkxDb/m0JajD7vCxg7A + 7vsUQEy73Xz5YkXSnbuvPSLWxw9LM3sNHPMGtiGEjXkTT0ivP8ck8q7yIng08ePL + I7z4DE7HAQOtegsy83Wj09svOgD9f4Zbqs9hKZCIMZPEJ4plTEBCdOkjsBSFvv+d + /pbTApQYgndvSQSX4DJhSpIuspBI7Jbbnom6PUfA/qcwz6OC3Ov9IpS5aQGW4A/Z + nO+4CM+vuuvmtwIDAQABo1swWTA4BgNVHREEMTAvggxyYS5zZS1sZWcuc2WGH2h0 + dHBzOi8vcmEuc2UtbGVnLnNlL3NoaWJib2xldGgwHQYDVR0OBBYEFMjWjw0gad/q + TG1L3UlhDczozvD9MA0GCSqGSIb3DQEBCwUAA4IBgQCwC0R5ll6/7Sfj4kdsMrfh + AmAgwcf1IxqkjEPbhI1y5TRMLhB7Ajex1O2dClv/LcUn47gihDDeQPivWZMAOhSi + VZ5zvPiFDLSq0qQCr71A/tZQSMTg4Soiy2Pdq9DIsxob2DHV23irjvl6HgdMhxXp + FIoQ2lf9irpBLaNvOrp1js+FM4PrcAL1vMYUzcUSF01wOevaTtzL/qdQ/ISOmnEK + TQQgR3l0tQ1DQmLQIrp1PIlrc9pqPf4m9UR10EcFr88Tl9eyBrNHmkXBDelmEFTj + qGwPATq188LAtfp6xExopWG4OZo2ioiJ67ruOErNB4FXmOBI77/Q8ftWKhs+BsXE + 4tk58laYNiye7lEJym+7UeDMdIwGsOhQaQDaQc5HAfdlUaqLCTXEoXGvH/6dEfeH + Rs8MaY+DpvgNti0cN9bXRD3aFqi5yC4tWiiHVpYts3442WPSNS3aXxPDgPs+aChd + T19tniO2NrPKbky6hf0eG9p/Z3d05JLLmxujdGeASX4= + </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> diff --git a/swamid-2.0/scalear-staging2.herokuapp.com.xml b/swamid-2.0/scalear-staging2.herokuapp.com.xml index 38c468e7..cc7e33ba 100644 --- a/swamid-2.0/scalear-staging2.herokuapp.com.xml +++ b/swamid-2.0/scalear-staging2.herokuapp.com.xml @@ -19,7 +19,7 @@ <mdui:Description xml:lang="en">Blended learning platform for interactive in-class and online education.</mdui:Description> <mdui:Description xml:lang="sv">Plattform för stöd av "flipped classroom" utbildning.</mdui:Description> <mdui:InformationURL xml:lang="en">https://scalear-staging2.herokuapp.com/home/about</mdui:InformationURL> - <mdui:PrivacyStatementURL xml:lang="en">https://scalear-staging2.herokuapp.com/home/privacy</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://www.scalable-learning.com/home/privacy</mdui:PrivacyStatementURL> <mdui:Logo xml:lang="en" height="100" width="100">https://scalear-staging2.herokuapp.com/assets/logo-a66e557f3f93b4d5195033ba1a1527a3.png</mdui:Logo> </mdui:UIInfo> </md:Extensions> @@ -27,26 +27,26 @@ <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> - MIIDlDCCAnwCCQCyPGeQZpWxojANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC - U0UxETAPBgNVBAgMCFNUT0NIT0xNMRIwEAYDVQQHDAlTVE9DS0hPTE0xGjAYBgNV - BAoMEVNDQUxBQkxFIExFQVJOSU5HMRAwDgYDVQQLDAdzY2FsZWFyMScwJQYDVQQD - DB5zY2FsZWFyLXN0YWdpbmcyLmhlcm9rdWFwcC5jb20wHhcNMTcwOTI3MDgzMzE1 - WhcNMTgwOTI3MDgzMzE1WjCBizELMAkGA1UEBhMCU0UxETAPBgNVBAgMCFNUT0NI - T0xNMRIwEAYDVQQHDAlTVE9DS0hPTE0xGjAYBgNVBAoMEVNDQUxBQkxFIExFQVJO - SU5HMRAwDgYDVQQLDAdzY2FsZWFyMScwJQYDVQQDDB5zY2FsZWFyLXN0YWdpbmcy - Lmhlcm9rdWFwcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb - eSlTGpkeFTPqK4KByF4XWOGAo6IxPjS6VE5UIVWPhR5wcRH+TW2aF+te6qMrNV2P - l+MFoBhCqs2hq8lodne7yo5IckZGMk0zJ5zBFXkcdgfXdXbVl8J/lS6G+i2xiQLb - f8iZ4/TeGHWLBOMEPeigU3BDsw412jJYZEdQw9r9ohqppRPq38AHziY1ntbA/Fby - GMkyn6AN0GxdzO+U0e+0axA6//67AFi3dFhr++zcYkqxlXrOaTxGZR/7OQ1Id52p - 4a0rci2VD6VWQ4M1n557WZ51dmNfBMJhbW34j97qEDkAQqzwkaZXKkn18Zhg01b3 - kBj9dGaSQBGT1QzPZYa5AgMBAAEwDQYJKoZIhvcNAQELBQADggEBADyVvXFfsTwC - YVoiFCaW2PfXO0dJgGRnNtIzkC8/iKXTnGjflb35ai+EpbSO7GsTMWZVyIzV71z8 - DxFM3Gfp6FTd8xlGGmtrwfJZnFqNNrrxm+YQSGk1l4Gal8ZdQ5l+5j65HRWMbYKP - 298UYVliM/1Wh9jW94Q305PVfJD5Wpeu0OrXS0VPzlW+MOs5e2DAsO7OG0YoqH2z - y20+gi5doZ33pHgiNwH1zMQIvVwAu9uQizSlgserIuhlEvnRfBkFLv/86RX9+54r - 3aXwCBhr8rGwhonDuZYCGJNu3Qa5Yt1zLBOQJr+/U/sSEBq+ZDx9mI52PjG6sHTw - EkfY5Bb1pkM= +MIIDkjCCAnoCCQC5Ve5a+sh3iDANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC +U0UxETAPBgNVBAgMCFNUT0NIT0xNMREwDwYDVQQHDAhTVE9DSE9MTTEaMBgGA1UE +CgwRU0NBTEFCTEUgTEVBUk5JTkcxEDAOBgNVBAsMB3NjYWxlYXIxJzAlBgNVBAMM +HnNjYWxlYXItc3RhZ2luZzIuaGVyb2t1YXBwLmNvbTAeFw0xODA2MjAxMDAxMDRa +Fw0xOTA2MjAxMDAxMDRaMIGKMQswCQYDVQQGEwJTRTERMA8GA1UECAwIU1RPQ0hP +TE0xETAPBgNVBAcMCFNUT0NIT0xNMRowGAYDVQQKDBFTQ0FMQUJMRSBMRUFSTklO +RzEQMA4GA1UECwwHc2NhbGVhcjEnMCUGA1UEAwwec2NhbGVhci1zdGFnaW5nMi5o +ZXJva3VhcHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3kp +UxqZHhUz6iuCgcheF1jhgKOiMT40ulROVCFVj4UecHER/k1tmhfrXuqjKzVdj5fj +BaAYQqrNoavJaHZ3u8qOSHJGRjJNMyecwRV5HHYH13V21ZfCf5UuhvotsYkC23/I +meP03hh1iwTjBD3ooFNwQ7MONdoyWGRHUMPa/aIaqaUT6t/AB84mNZ7WwPxW8hjJ +Mp+gDdBsXczvlNHvtGsQOv/+uwBYt3RYa/vs3GJKsZV6zmk8RmUf+zkNSHedqeGt +K3ItlQ+lVkODNZ+ee1medXZjXwTCYW1t+I/e6hA5AEKs8JGmVypJ9fGYYNNW95AY +/XRmkkARk9UMz2WGuQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB4koH+yV00y2JM +n1wS2sZGD0llBG/g1zGsKM/gIEBWiTvG3qteI6H0f5F1hjWNO8TZlXQdUWTeJ8SV +FQLB+/izRhHRJXdXyGghJNr+Y9PPBuqe5qgROEWc97i4A0LpbYVcWahMH8MVMgb2 +yC5bkoUyHu7RT9vhzVlOVUaOAq6i675xavGkjmDw7XGuIuJ4IRvni3LPL7pQ11Mm +n5B3Ki7ZedRgz3K2SI3pmk+9/QUphUyhHv6fHxCnYS9DlUb35oir5Mf13Sek1Orr +mobl6dq/UG4r+sHNUozUEoaUiAaRhQ4sRTE3zbMONbEi9n5e/+559yKyOjkutGs6 +B2dCYBmx </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> diff --git a/swamid-2.0/sciencedirect-ra21.mnt.se-shibboleth.xml b/swamid-2.0/sciencedirect-ra21.mnt.se-shibboleth.xml index b889c5f8..dab09836 100644 --- a/swamid-2.0/sciencedirect-ra21.mnt.se-shibboleth.xml +++ b/swamid-2.0/sciencedirect-ra21.mnt.se-shibboleth.xml @@ -1,8 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- -This is example metadata only. Do *NOT* supply it as is without review, -and do *NOT* provide it in real time to your partners. - --> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sciencedirect-ra21.mnt.se/shibboleth"> <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> @@ -78,4 +74,14 @@ yJh/Ogdw9ygHU2WVNt79W02hh9M6qw== <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sciencedirect-ra21.mnt.se/Shibboleth.sso/SAML/POST" index="5"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://sciencedirect-ra21.mnt.se/Shibboleth.sso/SAML/Artifact" index="6"/> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">The RA21 Project</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Resource Access for the 21st Century (RA21)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://ra21.org</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID</md:GivenName> + <md:SurName>Operations</md:SurName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> </md:EntityDescriptor> diff --git a/swamid-2.0/secure.urkund.com-shibboleth.xml b/swamid-2.0/secure.urkund.com-shibboleth.xml index 0a29e7a5..48198556 100644 --- a/swamid-2.0/secure.urkund.com-shibboleth.xml +++ b/swamid-2.0/secure.urkund.com-shibboleth.xml @@ -95,6 +95,14 @@ gEln3A== <md:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> </md:AttributeConsumingService> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">Prio Infocenter AB</md:OrganizationName> + <md:OrganizationName xml:lang="sv">Prio Infocenter AB</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">URKUND / Prio Infocenter AB</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="sv">URKUND / Prio Infocenter AB</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://www.urkund.com/en/</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">https://www.urkund.com/sv/</md:OrganizationURL> + </md:Organization> <md:ContactPerson contactType="administrative"> <md:GivenName>Peter</md:GivenName> <md:SurName>Witasp</md:SurName> diff --git a/swamid-2.0/staging-us.cloudmore.com-shibboleth.xml b/swamid-2.0/staging-us.cloudmore.com-shibboleth.xml index c8f0da66..bfa8d45f 100644 --- a/swamid-2.0/staging-us.cloudmore.com-shibboleth.xml +++ b/swamid-2.0/staging-us.cloudmore.com-shibboleth.xml @@ -31,7 +31,7 @@ <mdui:Description xml:lang="en">Cloud Brokerage Platform for IT, Business and Public Sector</mdui:Description> <mdui:InformationURL xml:lang="en">http://web.cloudmore.com/</mdui:InformationURL> <mdui:Logo xml:lang="en" height="300" width="300">https://us.cloudmore.com/Files/Uploads/Shibboleth/Cloudmore-green-icon.png</mdui:Logo> - <mdui:PrivacyStatementURL xml:lang="en">https://web.cloudmore.com/hubfs/terms/Cloudmore%20Privacy%20Policy%20v2017-04.pdf</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">http://web.cloudmore.com/privacy/cloudmore-data-processing-terms</mdui:PrivacyStatementURL> </mdui:UIInfo> </md:Extensions> <md:KeyDescriptor> diff --git a/swamid-2.0/staging.cloudmore.com-shibboleth.xml b/swamid-2.0/staging.cloudmore.com-shibboleth.xml index ace5c6bd..bff5486c 100644 --- a/swamid-2.0/staging.cloudmore.com-shibboleth.xml +++ b/swamid-2.0/staging.cloudmore.com-shibboleth.xml @@ -34,7 +34,7 @@ <mdui:Description xml:lang="en">Cloud Brokerage Platform for IT, Business and Public Sector</mdui:Description> <mdui:InformationURL xml:lang="en">http://web.cloudmore.com/</mdui:InformationURL> <mdui:Logo xml:lang="en" height="300" width="300">https://cloudmore.com/Files/Uploads/Shibboleth/Cloudmore-green-icon.png</mdui:Logo> - <mdui:PrivacyStatementURL xml:lang="en">https://web.cloudmore.com/hubfs/terms/Cloudmore%20Privacy%20Policy%20v2017-04.pdf</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">http://web.cloudmore.com/privacy/cloudmore-data-processing-terms</mdui:PrivacyStatementURL> </mdui:UIInfo> </md:Extensions> <md:KeyDescriptor> diff --git a/swamid-2.0/swamid-2.grandid.com-module.php-saml-sp-metadata.php-gu-swamid-draftit.xml b/swamid-2.0/swamid-2.grandid.com-module.php-saml-sp-metadata.php-gu-swamid-draftit.xml new file mode 100644 index 00000000..5eb81b40 --- /dev/null +++ b/swamid-2.0/swamid-2.grandid.com-module.php-saml-sp-metadata.php-gu-swamid-draftit.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://swamid-2.grandid.com/module.php/saml/sp/metadata.php/gu-swamid-draftit"> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol" AuthnRequestsSigned="true"> + <md:Extensions> + <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" index="1" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://swamid-2.grandid.com/module.php/saml/sp/discoresp.php"/> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIGoDCCBIigAwIBAgIEAIlfSzANBgkqhkiG9w0BAQsFADCBrTELMAkGA1UEBhMCU0UxEDAOBgNVBAgMB1VwcHNhbGExEDAOBgNVBAcMB1VwcHNhbGExHjAcBgNVBAoMFVN2ZW5zayBlLWlkZW50aXRldCBBQjELMAkGA1UECwwCSVQxJjAkBgNVBAMMHVN2ZW5zayBlLWlkZW50aXRldCBBQiBDQSBWMS4zMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGUtaWRlbnRpdGV0LnNlMB4XDTE4MDQxODA4NTIwNFoXDTI4MDQxNTA4NTIwNFowgbYxKTAnBgNVBAMMIDJiNmQ2OTkwNjQ4NGIyNWRlMjU0NDQ4MTUzMzQ1MDdjMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGdyYW5kaWQuY29tMQswCQYDVQQGEwJTRTEQMA4GA1UECAwHVXBwc2FsYTEQMA4GA1UEBwwHVXBwc2FsYTEnMCUGA1UECgweU3ZlbnNrIGUtaWRlbnRpdGV0IEFCIC0gTm9TaWduMQswCQYDVQQLDAJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDlJdE0PmySOXNRZ7SEpqw5ysXEtAe2z5aKJ20Yy4aj/4SGxVL7diC/+Ix/FNJ/LizRdCmGXhrz7NyrcUc+MHIWPGs6EHj1jXfqmuSct2CE/VW09J9Ted7hhtS2B70S71UjbPzAliTZaLAwHse61hEkvgdQ0y2VqsTuKMNwcHFUwk4pc9iXorWNX+YwilKnsfE0eo+phJOuEl8S0rMlgSVIRMHIDtiZ7b6bMaN1TkCo3jB+rJvCALmf3EiKNpqnSx+WX3dh5JuhyvyTac1aR1b4jh/bJsHADh5VW+F088vZiQnJPSQ/9uQkWkc7mNxWXTbGPEs9heTcGLbMkJnOuCcCAwEAAaOCAbswggG3MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIYaKIFHDC8k7czWqLITtL4YyWweMIHiBgNVHSMEgdowgdeAFAJd5S5wqLzNqSli6PO2ajrfumBuoYGzpIGwMIGtMQswCQYDVQQGEwJTRTEQMA4GA1UECAwHVXBwc2FsYTEQMA4GA1UEBwwHVXBwc2FsYTEeMBwGA1UECgwVU3ZlbnNrIGUtaWRlbnRpdGV0IEFCMQswCQYDVQQLDAJJVDEmMCQGA1UEAwwdU3ZlbnNrIGUtaWRlbnRpdGV0IEFCIENBIFYxLjMxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZS1pZGVudGl0ZXQuc2WCCQD0BDWW6SHeCDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cHM6Ly9jYS5ncmFuZGlkLmNvbS9jcmwvc3ZlbnNrZWlkLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAuKkBLdnmYVbaMzwFhWDBKS62vfPi5Q3LfRWhRwEuServf81ISwl8j6qmriNkCu/B12mt/c3SQhfsCp/eP1zwEZeoNAAfZ0eUn6ohQ7Xuw+GwXfTGY2tJdFZfsfkG/qwLQL1ZAW6v91dmnu6RgyBgqE8FjPiHRk2W6jnaH/D1LoDN9Xu23ZTmS7U+UngZWEH7WVvc5JALpwrJSUvzGgENG08N20Ec3kLN1bYUlimaacotPl1Ytj+fpRUdcLAyqOp4vyvER83k43oVq3ZubKw9ic1TCtlr/B5OZpKk1wItrOaPVJ3kTZUNZDNeZwagRnLo90yxvnoLM+gXX+6n3R1xKAcbFpXaVnJQtfZ7RfI2Mii7rl3BkL1OgXUpMbugmZENH2jMj+5on2b7O91vgZ5DaOYfPELilra1yz/2I7tytjDgXHdIirNPuOAwZ5+hLvkJWTDLC6Dp9xiDCmFlEtndrbDNoEz+XyieMdcjTw4ppqB3X8EuTffBnQRYMYRfWI+Xstm1k/0hKtlUZ8Ub6TgZ8dmsqJYfDgUhcX4/VL1v3311IL5gaXfXOINAKL9r1RWtfbdLDeBpcU/5iNcBbYU97/qp/Frrk56tCzxupJhcT5qmS5t3lcRUvYzzAQaCVhf5cXGzZPtCRdypovj6rPwkx1WM2ZdXpkWyMBkUTI05juE=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIGoDCCBIigAwIBAgIEAIlfSzANBgkqhkiG9w0BAQsFADCBrTELMAkGA1UEBhMCU0UxEDAOBgNVBAgMB1VwcHNhbGExEDAOBgNVBAcMB1VwcHNhbGExHjAcBgNVBAoMFVN2ZW5zayBlLWlkZW50aXRldCBBQjELMAkGA1UECwwCSVQxJjAkBgNVBAMMHVN2ZW5zayBlLWlkZW50aXRldCBBQiBDQSBWMS4zMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGUtaWRlbnRpdGV0LnNlMB4XDTE4MDQxODA4NTIwNFoXDTI4MDQxNTA4NTIwNFowgbYxKTAnBgNVBAMMIDJiNmQ2OTkwNjQ4NGIyNWRlMjU0NDQ4MTUzMzQ1MDdjMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGdyYW5kaWQuY29tMQswCQYDVQQGEwJTRTEQMA4GA1UECAwHVXBwc2FsYTEQMA4GA1UEBwwHVXBwc2FsYTEnMCUGA1UECgweU3ZlbnNrIGUtaWRlbnRpdGV0IEFCIC0gTm9TaWduMQswCQYDVQQLDAJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDlJdE0PmySOXNRZ7SEpqw5ysXEtAe2z5aKJ20Yy4aj/4SGxVL7diC/+Ix/FNJ/LizRdCmGXhrz7NyrcUc+MHIWPGs6EHj1jXfqmuSct2CE/VW09J9Ted7hhtS2B70S71UjbPzAliTZaLAwHse61hEkvgdQ0y2VqsTuKMNwcHFUwk4pc9iXorWNX+YwilKnsfE0eo+phJOuEl8S0rMlgSVIRMHIDtiZ7b6bMaN1TkCo3jB+rJvCALmf3EiKNpqnSx+WX3dh5JuhyvyTac1aR1b4jh/bJsHADh5VW+F088vZiQnJPSQ/9uQkWkc7mNxWXTbGPEs9heTcGLbMkJnOuCcCAwEAAaOCAbswggG3MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIYaKIFHDC8k7czWqLITtL4YyWweMIHiBgNVHSMEgdowgdeAFAJd5S5wqLzNqSli6PO2ajrfumBuoYGzpIGwMIGtMQswCQYDVQQGEwJTRTEQMA4GA1UECAwHVXBwc2FsYTEQMA4GA1UEBwwHVXBwc2FsYTEeMBwGA1UECgwVU3ZlbnNrIGUtaWRlbnRpdGV0IEFCMQswCQYDVQQLDAJJVDEmMCQGA1UEAwwdU3ZlbnNrIGUtaWRlbnRpdGV0IEFCIENBIFYxLjMxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZS1pZGVudGl0ZXQuc2WCCQD0BDWW6SHeCDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cHM6Ly9jYS5ncmFuZGlkLmNvbS9jcmwvc3ZlbnNrZWlkLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAuKkBLdnmYVbaMzwFhWDBKS62vfPi5Q3LfRWhRwEuServf81ISwl8j6qmriNkCu/B12mt/c3SQhfsCp/eP1zwEZeoNAAfZ0eUn6ohQ7Xuw+GwXfTGY2tJdFZfsfkG/qwLQL1ZAW6v91dmnu6RgyBgqE8FjPiHRk2W6jnaH/D1LoDN9Xu23ZTmS7U+UngZWEH7WVvc5JALpwrJSUvzGgENG08N20Ec3kLN1bYUlimaacotPl1Ytj+fpRUdcLAyqOp4vyvER83k43oVq3ZubKw9ic1TCtlr/B5OZpKk1wItrOaPVJ3kTZUNZDNeZwagRnLo90yxvnoLM+gXX+6n3R1xKAcbFpXaVnJQtfZ7RfI2Mii7rl3BkL1OgXUpMbugmZENH2jMj+5on2b7O91vgZ5DaOYfPELilra1yz/2I7tytjDgXHdIirNPuOAwZ5+hLvkJWTDLC6Dp9xiDCmFlEtndrbDNoEz+XyieMdcjTw4ppqB3X8EuTffBnQRYMYRfWI+Xstm1k/0hKtlUZ8Ub6TgZ8dmsqJYfDgUhcX4/VL1v3311IL5gaXfXOINAKL9r1RWtfbdLDeBpcU/5iNcBbYU97/qp/Frrk56tCzxupJhcT5qmS5t3lcRUvYzzAQaCVhf5cXGzZPtCRdypovj6rPwkx1WM2ZdXpkWyMBkUTI05juE=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://swamid-2.grandid.com/module.php/saml/sp/saml2-logout.php/gu-swamid-draftit"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://swamid-2.grandid.com/module.php/saml/sp/saml2-acs.php/gu-swamid-draftit" index="0"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://swamid-2.grandid.com/module.php/saml/sp/saml1-acs.php/gu-swamid-draftit" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://swamid-2.grandid.com/module.php/saml/sp/saml2-acs.php/gu-swamid-draftit" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://swamid-2.grandid.com/module.php/saml/sp/saml1-acs.php/gu-swamid-draftit/artifact" index="3"/> + <md:AttributeConsumingService index="0"> + <md:ServiceName xml:lang="sv">Draftit</md:ServiceName> + <md:ServiceName xml:lang="en">Draftit</md:ServiceName> + <md:RequestedAttribute Name="givenName" isRequired="true"/> + <md:RequestedAttribute Name="sn" isRequired="true"/> + <md:RequestedAttribute Name="mail" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="sv">Svensk E-identitet SP</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Svensk E-identitet AB</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.e-identitet.se/</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>Svensk E-identitet / GrandID Support</md:GivenName> + <md:EmailAddress>support@grandid.com</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/te-id.statenssc.se-adfs-services-trust.xml b/swamid-2.0/te-id.statenssc.se-adfs-services-trust.xml index d4b9cb89..1c34de10 100644 --- a/swamid-2.0/te-id.statenssc.se-adfs-services-trust.xml +++ b/swamid-2.0/te-id.statenssc.se-adfs-services-trust.xml @@ -31,620 +31,6 @@ </KeyInfo> </ds:Signature> --> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Annan myndighet"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC5jCCAc6gAwIBAgIQZmLOGQ7D65NBAKMx53MHTzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIEVuY3J5cHRpb24gLSB0ZS1pZC5zdGF0ZW5zc2Muc2UwHhcNMTUwMTEyMTEyOTE0WhcNMjAwMTEyMTEyOTE0WjAvMS0wKwYDVQQDEyRBREZTIEVuY3J5cHRpb24gLSB0ZS1pZC5zdGF0ZW5zc2Muc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/CAXk68VfTOgI12msQPBLuSgUsfMwZYXqBWmBIty2m9HOjbYOMdydFUDihuVEJkNq6OkWrhBs5phBdnEQ2v0aDjXdzp6tVq+h5Kc6508CVUeDDoxE1G4pbylFAZrHMUfVikDKiPlXWkKN2Po7vX6hyKVjUGLLvS42U1DsT98onQNiNsK/XBxddwjFYROCc6dTjx1Y43RTFhR9ycK46Z1PZSHAEIETl4xIqNhLPeGmgdPBtqV4wyk3kidTq2kUbBBjay2i6at/Kq++IM+ZaJpONGGeI02od1BpvNIC8MxnUj7MOWtzucE7R2uWvfjMFbl+NwWly4PaMRpzeCaIbCRfAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAG2y79ay8DN3Lt+Yp+gOtV/FunIZP1Rd1dMBooyoe8Zs/kkddGq6ABIQUwHoddu1Zcjnpa65NWMCO148HjQxcsggX6RXTSevWIUlpWcI95uJkGJpwiMQCcvctMuV3sxIZXezIj5SZcaSNJP+lxhrR2kB4FDf2P0i64YLZvBLmyWG+cuIw5qG8vC44VmPJ8W/dKb50SPHRgLEk2r5EAm3uYCcMvyyT0D4T+xPq+m54mII1Q0P+3irhxqXh4E7a9dI7PrYWqDth9KQtsoRiZveTFqlV4N9DCL9yGbJAyTc7jqDrjSIr2/Koek3PQBI5XO27aLOyhMjYoyYtCv/U96Hbe0=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:0.9.2342.19200300.100.1.3" Optional="true"> - <auth:DisplayName>E-post OID</auth:DisplayName> - <auth:Description>Unik e-postadress med myndighetens officiella domän som suffix.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>Personnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.3" Optional="true"> - <auth:DisplayName>Organisationsnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>Förnamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>Efternamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.840.113556.1.2.102" Optional="true"> - <auth:DisplayName>sscName</auth:DisplayName> - <auth:Description>Special namn från KB</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://te-id.statenssc.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="Annan myndighet"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC4DCCAcigAwIBAgIQPI5QFpf7V4VNKPr18lyOpjANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFBREZTIFNpZ25pbmcgLSB0ZS1pZC5zdGF0ZW5zc2Muc2UwHhcNMTUwMTEyMTEyOTE5WhcNMjAwMTEyMTEyOTE5WjAsMSowKAYDVQQDEyFBREZTIFNpZ25pbmcgLSB0ZS1pZC5zdGF0ZW5zc2Muc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFcAvIAF5haM4s9A7ovFPZnOK0OOV3z62JUfIh7K3mwlL3ff0+PoTBc2zB62uoEq9vpDtIqa/8tP4f8qD2KlflZB6dTwh/N/aKP+w3B+TdpOklH/+/LKsURnO84wqu6XvpznRpO2ZbSE9G0YKOgcCntmKGGVwfINu5PMMBAKFq2VpuUIkdbyn5S7LVpDjggI/4zNtfF+qDij7mAhE5maexf7rLmQvLj9sDAI+tlTAchoNOMSpsBffhIM7jly/97SQWcGePH2+cg68SjxFixGbDteTHwTtAKJr0Gn0HJdK23gUhua95HgZjVodb+oIfQToUOSnxf6Ft+WjxxI+fjQSRAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKSdqKTbL0DJheNn0dti+oy7z1Y1nPCZx9y3FGTkIesHmh/+cLZmw8rmXdYXi1JsUh3ybwHUSpRY1dYn6Pg34RAPXKzNwOGjFZ6RZ6OTdoloh+hq30efkO0CDYk5xOfBL9Jq686pp+AOGQyYOUZhWz1eocjptzr9Vzspi5BiNNt0y3D42dZz4ebOq89vQRo7+T0Y+t+3Iued8iMolwntCCBuE5TMhYjYjPDGFpF8vQRRJESXa2w5WX/vqq5gZ5G1uHRC5tNngyNtbKzBsu4yq+F7cp+HcxAu9jeYzHHegLn+VO+NRSzc59wZjX3m+g6BeXiv55GXWl31DFf9aEaT6rY=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:0.9.2342.19200300.100.1.3" Optional="true"> - <auth:DisplayName>E-post OID</auth:DisplayName> - <auth:Description>Unik e-postadress med myndighetens officiella domän som suffix.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>Personnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.3" Optional="true"> - <auth:DisplayName>Organisationsnummer OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>Förnamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>Efternamn OID</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/personnummer" Optional="true"> - <auth:DisplayName>Personnummer</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/organisationsnummer" Optional="true"> - <auth:DisplayName>Organisationsnummer</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" Optional="true"> - <auth:DisplayName>eduPersonPrincipalName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/myndighet" Optional="true"> - <auth:DisplayName>Myndighet</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://statenssc.se/claims/hermes" Optional="true"> - <auth:DisplayName>Hermes kod</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" Optional="true"> - <auth:DisplayName>member</auth:DisplayName> - <auth:Description>member attribut till ReachMe (innehåller hermeskod)</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.3" Optional="true"> - <auth:DisplayName>cn</auth:DisplayName> - <auth:Description>userID utanhermeskod till ReachMe</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://te-id.statenssc.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://te-id.statenssc.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> diff --git a/swamid-2.0/test-lubcat.lub.lu.se-shibboleth.xml b/swamid-2.0/test-lubcat.lub.lu.se-shibboleth.xml deleted file mode 100644 index e66159db..00000000 --- a/swamid-2.0/test-lubcat.lub.lu.se-shibboleth.xml +++ /dev/null @@ -1,106 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://test-lubcat.lub.lu.se/shibboleth"> - <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> - <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> - <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> - <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> - <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> - <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> - <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> - <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> - <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc: SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> - <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> - <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> - </samla:Attribute> - </mdattr:EntityAttributes> - </md:Extensions> - <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> - <md:Extensions> - <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/Login"/> - <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> - <mdui:DisplayName xml:lang="sv">Test-Lubcat</mdui:DisplayName> - <mdui:DisplayName xml:lang="en">Test-Lubcat</mdui:DisplayName> - <mdui:Description xml:lang="sv">Testsystem för Lubcat, kommande bibliotekskatalogen för Lunds -unversitets bibliotek. ansvarig org.: Universitetsbiblioteket, LU</mdui:Description> - <mdui:Description xml:lang="en">Testsystem för Lubcat, kommande bibliotekskatalogen för Lunds -unversitets bibliotek. ansvarig org.: Universitetsbiblioteket, LU</mdui:Description> - </mdui:UIInfo> - </md:Extensions> - <md:KeyDescriptor> - <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> - <ds:KeyName>koha-test.lub.lu.se</ds:KeyName> - <ds:X509Data> - <ds:X509SubjectName>CN=koha-test.lub.lu.se</ds:X509SubjectName> - <ds:X509Certificate> - MIIEADCCAmigAwIBAgIJAKKU2yFGZvBIMA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV - BAMTE2tvaGEtdGVzdC5sdWIubHUuc2UwHhcNMTcxMjE0MTIwNDA1WhcNMjcxMjEy - MTIwNDA1WjAeMRwwGgYDVQQDExNrb2hhLXRlc3QubHViLmx1LnNlMIIBojANBgkq - hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2LR5sOYc+0nvVvMAt5NeKLN+r3yKaKP+ - 27SAtLsUk8X03Etlp4IGnbpoTHqCtVqmeiTyA5pNGawlj7XHvnNqlKl0x8kwrdAP - UZwUSqKn8/H/3AeziZGwk++pprqDaeVHsOlvkC5ZjpTvg7PKJJ0CnBN0GfyimWoi - IrFdW240sPo247kr0IvLG4qqGOFZOShYMgs4WycaP6mR+6qASXbwlHVpsOkj3riZ - M5JhRFEvasKsUVIwkmxGQWqftAWN8llR10ZGneF2ZvVHw0hIX4Z2PGmMCIJjWXWF - eS5PNcSbk91AwHM8po8Bt+pBSknJCWUyK6S5UFR4JHw3kgQcNUJ+Ob1oanb7UH/m - J275Ro4c13Cs2dCc6DzCgvktik+p+cf26YjTqv9K3JZTC85/fMw8haqpwNjcvB0N - 21MUq7dwWeStYCcnKqqmDB+Fq6BWYtg1eUT85+i3LmfXy6cSZXu+qBCvB+2Cz9mJ - I1+07zl6mTMRyJrEER17DSpdq5BfdD7RAgMBAAGjQTA/MB4GA1UdEQQXMBWCE2tv - aGEtdGVzdC5sdWIubHUuc2UwHQYDVR0OBBYEFK1B6aqJvPoSxw3sFqeDueycq7eH - MA0GCSqGSIb3DQEBCwUAA4IBgQCnU5h+Lyd0DUVdn5bnzZ/UUVJ+qywSuXwFMuzC - WKtoa9nxghljbzbmMiS/81ONsN7nctuKkPgiPOwRXzFNNYJYFhsaZ4C59V2KHlbB - 2b2ZamvSNBk/YMqVew2Ibv4SvxNF0tpnWopjL7bh3YEpz9PWPBpMJR++XCzvhBst - CzC1E6cqX7TaaNHruMcK2PV+Ptm7g4Z63/QA5D1/o/kXdYb+3vTFCK941tz2GKld - 6XhE3R4Wt6OQeVHCimtppyg7xuld+RUSMJefnM0aIElVRR6HFzVdup2idc4Us3YW - BaKYrzodOB8u8NAj3GfpjB+PMhjLO+C2kTJq8RO+/oW4XYgah/oBSqGPBcqUWjNM - lcCGRdWc6zlkIIGKxzJSa4Z+GMqexr4YsPrKuAnIqkn+HrizS+X7y0IlaJRKu3WC - mtKAsUj3Rq9fz4pu2PKm5ke/bVjX9NfQfYsISRifK4LD9bBAKZrs6ilTWAe5Nt12 - FxLd82ubDMPR0666ZqdkUF0vhlE= - </ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> - <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> - </md:KeyDescriptor> - <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/Artifact/SOAP" index="1"/> - <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SLO/SOAP"/> - <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SLO/Redirect"/> - <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SLO/POST"/> - <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SLO/Artifact"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SAML2/POST" index="1"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SAML2/Artifact" index="3"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SAML2/ECP" index="4"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SAML/POST" index="5"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://test-lubcat.lub.lu.se/Shibboleth.sso/SAML/Artifact" index="6"/> - </md:SPSSODescriptor> - <md:ContactPerson contactType="administrative"> - <md:GivenName>Stina</md:GivenName> - <md:SurName>Hallin</md:SurName> - <md:EmailAddress>mailto:stina.hallin@ub.lu.se</md:EmailAddress> - </md:ContactPerson> - <md:ContactPerson contactType="technical"> - <md:GivenName>Björn</md:GivenName> - <md:SurName>Nylén</md:SurName> - <md:EmailAddress>mailto:bjorn.nylen@ub.lu.se</md:EmailAddress> - </md:ContactPerson> - <md:ContactPerson contactType="support"> - <md:GivenName>Björn</md:GivenName> - <md:SurName>Nylén</md:SurName> - <md:EmailAddress>mailto:bjorn.nylen@ub.lu.se</md:EmailAddress> - </md:ContactPerson> -</md:EntityDescriptor> diff --git a/swamid-2.0/test.account.hj.se-adfs-services-trust.xml b/swamid-2.0/test.account.hj.se-adfs-services-trust.xml index 31339bd2..2877954e 100644 --- a/swamid-2.0/test.account.hj.se-adfs-services-trust.xml +++ b/swamid-2.0/test.account.hj.se-adfs-services-trust.xml @@ -12,643 +12,6 @@ </samla:Attribute> </mdattr:EntityAttributes> </Extensions> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="TEST - Jönköping University"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC5jCCAc6gAwIBAgIQJ6LjjqEWcpJFTvVMSkHi1DANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIEVuY3J5cHRpb24gLSB0ZXN0LmFjY291bnQuaGouc2UwHhcNMTYxMjA5MTQzMDMwWhcNMTkxMjA5MTQzMDMwWjAvMS0wKwYDVQQDEyRBREZTIEVuY3J5cHRpb24gLSB0ZXN0LmFjY291bnQuaGouc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKeIg/zjQRwo2xTfCu1a+D51QeiD4FTJqsm0Avzhf/voxxhjbNWDa21QjezqpwgXEP7kVfXkEngzaW5wlraZdgZp44dkI0VnXAQ6U2XO0Rm3RX2ZOmYU5s23JwPeuYW5hHlSRpnLvSjiPahSZzeRR4Z2HuVwPOFaxQHxio2LM8YrjeJfUrznjipA4s8PaYoPs7wGe79FNRzVarAyIlmEJRFmNgYmaAJNVQUkQ+iappvq7vlkeXhGbxFOhhpvX7BMaNSDl+c4hATObtYENTPelA5Aiu5yZ3oAgt6fudkND9HNQQn7RMGMHVeRx6X13wzAetbhOMZQlx/I1jkcixiUiLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADT+YOGXpr3WXIyZfZeQVZTaCFQcm05oxu4Uucc5rYfJTRxQSarYTc1KW94wemAbEFCOAJuwL8zxOcHnoghikBVZZ8uW1qG2Jw+Jo0uf6fbH1PljKMH2Xy2uZOUbyv262aLfZ0rTEr3rPL1SFCAUimcjhqE4Y2QcGol+gGYOk41wgKcW9zS0D7RnQLDBi6wInKjhHWiwVEnGgqwo3ieb0IWV070Aa2EhSWkprXgB6HmxK9uN/tAZcS8KqR3TQHEN8OuinSeGU9+37G9OC3GiAnYXk49S4FqlnY2HJt8CuN64eMYlvRRRtwQozVy/N2vGARRKP4uP5cKZJ2ELheMv38w=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>JU National civic registration number or code</auth:DisplayName> - <auth:Description>Swedish ”personnummer” or ”samordningsnummer” according to SKV 704 and SKV 707. 12 digits without hyphen.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.2428.90.1.5" Optional="true"> - <auth:DisplayName>JU norEduPersonNIN</auth:DisplayName> - <auth:Description>SWAMID personnummer 12 tecken</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>JU givenName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>JU surName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oasis:names:tc:SAML:attribute:assurance-certification" Optional="true"> - <auth:DisplayName>JU Assurance-Certification</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" Optional="true"> - <auth:DisplayName>JU orcid</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" Optional="true"> - <auth:DisplayName>JU eduPersonAssurance</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.16.840.1.113730.3.1.241" Optional="true"> - <auth:DisplayName>JU displayName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" Optional="true"> - <auth:DisplayName>JU eduPersonTargetedID</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://test.account.hj.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="TEST - Jönköping University"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIC4DCCAcigAwIBAgIQd01qp+Huh4lO3CS1QqGG4TANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFBREZTIFNpZ25pbmcgLSB0ZXN0LmFjY291bnQuaGouc2UwHhcNMTYxMjA5MTQzMDE3WhcNMTkxMjA5MTQzMDE3WjAsMSowKAYDVQQDEyFBREZTIFNpZ25pbmcgLSB0ZXN0LmFjY291bnQuaGouc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1slHrM4Dwv7INShxBAIyO2SPMZ4j7Cj1349drtFYr0b5xW4OYXrbZlsjvFPoH/JiDkxFP6YuHCGFod+NKQ59Jcm5pSAq3W3gAeNpVnCLj4cvHWTn+IuRPGfNRlz4GLDT5NV+L16gYvZOvfTmaVv8WaB6morLyG7iACg2RaZ4I5WsoLdzHTtR667kXXnzols27ebMEqBVJ1UHEUXzN+KLyFN0m1kxXWnWsFlJRM+79+L2j6DPCTpV3akDlSRAL6hAi2Z2SkVXe3J5yTkD06f/TK7wzbyIPWyWcrTYYTjaCLdS/1pu2bgsjYnsfaYhatHaYW8HxmueXEcpVPrGAb/yjAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGmJUmIkyZlvSxVPiyo/3n+UqTX4WQM9VwQ7b3gk1xKqte4kqg4P8GkhMDlovIMd3Kmb1k9G6Qt0SpAgVoW9pjDx0dalT5S7mYAMqnhPLGWxxyfh/glUAj7s1enD7etuLhK+to6FVzCcljdtnh5pvzXxyKJ1Xt77S0aQONobOKkMc5WLGxiFEpeunYFAiP1EyD2mJBObwJmBjEC83Jhd34e0AbW39glUoOrRdNXYML8FbvhJlwoQnbnDDEGGLaKn6VgbJV7WZ7aerYoFrRvHS7izkmArvnPytk3V0ZiW8Z+jXEW7tss0hfezXFz7CtzS8NtK4UijcZMPFhXl5CLEghc=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.2.752.29.4.13" Optional="true"> - <auth:DisplayName>JU National civic registration number or code</auth:DisplayName> - <auth:Description>Swedish ”personnummer” or ”samordningsnummer” according to SKV 704 and SKV 707. 12 digits without hyphen.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.2428.90.1.5" Optional="true"> - <auth:DisplayName>JU norEduPersonNIN</auth:DisplayName> - <auth:Description>SWAMID personnummer 12 tecken</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.42" Optional="true"> - <auth:DisplayName>JU givenName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.5.4.4" Optional="true"> - <auth:DisplayName>JU surName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oasis:names:tc:SAML:attribute:assurance-certification" Optional="true"> - <auth:DisplayName>JU Assurance-Certification</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" Optional="true"> - <auth:DisplayName>JU orcid</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" Optional="true"> - <auth:DisplayName>JU eduPersonAssurance</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:2.16.840.1.113730.3.1.241" Optional="true"> - <auth:DisplayName>JU displayName</auth:DisplayName> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" Optional="true"> - <auth:DisplayName>JU eduPersonTargetedID</auth:DisplayName> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://test.account.hj.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://test.account.hj.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <shibmd:Scope regexp="false">hj.se</shibmd:Scope> diff --git a/swamid-2.0/test.scalable-learning.com.xml b/swamid-2.0/test.scalable-learning.com.xml index b6e0195d..25d40679 100644 --- a/swamid-2.0/test.scalable-learning.com.xml +++ b/swamid-2.0/test.scalable-learning.com.xml @@ -27,25 +27,26 @@ <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> - MIIDjjCCAnYCCQD6bDhuARPmYjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC - U0UxEjAQBgNVBAgMCVNUT0NLSE9MTTESMBAGA1UEBwwJU1RPQ0tIT0xNMRowGAYD - VQQKDBFTQ0FMQUJMRSBMRUFSTklORzEQMA4GA1UECwwHc2NhbGVhcjEjMCEGA1UE - AwwadGVzdC5zY2FsYWJsZS1sZWFybmluZy5jb20wHhcNMTcwOTI3MDgzMTQyWhcN - MTgwOTI3MDgzMTQyWjCBiDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVNUT0NLSE9M - TTESMBAGA1UEBwwJU1RPQ0tIT0xNMRowGAYDVQQKDBFTQ0FMQUJMRSBMRUFSTklO - RzEQMA4GA1UECwwHc2NhbGVhcjEjMCEGA1UEAwwadGVzdC5zY2FsYWJsZS1sZWFy - bmluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPYtv2obOV - NRyVFwnXcl0pdqz8LHo/vkJGPHc8UHla8w+ceQQ7NZlmSeVOvXskStYwqh4HzAyk - FmTb7hkCTP9yRnLrLTZUd6z2q0I0Skdo8A8r02mFfDPFin049/pqau9dlwbvLQyL - IDcp2iqGeudpkikl7Gn7/zBkERCtwmiROAIs9B9m5VoAddLp/oVGnmErSPj0iVBu - FB9kTiPoix5UFbTVGYhRFZiy6vFYfanBf9TucRpP8MicE3pLsYQ3IcIT9gcAtpyb - Y/GhHejXuxzEJ9QOkO1vRsL93ddxlAtWzewtBE8kKZYMbIkq5TyceQ1aTTVgKHqZ - /pu/6E8ChiIJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAArZpa7OBUjTOSp0aXWb - q9AMWAahZ8MH6IrjVd+nY9/WFERMDSy8fSW8S8Zch6H8TZwAdqqTKjcfzuaGYNae - 4uwkG0fHi6nlEEljfowmBNg1nY3rceIr8p2RbR/lZMklRwC/hHYvcBHNgnNqaviY - BnO5qnr3Ov0IVCatIGz4tMSRCdfjSP5s+gSRf9Kuj6LyR+4wR/hQTsLAIr/brVYs - 5DMCb/JBHOz262215XBMB/sWKKr4XiyZC1Idn/EYeA7AmIj4lyV1qePVDLod2ZSJ - bx/F0bA8M0pIwZ3aRpz46PGKsrOMlcZrzR9F2Bz6KMWpaD/NPK4NxXroOtDpM0ej EV0= +MIIDjjCCAnYCCQDfKJofoJ7XrzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC +U0UxEjAQBgNVBAgMCVNUT0NLSE9MTTESMBAGA1UEBwwJU1RPQ0tIT0xNMRowGAYD +VQQKDBFTQ0FMQUJMRSBMRUFSTklORzEQMA4GA1UECwwHc2NhbGVhcjEjMCEGA1UE +AwwadGVzdC5zY2FsYWJsZS1sZWFybmluZy5jb20wHhcNMTgwNjIwMDk1NTU0WhcN +MjgwNjE3MDk1NTU0WjCBiDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVNUT0NLSE9M +TTESMBAGA1UEBwwJU1RPQ0tIT0xNMRowGAYDVQQKDBFTQ0FMQUJMRSBMRUFSTklO +RzEQMA4GA1UECwwHc2NhbGVhcjEjMCEGA1UEAwwadGVzdC5zY2FsYWJsZS1sZWFy +bmluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPYtv2obOV +NRyVFwnXcl0pdqz8LHo/vkJGPHc8UHla8w+ceQQ7NZlmSeVOvXskStYwqh4HzAyk +FmTb7hkCTP9yRnLrLTZUd6z2q0I0Skdo8A8r02mFfDPFin049/pqau9dlwbvLQyL +IDcp2iqGeudpkikl7Gn7/zBkERCtwmiROAIs9B9m5VoAddLp/oVGnmErSPj0iVBu +FB9kTiPoix5UFbTVGYhRFZiy6vFYfanBf9TucRpP8MicE3pLsYQ3IcIT9gcAtpyb +Y/GhHejXuxzEJ9QOkO1vRsL93ddxlAtWzewtBE8kKZYMbIkq5TyceQ1aTTVgKHqZ +/pu/6E8ChiIJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADsgavTeaBYlECOLO/k+ +QtRy+R92n4pICy6QGWV0aOhPX6yL2FGdQmwieM5SgO85EFbpuAhAhwOUpMwO5Uvj +/aYx8wlRj2ucYZh+H7T3bcx/9wSasFGKJkI12gxcbULCC+nHZNGvzwPkXLTanFwI +L2kfOgLGzY9b9GOAncizHV4r83H0GHo8pbgKLYBY9ssD9IyetT+FhoH6DFQwDL/1 +j1SV5ez/228XSJoGmLVTT5E/x48Q2ZNPTqvuUb1w7CgDE39KfHXi2t5x8AcwzOYZ +YN8K5nluRz9hxbHa0Gq8gmredDMer3VIw7UdQxUIeYyTblls9UEfwt4gs2yM3Rac +b4Y= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> diff --git a/swamid-2.0/testidpv3.lu.se-idp-shibboleth.xml b/swamid-2.0/testidpv3.lu.se-idp-shibboleth.xml new file mode 100644 index 00000000..b3b3c092 --- /dev/null +++ b/swamid-2.0/testidpv3.lu.se-idp-shibboleth.xml @@ -0,0 +1,130 @@ +<?xml version="1.0" encoding="UTF-8"?> +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://testidpv3.lu.se/idp/shibboleth"> + <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0"> + <Extensions> + <shibmd:Scope regexp="false">lu.se</shibmd:Scope> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">Lunds universitet (Test UWDEV)</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Lund University (Test UWDEV)</mdui:DisplayName> + <mdui:Description xml:lang="sv">Testidentitetstjänst för anställda och studenter vid Lunds universitet</mdui:Description> + <mdui:Description xml:lang="en">Test identity Provider for employees and students at Lund University</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://www.lu.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://www.lunduniversity.lu.se/</mdui:InformationURL> + <mdui:Logo xml:lang="sv" height="78" width="450">https://testidpv3.lu.se/idp/images/LU_swe_logo_450px.jpg</mdui:Logo> + <mdui:Logo xml:lang="en" height="78" width="382">https://testidpv3.lu.se/idp/images/LU_eng_logo_382px.jpg</mdui:Logo> + <mdui:Keywords xml:lang="sv">lu lth</mdui:Keywords> + <mdui:Keywords xml:lang="en">lu lth</mdui:Keywords> + </mdui:UIInfo> + </Extensions> + <KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDKDCCAhCgAwIBAgIVALhP8V/8MjD12w9SlT7wI5GFVmfrMA0GCSqGSIb3DQEB +CwUAMBoxGDAWBgNVBAMMD3Rlc3RpZHB2My5sdS5zZTAeFw0xODAyMjMxMDM5MDNa +Fw0zODAyMjMxMDM5MDNaMBoxGDAWBgNVBAMMD3Rlc3RpZHB2My5sdS5zZTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT4Cd0FoZfaVmbHyewMNzwDZnNt +6C1bO9yjfnWMD8Z3Idf1OkxD7VcaNkE4HHC2ReBOhJ3PvcuuPr53oSL5JEHIzye1 +9EnLSRw/P63qdDprjdUZwXgB4zHx7lSpU3xPcojaKfoew3ugV6Ox1nkof/ASDGZJ +lXmbb2h0OlJhMHMhQXUkHdvw23Kh4ZYF37iDZIqDXiDVUC6Wt1rHKU9fYvC5odOc +yi6tZhNq9zsgpj6QhptZKrH85yXVtQxEz0P+25ulH2WsRWjlNsdyQEVJbmG8CYdH +/KrvXQBPQyA0mPp/UQDA3gIZ+QASNaplRnZM/h7kHG4N7RFFMEaupSqil9ECAwEA +AaNlMGMwHQYDVR0OBBYEFONBuOA+8iyG5rCorx66+QSKpKPtMEIGA1UdEQQ7MDmC +D3Rlc3RpZHB2My5sdS5zZYYmaHR0cHM6Ly90ZXN0aWRwdjMubHUuc2UvaWRwL3No +aWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBABmNEsp90BvPGkAMr0SeCUDTyeSi +ePwXfY9BHVUfEOSWn2O8Q295EYtZfNDpVoPshJZmg5VTXuieUUVEHHqg/qUDLyvh +hhDGlkZsGGP3RGTdgIYqhCMVNdDozPQND9tkgdZY5hMNdrpkRxPwpdbgsNlOxCk9 +kVdHOyiO/TKUujQUqwYGlh3Zjt/cQNLWCO5GGxEfS2H4BI29OnEJFzBfwAmWhn5y +JEamAfj872ShWAGbUza9vtUlyXoKjGeSZRSbKOiWD8Ev6+AeuJIGn6vsASVi+/Tl +szkY0fk7XyrqJWbMdgd/wnIxDzHJM7cGR661Lyq0bQvvIRqagY5Tf12+uQI= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDKDCCAhCgAwIBAgIVAJu7yWxOQLK9cJdG0Q30vZJZOEa8MA0GCSqGSIb3DQEB +CwUAMBoxGDAWBgNVBAMMD3Rlc3RpZHB2My5sdS5zZTAeFw0xODAyMjMxMDM5MDJa +Fw0zODAyMjMxMDM5MDJaMBoxGDAWBgNVBAMMD3Rlc3RpZHB2My5sdS5zZTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJsA06Wmxm9LBEi+w1g+ywRiO6du +EfKnhb5xKsrfhx4LbT67AAPm+6Ou6GOlJM6reUVvoRpIc5JJTTSHP2oCavqKowhh +4xeZQPr/qVfqUnwnALGSPdMlLMNy7hHiVXP/jp5l0UbM4Sea3rnO5iYmDoXqmNb9 +9GyAhFk4RaNhaHrirCU6cMUogqNJf5uYVUl6nOOuEfwSeygqbxyJAkXnHOVZOLu6 +8ZCSssGIqj4FO0fOU03pBmpYeACJ18nCn23jnDYI1Lw+URVGr22E/tU2tpw4fdzZ +LwME0txREn717s9yaUGs7AgrV03l5TJagNV8UJHVTopuhsjTSNEzlgiB6f0CAwEA +AaNlMGMwHQYDVR0OBBYEFMZmL3DBW3pRh938oZp1TQmJyRxxMEIGA1UdEQQ7MDmC +D3Rlc3RpZHB2My5sdS5zZYYmaHR0cHM6Ly90ZXN0aWRwdjMubHUuc2UvaWRwL3No +aWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAJSIZBkiDTEiBmyRSa3FjEHhLfdk +UVoBzoKWVih2MZgzZnkRiFdpMxp3ZHgX/WMUIMbVS6DpOMU4ObYaEaI2yO15ifdJ +yHzRYCHTxRiefseTGXuEslF5ybeC1HySvIl/YBQq6YOTxQ9AyCTke8vuMWfErDDL +q7LHEMMnMKFesjzZg/RtnvDhf9XvTg1+I4V74/W17cAsNHkfajR+0LpdpqihyLzj +rz80zeQFncgcnc7tshZDf98W7uGn5fZ29IEq+rYpTh+1APWpr2fqn7w394zo2p1I +NbvKYWjuGpx/VkVNsG6rkKfY//8BHcOHkJgcLoTUqr3PMFGWPtNeJxpfsDs= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDKDCCAhCgAwIBAgIVAPPwjPtxFG5P/jWKxOpiFuh9ZvtXMA0GCSqGSIb3DQEB +CwUAMBoxGDAWBgNVBAMMD3Rlc3RpZHB2My5sdS5zZTAeFw0xODAyMjMxMDM5MDNa +Fw0zODAyMjMxMDM5MDNaMBoxGDAWBgNVBAMMD3Rlc3RpZHB2My5sdS5zZTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANaL2ga5WIVRqtKRKIZFWrbvRDF+ +1lqvrDJpEiMsc0C8TUZvzltq915imDp4Ot2SPVOdxOcOLjzjZySMDgzOD9RRxIFU +s9twOv+pzllGmyMalmkTHXSVkIe28Xz4O/4kssDpRXupXsnHNtsES7U0FqNInBEq +ZPqxm/cScmDR3XafkTnMkmVpw+pvwy2SlynnOGwe7n/OISQd0lUBmPwlAE9caWLF +bo6miz0PJXQ4/O4BD9nUu4aP3h7bgslWgfbrPaCJfAunt8Ss3pOjAsJM2QnVCNBe +XtZYEl4BgJyZy3b4htsXm+bVpoOPi+/TYISmUMd4x30Y3K23HX7u3ACma8UCAwEA +AaNlMGMwHQYDVR0OBBYEFLvdNkT0k42GBBqKG5svUKnkBNOYMEIGA1UdEQQ7MDmC +D3Rlc3RpZHB2My5sdS5zZYYmaHR0cHM6Ly90ZXN0aWRwdjMubHUuc2UvaWRwL3No +aWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBADSXnKNwgONI2zASv47QIA1rQAu7 +64v6JhmBUCtSCHOsO1PaMsh/FnidzPjO0nOV1ajsXfBT5AmIqSuiEOstqi+DPjsE +/aeFaceVxD3pY+dF7RSqaK5lS379+YIXochdcT5rPV1JF4CnKCXEWZZtHDxNrAVV +OkywuMSzt7l3kLUV1UU2nQlCH+L40CBzy2No2c9hhTwtwVci1mIg9hOGxu8k30pE +SqU+2BuEvGE7lU9qCjRAWwizbocxcFyMgjOp27KZECTaSz7xTOf80EwbUdl/bOG5 +tG9PjRBKf1z043u2YbWxjTSPUmchxSZoACzzOtSs6D6EetuRqhGHKjT7T6o= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://testidpv3.lu.se:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://testidpv3.lu.se:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://testidpv3.lu.se/idp/profile/SAML2/Redirect/SLO"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://testidpv3.lu.se/idp/profile/SAML2/POST/SLO"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://testidpv3.lu.se:8443/idp/profile/SAML2/SOAP/SLO"/> + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://testidpv3.lu.se/idp/profile/Shibboleth/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://testidpv3.lu.se/idp/profile/SAML2/POST/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://testidpv3.lu.se/idp/profile/SAML2/Redirect/SSO"/> + </IDPSSODescriptor> + <Organization> + <OrganizationName xml:lang="en">LU</OrganizationName> + <OrganizationDisplayName xml:lang="sv">Lunds universitet (Test UWDEV)</OrganizationDisplayName> + <OrganizationDisplayName xml:lang="en">Lund University (Test UWDEV)</OrganizationDisplayName> + <OrganizationURL xml:lang="en">https://www.lu.se/</OrganizationURL> + </Organization> + <ContactPerson contactType="administrative"> + <GivenName>Eskil</GivenName> + <SurName>Swahn</SurName> + <EmailAddress>mailto:eskil.swahn@ldc.lu.se</EmailAddress> + </ContactPerson> + <ContactPerson contactType="technical"> + <GivenName>Johan</GivenName> + <SurName>Silverup</SurName> + <EmailAddress>mailto:johan.silverup@ldc.lu.se</EmailAddress> + </ContactPerson> + <ContactPerson contactType="support"> + <SurName>LU Servicedesk</SurName> + <EmailAddress>mailto:servicedesk@lu.se</EmailAddress> + </ContactPerson> + <ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security"> + <GivenName>IRT Lund University</GivenName> + <EmailAddress>mailto:abuse@lu.se</EmailAddress> + <TelephoneNumber>+46462229000</TelephoneNumber> + </ContactPerson> +</EntityDescriptor> diff --git a/swamid-2.0/tsidp1.test.bth.se-idp-shibboleth.xml b/swamid-2.0/tsidp1.test.bth.se-idp-shibboleth.xml new file mode 100644 index 00000000..dc128e52 --- /dev/null +++ b/swamid-2.0/tsidp1.test.bth.se-idp-shibboleth.xml @@ -0,0 +1,234 @@ +<?xml version="1.0" encoding="UTF-8"?> +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://tsidp1.test.bth.se/idp/shibboleth"> + <Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> + </samla:Attribute> + <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns="" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml:AttributeValue>https://refeds.org/sirtfi</saml:AttributeValue> + </saml:Attribute> + </mdattr:EntityAttributes> + </Extensions> + <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0"> + <Extensions> + <shibmd:Scope regexp="false">bth.se</shibmd:Scope> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">Blekinge Tekniska Högskola (MFA-TEST)</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">Blekinge Institute of Technology (MFA-TEST)</mdui:DisplayName> + <mdui:Description xml:lang="sv">Identity Provider för Blekinge Tekniska Högskola</mdui:Description> + <mdui:Description xml:lang="en">Identity Provider for Blekinge Institute of Technology</mdui:Description> + <mdui:InformationURL xml:lang="sv">http://www.bth.se</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">http://www.bth.se/eng</mdui:InformationURL> + <mdui:Keywords xml:lang="sv">BTH Blekinge+Tekniska+Högskola Blekinge+Institute+of+Technology</mdui:Keywords> + <mdui:Keywords xml:lang="en">BTH Blekinge+Tekniska+Högskola Blekinge+Institute+of+Technology</mdui:Keywords> + <mdui:Logo height="139" width="114">https://idp2.bth.se/idp/images/logo_bth.png</mdui:Logo> + </mdui:UIInfo> + <mdui:DiscoHints> + <mdui:DomainHint>bth.se</mdui:DomainHint> + <mdui:IPHint>193.11.184.0/21</mdui:IPHint> + <mdui:IPHint>194.47.128.0/19</mdui:IPHint> + <mdui:IPHint>2001:6b0:2a::/48</mdui:IPHint> + <mdui:GeolocationHint>geo:56.181775,15.590592</mdui:GeolocationHint> + </mdui:DiscoHints> + </Extensions> + <KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDNDCCAhygAwIBAgIVAL4JZ5OOlFGEHPs/Rpjzz0BEIU9XMA0GCSqGSIb3DQEB +CwUAMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5zZTAeFw0xODA2MjkwNjQw +MTFaFw0zODA2MjkwNjQwMTFaMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnTxlqrR7kGUpj2gTeG +xrufYI+QHqbitYaomZLM9FGyHyn0S49UrHJouEzKb/1yiobs4ciElORhYiRdAQSD +x3djXkqj3oeFFwHuhErIuFC1SumAMb5uZ+eFR4B0tGhwv2WKVY+QLm0DPmZUBKlQ +rl9ONB4fg3ZZyZYEXgzDcA3HJqagwkUfoxGUFPMHGl/ktwtuHjmtEWcDOZlH79on +wgQ8RC/CPlxUUeZwdijSyY37Vxf0G3mNHEnLjdeYvf7SozFjKYc6Fk4nZDAzfLo5 +J9bWkmy9sjWXc1UNBKqkLlk/NcVrTt+xuXcUfIEtdpVFA5GKgVgtsx/9QK41+0z7 +D9ECAwEAAaNrMGkwHQYDVR0OBBYEFKQd93TojM9FkDf8YdxAQzOnwLvsMEgGA1Ud +EQRBMD+CEnRzaWRwMS50ZXN0LmJ0aC5zZYYpaHR0cHM6Ly90c2lkcDEudGVzdC5i +dGguc2UvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAB02tudjah94 +qK/F96OeG1lrEGqt2lLviDqnWFw289KqK8fxEP5NjP+2MUUAv51KeYvQcI+jughp +xflYTjPt5TjiusNh11AlHstk1agy8CzXjDFs5raZKsvs5eGUyg1WMUnUTPB4ctKv +eF2SM7dfA7NnVnYU78TWD4lRz9uDQ/nDnXtp3Xj3PrpxJ9v9iEH2/VgN4eDg19YY +tK8vyOBA/Q5i6jWD8hSw8x+M/iFxzQi9XIWCOOZnWrXSs9NonN9tkPalrWbzV1oE +q4jW6Zn3MM4pFOliVEaVKC+6cgFKZdN3yflEkkCoduyAU0w3vCFGx2XF1R1p4k6V +J+GfqsC+ns8= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDNDCCAhygAwIBAgIVAMCjk4hwZmk9nF0zuV584r5x06YnMA0GCSqGSIb3DQEB +CwUAMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5zZTAeFw0xODA2MjkwNjQw +MTBaFw0zODA2MjkwNjQwMTBaMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAInOwXVLwv6hAnRAOQDI +tdb9IlM/H+6xQ3eK0LOuWIda3Y0OiTpmv9BjD8jX9DL3vpSpv66bv7ifA9MKrreW +VFQNZeG0xeqtsoabiITA1Od0en7+ck1hooRSoRo+CUQLUFgaaUBbR0RZGHk4SvoB +VStHnYN19yLNL+RsrjeP3oSZcPr+jj55gOdQGxhEOy6Wcovt8RbDahNhg1DWpXyS +/SENPP/WaYOF56Gb9Jpp7KUOUzGzBXFJTU2E8RVo4guwnBpX3yazbiivdnFpXNYb +YwUByFoR9sEJLXdzUlVHMDDyKbWDS6Auu5MHZuL+bnKmBWG/hdcTlhq2yLqIQ8eN +rbUCAwEAAaNrMGkwHQYDVR0OBBYEFMZH7tXKMYc372JP87HK33LmHu7FMEgGA1Ud +EQRBMD+CEnRzaWRwMS50ZXN0LmJ0aC5zZYYpaHR0cHM6Ly90c2lkcDEudGVzdC5i +dGguc2UvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAHdnZz8ynbnd +3njvoTMbnP+XF+54xbc0ub+agBPgvRJLw/P0ZInpMsRHr8tc8Moqge3OR4fXPoD8 +oQ9oyHQ4XZUNrNX1xZoyA2VTfiHE4LqdqHTxGFyH16DULFPQJikzqzjv8XbMrZUx +NMVEBzWV5C1ABy5j/tRlKHou8PV7Q5ENqP/jGU0bmuReuU3wd1h1FhEvVx4rkkRO +wwC7smIOjZq3ObHtcwDfv5oEdCOMW6xrWtg+R8VNM9Sm3WYFB3GbZiTCKVwkXudZ +kFPwyMVFaFDMzFZ9P2PgZEoF7X5dYttC5cKU1J/rSLXUWn373al6guxkl1YCZ4SA +amiWSFUkXv0= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDNDCCAhygAwIBAgIVAIeQ6gXNRt2npgOwh7kJuoB7pEUYMA0GCSqGSIb3DQEB +CwUAMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5zZTAeFw0xODA2MjkwNjQw +MTFaFw0zODA2MjkwNjQwMTFaMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIY/wKxfxIkjQtbxtjBY +L82AyvTBaHj5m55HsQwNNo7Zxb2nPT+MAcfr8TDD367pAi7O1+RQ+JlmULmJ5lsJ +9NGvOBM8BzzC07qzGY1bgGd7Kurd6Fpu4zPWhg/9VCgRADtKy1S5eKcpvR+xaoZT +1SMBQAGiMbon1eHGgy01Nkg2pARLeMVQojiAIGngznysALUXd1pGOgaOoaC1ldUe +iVW2jmZfa4I6q44HfKRpdm40Sy0BDQXPpGW5xMRkXs2yzm6s3v8fht9I1D2PNYT6 +mFVNiRwoqAHNA+0CgNvf+uAANRO1M6Tq+SbhgWf7GvORJ6TiyuWUdGCh5nJaQbyB +3osCAwEAAaNrMGkwHQYDVR0OBBYEFNZxQS4WYPDYGrNKSyUKENHjaJgMMEgGA1Ud +EQRBMD+CEnRzaWRwMS50ZXN0LmJ0aC5zZYYpaHR0cHM6Ly90c2lkcDEudGVzdC5i +dGguc2UvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAAED/q+MHali +B5I1PHP+mMX7CRTJGBHhuOQQaWNDkEt0hzK+O2RBQHKXKalqR+dL42nnqLzQsnOh +CVEzP3sXwjzQhE/paWIz/DxNTu6hR+5KDzJRx5q6t9PPeF9ijhpaegniLKOqJ0QY +NNNV1Qh02+9sRHujAKO2uJcvvT4y4Zdsd7kkRBlzghH+RC5nqmf6Rj2i9wR2AOVU +VcVDrApXQqd7WhKMFpFuZGyCxaY9Fc/KvEddZ0GBJJQbjHTSRKIH6XlQZWlPZjC/ +ZYyThfo2+RLyEkSS2gQdvq9gTwttlzSTPNeTluLpIiBeIJxHSZG+LRuVlvJ7mse+ +qW+WsHaRP1g= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://tsidp1.test.bth.se:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://tsidp1.test.bth.se:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/> + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://tsidp1.test.bth.se/idp/profile/Shibboleth/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tsidp1.test.bth.se/idp/profile/SAML2/POST/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tsidp1.test.bth.se/idp/profile/SAML2/Redirect/SSO"/> + </IDPSSODescriptor> + <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol"> + <Extensions> + <shibmd:Scope regexp="false">bth.se</shibmd:Scope> + </Extensions> + <KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDNDCCAhygAwIBAgIVAL4JZ5OOlFGEHPs/Rpjzz0BEIU9XMA0GCSqGSIb3DQEB +CwUAMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5zZTAeFw0xODA2MjkwNjQw +MTFaFw0zODA2MjkwNjQwMTFaMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnTxlqrR7kGUpj2gTeG +xrufYI+QHqbitYaomZLM9FGyHyn0S49UrHJouEzKb/1yiobs4ciElORhYiRdAQSD +x3djXkqj3oeFFwHuhErIuFC1SumAMb5uZ+eFR4B0tGhwv2WKVY+QLm0DPmZUBKlQ +rl9ONB4fg3ZZyZYEXgzDcA3HJqagwkUfoxGUFPMHGl/ktwtuHjmtEWcDOZlH79on +wgQ8RC/CPlxUUeZwdijSyY37Vxf0G3mNHEnLjdeYvf7SozFjKYc6Fk4nZDAzfLo5 +J9bWkmy9sjWXc1UNBKqkLlk/NcVrTt+xuXcUfIEtdpVFA5GKgVgtsx/9QK41+0z7 +D9ECAwEAAaNrMGkwHQYDVR0OBBYEFKQd93TojM9FkDf8YdxAQzOnwLvsMEgGA1Ud +EQRBMD+CEnRzaWRwMS50ZXN0LmJ0aC5zZYYpaHR0cHM6Ly90c2lkcDEudGVzdC5i +dGguc2UvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAB02tudjah94 +qK/F96OeG1lrEGqt2lLviDqnWFw289KqK8fxEP5NjP+2MUUAv51KeYvQcI+jughp +xflYTjPt5TjiusNh11AlHstk1agy8CzXjDFs5raZKsvs5eGUyg1WMUnUTPB4ctKv +eF2SM7dfA7NnVnYU78TWD4lRz9uDQ/nDnXtp3Xj3PrpxJ9v9iEH2/VgN4eDg19YY +tK8vyOBA/Q5i6jWD8hSw8x+M/iFxzQi9XIWCOOZnWrXSs9NonN9tkPalrWbzV1oE +q4jW6Zn3MM4pFOliVEaVKC+6cgFKZdN3yflEkkCoduyAU0w3vCFGx2XF1R1p4k6V +J+GfqsC+ns8= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDNDCCAhygAwIBAgIVAMCjk4hwZmk9nF0zuV584r5x06YnMA0GCSqGSIb3DQEB +CwUAMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5zZTAeFw0xODA2MjkwNjQw +MTBaFw0zODA2MjkwNjQwMTBaMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAInOwXVLwv6hAnRAOQDI +tdb9IlM/H+6xQ3eK0LOuWIda3Y0OiTpmv9BjD8jX9DL3vpSpv66bv7ifA9MKrreW +VFQNZeG0xeqtsoabiITA1Od0en7+ck1hooRSoRo+CUQLUFgaaUBbR0RZGHk4SvoB +VStHnYN19yLNL+RsrjeP3oSZcPr+jj55gOdQGxhEOy6Wcovt8RbDahNhg1DWpXyS +/SENPP/WaYOF56Gb9Jpp7KUOUzGzBXFJTU2E8RVo4guwnBpX3yazbiivdnFpXNYb +YwUByFoR9sEJLXdzUlVHMDDyKbWDS6Auu5MHZuL+bnKmBWG/hdcTlhq2yLqIQ8eN +rbUCAwEAAaNrMGkwHQYDVR0OBBYEFMZH7tXKMYc372JP87HK33LmHu7FMEgGA1Ud +EQRBMD+CEnRzaWRwMS50ZXN0LmJ0aC5zZYYpaHR0cHM6Ly90c2lkcDEudGVzdC5i +dGguc2UvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAHdnZz8ynbnd +3njvoTMbnP+XF+54xbc0ub+agBPgvRJLw/P0ZInpMsRHr8tc8Moqge3OR4fXPoD8 +oQ9oyHQ4XZUNrNX1xZoyA2VTfiHE4LqdqHTxGFyH16DULFPQJikzqzjv8XbMrZUx +NMVEBzWV5C1ABy5j/tRlKHou8PV7Q5ENqP/jGU0bmuReuU3wd1h1FhEvVx4rkkRO +wwC7smIOjZq3ObHtcwDfv5oEdCOMW6xrWtg+R8VNM9Sm3WYFB3GbZiTCKVwkXudZ +kFPwyMVFaFDMzFZ9P2PgZEoF7X5dYttC5cKU1J/rSLXUWn373al6guxkl1YCZ4SA +amiWSFUkXv0= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIDNDCCAhygAwIBAgIVAIeQ6gXNRt2npgOwh7kJuoB7pEUYMA0GCSqGSIb3DQEB +CwUAMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5zZTAeFw0xODA2MjkwNjQw +MTFaFw0zODA2MjkwNjQwMTFaMB0xGzAZBgNVBAMMEnRzaWRwMS50ZXN0LmJ0aC5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIY/wKxfxIkjQtbxtjBY +L82AyvTBaHj5m55HsQwNNo7Zxb2nPT+MAcfr8TDD367pAi7O1+RQ+JlmULmJ5lsJ +9NGvOBM8BzzC07qzGY1bgGd7Kurd6Fpu4zPWhg/9VCgRADtKy1S5eKcpvR+xaoZT +1SMBQAGiMbon1eHGgy01Nkg2pARLeMVQojiAIGngznysALUXd1pGOgaOoaC1ldUe +iVW2jmZfa4I6q44HfKRpdm40Sy0BDQXPpGW5xMRkXs2yzm6s3v8fht9I1D2PNYT6 +mFVNiRwoqAHNA+0CgNvf+uAANRO1M6Tq+SbhgWf7GvORJ6TiyuWUdGCh5nJaQbyB +3osCAwEAAaNrMGkwHQYDVR0OBBYEFNZxQS4WYPDYGrNKSyUKENHjaJgMMEgGA1Ud +EQRBMD+CEnRzaWRwMS50ZXN0LmJ0aC5zZYYpaHR0cHM6Ly90c2lkcDEudGVzdC5i +dGguc2UvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAAED/q+MHali +B5I1PHP+mMX7CRTJGBHhuOQQaWNDkEt0hzK+O2RBQHKXKalqR+dL42nnqLzQsnOh +CVEzP3sXwjzQhE/paWIz/DxNTu6hR+5KDzJRx5q6t9PPeF9ijhpaegniLKOqJ0QY +NNNV1Qh02+9sRHujAKO2uJcvvT4y4Zdsd7kkRBlzghH+RC5nqmf6Rj2i9wR2AOVU +VcVDrApXQqd7WhKMFpFuZGyCxaY9Fc/KvEddZ0GBJJQbjHTSRKIH6XlQZWlPZjC/ +ZYyThfo2+RLyEkSS2gQdvq9gTwttlzSTPNeTluLpIiBeIJxHSZG+LRuVlvJ7mse+ +qW+WsHaRP1g= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://tsidp1.test.bth.se:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> + </AttributeAuthorityDescriptor> + <Organization> + <OrganizationName xml:lang="en">BTH</OrganizationName> + <OrganizationDisplayName xml:lang="sv">Blekinge Tekniska Högskola (MFA-TEST)</OrganizationDisplayName> + <OrganizationDisplayName xml:lang="en">Blekinge Institute of Technology (MFA-TEST)</OrganizationDisplayName> + <OrganizationURL xml:lang="en">http://www.bth.se</OrganizationURL> + </Organization> + <ContactPerson contactType="administrative"> + <Company>Blekinge Institute of Technology</Company> + <SurName>IT Helpdesk</SurName> + <EmailAddress>mailto:ithelpdesk@bth.se</EmailAddress> + <TelephoneNumber>+46 455 38 51 00</TelephoneNumber> + </ContactPerson> + <ContactPerson contactType="technical"> + <Company>Blekinge Institute of Technology</Company> + <SurName>IT Helpdesk</SurName> + <EmailAddress>mailto:ithelpdesk@bth.se</EmailAddress> + <TelephoneNumber>+46 455 38 51 00</TelephoneNumber> + </ContactPerson> + <ContactPerson contactType="support"> + <Company>Blekinge Institute of Technology</Company> + <SurName>IT Helpdesk</SurName> + <EmailAddress>mailto:ithelpdesk@bth.se</EmailAddress> + <TelephoneNumber>+46 455 381500</TelephoneNumber> + </ContactPerson> + <ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security"> + <GivenName>Security Response Team</GivenName> + <EmailAddress>mailto:abuse@bth.se</EmailAddress> + </ContactPerson> +</EntityDescriptor> diff --git a/swamid-2.0/us.cloudmore.com-shibboleth.xml b/swamid-2.0/us.cloudmore.com-shibboleth.xml index 4cce3d13..48a1d5b2 100644 --- a/swamid-2.0/us.cloudmore.com-shibboleth.xml +++ b/swamid-2.0/us.cloudmore.com-shibboleth.xml @@ -30,7 +30,7 @@ <mdui:Description xml:lang="en">Cloud Brokerage Platform for IT, Business and Public Sector</mdui:Description> <mdui:InformationURL xml:lang="en">http://web.cloudmore.com/</mdui:InformationURL> <mdui:Logo xml:lang="en" height="300" width="300">https://us.cloudmore.com/Files/Uploads/Shibboleth/Cloudmore-green-icon.png</mdui:Logo> - <mdui:PrivacyStatementURL xml:lang="en">https://web.cloudmore.com/hubfs/terms/Cloudmore%20Privacy%20Policy%20v2017-04.pdf</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">http://web.cloudmore.com/privacy/cloudmore-data-processing-terms</mdui:PrivacyStatementURL> </mdui:UIInfo> <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://us.cloudmore.com/Shibboleth.sso/Login"/> </md:Extensions> diff --git a/swamid-2.0/weblogin.kau.se-idp-shibboleth.xml b/swamid-2.0/weblogin.kau.se-idp-shibboleth.xml index 08a51405..2e9cf327 100644 --- a/swamid-2.0/weblogin.kau.se-idp-shibboleth.xml +++ b/swamid-2.0/weblogin.kau.se-idp-shibboleth.xml @@ -208,9 +208,11 @@ cHgs7D1QiqGixbmFlSZyPcCPcIzPDzRaoXyb+yKQy31QP/VEt8VGXH5H2A== </AttributeAuthorityDescriptor> <Organization> <OrganizationName xml:lang="en">KAU</OrganizationName> + <OrganizationName xml:lang="sv">KAU</OrganizationName> <OrganizationDisplayName xml:lang="sv">Karlstads universitet</OrganizationDisplayName> <OrganizationDisplayName xml:lang="en">Karlstad University</OrganizationDisplayName> - <OrganizationURL xml:lang="en">http://www.kau.se</OrganizationURL> + <OrganizationURL xml:lang="en">http://www.kau.se/en</OrganizationURL> + <OrganizationURL xml:lang="sv">http://www.kau.se</OrganizationURL> </Organization> <ContactPerson contactType="administrative"> <Company>Karlstad University</Company> diff --git a/swamid-2.0/webproxysrv.uniarts.se-adfs-services-trust.xml b/swamid-2.0/webproxysrv.uniarts.se-adfs-services-trust.xml index c8b4940f..26190888 100644 --- a/swamid-2.0/webproxysrv.uniarts.se-adfs-services-trust.xml +++ b/swamid-2.0/webproxysrv.uniarts.se-adfs-services-trust.xml @@ -1,631 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://webproxysrv.uniarts.se/adfs/services/trust"> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="SKH Federation Services"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFUDCCBDigAwIBAgIQDjYX0Tt8ykO4l5acarpnTDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNTEwMjgwMDAwMDBaFw0xODExMDExMjAwMDBaMIGQMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xKzApBgNVBAoMIlN0b2NraG9sbXMga29uc3Ruw6RybGlnYSBow7Znc2tvbGExCzAJBgNVBAsTAklUMR8wHQYDVQQDExZ3ZWJwcm94eXNydi51bmlhcnRzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph5zfUwm/ttNeSs235cO+bVcGVQN7KZ0fCNbrcdIIczu428JAWxQNtLXr1XFryearsfSCYMxTNxfL80so7f+h/wXh98GYI6l0oYKUxRBtWNPuaGPS1Zj8c8dP+rTur+n5B8Y+oi2lJZyUCpx37zsIDpnWWVmRf6AOH9a7NZ5TziA4NQKc7RhIPpGP1owtAEKUCwmxBLVdeTnKK0P76vHwKkmANRo2mpDh2KNGIWfCL92uapxZnJLnw139X4tK2+Y3e/B95VFLthmJaO39SyDg0Z5+tGbOM07O5az6Bxd0U+tyn50DgcDR+n1fXEnYKzZZ6RwXtAmfsKaxnILTxWkuQIDAQABo4IBzzCCAcswHwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFHUjEnJ9NYIsk9drv73ycdYQMcAJMCEGA1UdEQQaMBiCFndlYnByb3h5c3J2LnVuaWFydHMuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHAYQ5i9Ruevq0Md4Y5DD7HIjyXfO8rG0iuSTN6og6w7Wnpz4ZgSp/EQfTG+bItV9CoiFlIDOSDMPwYSPeZNo2LPOuCfDtGs5eQWKOBR/3SBm6I8gqkpm1WR7Qr7DjX4Tdpp+GhLmygb/95p0jVCH86PFj67LvOKq1DnVossZ+WdxbnYyEviiXSTEcDsCBMKPSFKy8732SkncX76blNFGKaFtaLYsZg4nAVn39sPOGd1EzrZBq/FYxKlteWKyJRR919W/qi15UbMUx4cvHjjWrXwoHWSatlSu9qKG68blkseUmtN/YQAQh9JyynE0Y/ovNLEs7wKi1X5O/KnSahXUg4=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:ClaimTypesRequested> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" Optional="true"> - <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName> - <auth:Description>Claim för SWAMID 2015-11-18 //LL</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid" Optional="true"> - <auth:DisplayName>norEduPersonNIN</auth:DisplayName> - <auth:Description>Inlagt 2016-03-22 av LL efter tips från Tomas Legat, Södertörn</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesRequested> - <fed:TargetScopes> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/ls/</Address> - </EndpointReference> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>http://webproxysrv.uniarts.se/adfs/services/trust</Address> - </EndpointReference> - </fed:TargetScopes> - <fed:ApplicationServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address> - </EndpointReference> - </fed:ApplicationServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="SKH Federation Services"> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFUDCCBDigAwIBAgIQDjYX0Tt8ykO4l5acarpnTDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNTEwMjgwMDAwMDBaFw0xODExMDExMjAwMDBaMIGQMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xKzApBgNVBAoMIlN0b2NraG9sbXMga29uc3Ruw6RybGlnYSBow7Znc2tvbGExCzAJBgNVBAsTAklUMR8wHQYDVQQDExZ3ZWJwcm94eXNydi51bmlhcnRzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph5zfUwm/ttNeSs235cO+bVcGVQN7KZ0fCNbrcdIIczu428JAWxQNtLXr1XFryearsfSCYMxTNxfL80so7f+h/wXh98GYI6l0oYKUxRBtWNPuaGPS1Zj8c8dP+rTur+n5B8Y+oi2lJZyUCpx37zsIDpnWWVmRf6AOH9a7NZ5TziA4NQKc7RhIPpGP1owtAEKUCwmxBLVdeTnKK0P76vHwKkmANRo2mpDh2KNGIWfCL92uapxZnJLnw139X4tK2+Y3e/B95VFLthmJaO39SyDg0Z5+tGbOM07O5az6Bxd0U+tyn50DgcDR+n1fXEnYKzZZ6RwXtAmfsKaxnILTxWkuQIDAQABo4IBzzCCAcswHwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFHUjEnJ9NYIsk9drv73ycdYQMcAJMCEGA1UdEQQaMBiCFndlYnByb3h5c3J2LnVuaWFydHMuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHAYQ5i9Ruevq0Md4Y5DD7HIjyXfO8rG0iuSTN6og6w7Wnpz4ZgSp/EQfTG+bItV9CoiFlIDOSDMPwYSPeZNo2LPOuCfDtGs5eQWKOBR/3SBm6I8gqkpm1WR7Qr7DjX4Tdpp+GhLmygb/95p0jVCH86PFj67LvOKq1DnVossZ+WdxbnYyEviiXSTEcDsCBMKPSFKy8732SkncX76blNFGKaFtaLYsZg4nAVn39sPOGd1EzrZBq/FYxKlteWKyJRR919W/qi15UbMUx4cvHjjWrXwoHWSatlSu9qKG68blkseUmtN/YQAQh9JyynE0Y/ovNLEs7wKi1X5O/KnSahXUg4=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <fed:TokenTypesOffered> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/> - <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/> - </fed:TokenTypesOffered> - <fed:ClaimTypesOffered> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"> - <auth:DisplayName>E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"> - <auth:DisplayName>Given Name</auth:DisplayName> - <auth:Description>The given name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> - <auth:DisplayName>Name</auth:DisplayName> - <auth:Description>The unique name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> - <auth:DisplayName>UPN</auth:DisplayName> - <auth:Description>The user principal name (UPN) of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> - <auth:DisplayName>Common Name</auth:DisplayName> - <auth:Description>The common name of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> - <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> - <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> - <auth:DisplayName>Group</auth:DisplayName> - <auth:Description>A group that the user is a member of</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> - <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> - <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> - <auth:DisplayName>Role</auth:DisplayName> - <auth:Description>A role that the user has</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"> - <auth:DisplayName>Surname</auth:DisplayName> - <auth:Description>The surname of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"> - <auth:DisplayName>PPID</auth:DisplayName> - <auth:Description>The private identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"> - <auth:DisplayName>Name ID</auth:DisplayName> - <auth:Description>The SAML name identifier of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"> - <auth:DisplayName>Authentication time stamp</auth:DisplayName> - <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"> - <auth:DisplayName>Authentication method</auth:DisplayName> - <auth:Description>The method used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"> - <auth:DisplayName>Deny only group SID</auth:DisplayName> - <auth:Description>The deny-only group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"> - <auth:DisplayName>Deny only primary SID</auth:DisplayName> - <auth:Description>The deny-only primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"> - <auth:DisplayName>Deny only primary group SID</auth:DisplayName> - <auth:Description>The deny-only primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"> - <auth:DisplayName>Group SID</auth:DisplayName> - <auth:Description>The group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"> - <auth:DisplayName>Primary group SID</auth:DisplayName> - <auth:Description>The primary group SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"> - <auth:DisplayName>Primary SID</auth:DisplayName> - <auth:Description>The primary SID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"> - <auth:DisplayName>Windows account name</auth:DisplayName> - <auth:Description>The domain account name of the user in the form of domain\user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true"> - <auth:DisplayName>Is Registered User</auth:DisplayName> - <auth:Description>User is registered to use this device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true"> - <auth:DisplayName>Device Identifier</auth:DisplayName> - <auth:Description>Identifier of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true"> - <auth:DisplayName>Device Registration Identifier</auth:DisplayName> - <auth:Description>Identifier for Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true"> - <auth:DisplayName>Device Registration DisplayName</auth:DisplayName> - <auth:Description>Display name of Device Registration</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true"> - <auth:DisplayName>Device OS type</auth:DisplayName> - <auth:Description>OS type of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true"> - <auth:DisplayName>Device OS Version</auth:DisplayName> - <auth:Description>OS version of the device</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true"> - <auth:DisplayName>Is Managed Device</auth:DisplayName> - <auth:Description>Device is managed by a management service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true"> - <auth:DisplayName>Forwarded Client IP</auth:DisplayName> - <auth:Description>IP address of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true"> - <auth:DisplayName>Client Application</auth:DisplayName> - <auth:Description>Type of the Client Application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true"> - <auth:DisplayName>Client User Agent</auth:DisplayName> - <auth:Description>Device type the client is using to access the application</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true"> - <auth:DisplayName>Client IP</auth:DisplayName> - <auth:Description>IP address of the client</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true"> - <auth:DisplayName>Endpoint Path</auth:DisplayName> - <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true"> - <auth:DisplayName>Proxy</auth:DisplayName> - <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true"> - <auth:DisplayName>Application Identifier</auth:DisplayName> - <auth:Description>Identifier for the Relying Party</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true"> - <auth:DisplayName>Application policies</auth:DisplayName> - <auth:Description>Application policies of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true"> - <auth:DisplayName>Authority Key Identifier</auth:DisplayName> - <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true"> - <auth:DisplayName>Basic Constraint</auth:DisplayName> - <auth:Description>One of the basic constraints of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true"> - <auth:DisplayName>Enhanced Key Usage</auth:DisplayName> - <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true"> - <auth:DisplayName>Issuer</auth:DisplayName> - <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true"> - <auth:DisplayName>Issuer Name</auth:DisplayName> - <auth:Description>The distinguished name of the certificate issuer</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true"> - <auth:DisplayName>Key Usage</auth:DisplayName> - <auth:Description>One of the key usages of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true"> - <auth:DisplayName>Not After</auth:DisplayName> - <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true"> - <auth:DisplayName>Not Before</auth:DisplayName> - <auth:Description>The date in local time on which a certificate becomes valid</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true"> - <auth:DisplayName>Certificate Policies</auth:DisplayName> - <auth:Description>The policies under which the certificate has been issued</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true"> - <auth:DisplayName>Public Key</auth:DisplayName> - <auth:Description>Public Key of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true"> - <auth:DisplayName>Certificate Raw Data</auth:DisplayName> - <auth:Description>The raw data of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true"> - <auth:DisplayName>Subject Alternative Name</auth:DisplayName> - <auth:Description>One of the alternative names of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true"> - <auth:DisplayName>Serial Number</auth:DisplayName> - <auth:Description>The serial number of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true"> - <auth:DisplayName>Signature Algorithm</auth:DisplayName> - <auth:Description>The algorithm used to create the signature of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true"> - <auth:DisplayName>Subject</auth:DisplayName> - <auth:Description>The subject from the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true"> - <auth:DisplayName>Subject Key Identifier</auth:DisplayName> - <auth:Description>Describes the subject key identifier of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true"> - <auth:DisplayName>Subject Name</auth:DisplayName> - <auth:Description>The subject distinguished name from a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true"> - <auth:DisplayName>V2 Template Name</auth:DisplayName> - <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true"> - <auth:DisplayName>V1 Template Name</auth:DisplayName> - <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true"> - <auth:DisplayName>Thumbprint</auth:DisplayName> - <auth:Description>Thumbprint of the certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true"> - <auth:DisplayName>X.509 Version</auth:DisplayName> - <auth:Description>The X.509 format version of a certificate</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true"> - <auth:DisplayName>Inside Corporate Network</auth:DisplayName> - <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true"> - <auth:DisplayName>Password Expiration Time</auth:DisplayName> - <auth:Description>Used to display the time when the password expires</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true"> - <auth:DisplayName>Password Expiration Days</auth:DisplayName> - <auth:Description>Used to display the number of days to password expiry</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true"> - <auth:DisplayName>Update Password URL</auth:DisplayName> - <auth:Description>Used to display the web address of update password service</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true"> - <auth:DisplayName>Authentication Methods References</auth:DisplayName> - <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true"> - <auth:DisplayName>Client Request ID</auth:DisplayName> - <auth:Description>Identifier for a user session</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true"> - <auth:DisplayName>Alternate Login ID</auth:DisplayName> - <auth:Description>Alternate login ID of the user</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" Optional="true"> - <auth:DisplayName>eduPersonScopedAffiliation</auth:DisplayName> - <auth:Description>Claim för SWAMID 2015-11-18 //LL</auth:Description> - </auth:ClaimType> - <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid" Optional="true"> - <auth:DisplayName>norEduPersonNIN</auth:DisplayName> - <auth:Description>Inlagt 2016-03-22 av LL efter tips från Tomas Legat, Södertörn</auth:Description> - </auth:ClaimType> - </fed:ClaimTypesOffered> - <fed:SecurityTokenServiceEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/services/trust/2005/certificatemixed</Address> - <Metadata> - <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> - <wsx:MetadataReference> - <Address xmlns="http://www.w3.org/2005/08/addressing">https://webproxysrv.uniarts.se/adfs/services/trust/mex</Address> - </wsx:MetadataReference> - </wsx:MetadataSection> - </Metadata> - </Metadata> - </EndpointReference> - </fed:SecurityTokenServiceEndpoint> - <fed:PassiveRequestorEndpoint> - <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> - <Address>https://webproxysrv.uniarts.se/adfs/ls/</Address> - </EndpointReference> - </fed:PassiveRequestorEndpoint> - </RoleDescriptor> - <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <KeyDescriptor use="encryption"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFUDCCBDigAwIBAgIQDjYX0Tt8ykO4l5acarpnTDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNTEwMjgwMDAwMDBaFw0xODExMDExMjAwMDBaMIGQMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xKzApBgNVBAoMIlN0b2NraG9sbXMga29uc3Ruw6RybGlnYSBow7Znc2tvbGExCzAJBgNVBAsTAklUMR8wHQYDVQQDExZ3ZWJwcm94eXNydi51bmlhcnRzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph5zfUwm/ttNeSs235cO+bVcGVQN7KZ0fCNbrcdIIczu428JAWxQNtLXr1XFryearsfSCYMxTNxfL80so7f+h/wXh98GYI6l0oYKUxRBtWNPuaGPS1Zj8c8dP+rTur+n5B8Y+oi2lJZyUCpx37zsIDpnWWVmRf6AOH9a7NZ5TziA4NQKc7RhIPpGP1owtAEKUCwmxBLVdeTnKK0P76vHwKkmANRo2mpDh2KNGIWfCL92uapxZnJLnw139X4tK2+Y3e/B95VFLthmJaO39SyDg0Z5+tGbOM07O5az6Bxd0U+tyn50DgcDR+n1fXEnYKzZZ6RwXtAmfsKaxnILTxWkuQIDAQABo4IBzzCCAcswHwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFHUjEnJ9NYIsk9drv73ycdYQMcAJMCEGA1UdEQQaMBiCFndlYnByb3h5c3J2LnVuaWFydHMuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHAYQ5i9Ruevq0Md4Y5DD7HIjyXfO8rG0iuSTN6og6w7Wnpz4ZgSp/EQfTG+bItV9CoiFlIDOSDMPwYSPeZNo2LPOuCfDtGs5eQWKOBR/3SBm6I8gqkpm1WR7Qr7DjX4Tdpp+GhLmygb/95p0jVCH86PFj67LvOKq1DnVossZ+WdxbnYyEviiXSTEcDsCBMKPSFKy8732SkncX76blNFGKaFtaLYsZg4nAVn39sPOGd1EzrZBq/FYxKlteWKyJRR919W/qi15UbMUx4cvHjjWrXwoHWSatlSu9qKG68blkseUmtN/YQAQh9JyynE0Y/ovNLEs7wKi1X5O/KnSahXUg4=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="signing"> - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> - <X509Data> - <X509Certificate>MIIFUDCCBDigAwIBAgIQDjYX0Tt8ykO4l5acarpnTDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNTEwMjgwMDAwMDBaFw0xODExMDExMjAwMDBaMIGQMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xKzApBgNVBAoMIlN0b2NraG9sbXMga29uc3Ruw6RybGlnYSBow7Znc2tvbGExCzAJBgNVBAsTAklUMR8wHQYDVQQDExZ3ZWJwcm94eXNydi51bmlhcnRzLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph5zfUwm/ttNeSs235cO+bVcGVQN7KZ0fCNbrcdIIczu428JAWxQNtLXr1XFryearsfSCYMxTNxfL80so7f+h/wXh98GYI6l0oYKUxRBtWNPuaGPS1Zj8c8dP+rTur+n5B8Y+oi2lJZyUCpx37zsIDpnWWVmRf6AOH9a7NZ5TziA4NQKc7RhIPpGP1owtAEKUCwmxBLVdeTnKK0P76vHwKkmANRo2mpDh2KNGIWfCL92uapxZnJLnw139X4tK2+Y3e/B95VFLthmJaO39SyDg0Z5+tGbOM07O5az6Bxd0U+tyn50DgcDR+n1fXEnYKzZZ6RwXtAmfsKaxnILTxWkuQIDAQABo4IBzzCCAcswHwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFHUjEnJ9NYIsk9drv73ycdYQMcAJMCEGA1UdEQQaMBiCFndlYnByb3h5c3J2LnVuaWFydHMuc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHAYQ5i9Ruevq0Md4Y5DD7HIjyXfO8rG0iuSTN6og6w7Wnpz4ZgSp/EQfTG+bItV9CoiFlIDOSDMPwYSPeZNo2LPOuCfDtGs5eQWKOBR/3SBm6I8gqkpm1WR7Qr7DjX4Tdpp+GhLmygb/95p0jVCH86PFj67LvOKq1DnVossZ+WdxbnYyEviiXSTEcDsCBMKPSFKy8732SkncX76blNFGKaFtaLYsZg4nAVn39sPOGd1EzrZBq/FYxKlteWKyJRR919W/qi15UbMUx4cvHjjWrXwoHWSatlSu9qKG68blkseUmtN/YQAQh9JyynE0Y/ovNLEs7wKi1X5O/KnSahXUg4=</X509Certificate> - </X509Data> - </KeyInfo> - </KeyDescriptor> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://webproxysrv.uniarts.se/adfs/ls/"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://webproxysrv.uniarts.se/adfs/ls/"/> - <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://webproxysrv.uniarts.se/adfs/ls/" index="0" isDefault="true"/> - <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://webproxysrv.uniarts.se/adfs/ls/" index="1"/> - </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <Extensions> <shibmd:Scope xmlns="" regexp="false">uniarts.se</shibmd:Scope> @@ -660,72 +34,6 @@ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://webproxysrv.uniarts.se/adfs/ls/"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://webproxysrv.uniarts.se/adfs/ls/"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2013/11/alternateloginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Alternate Login ID"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonScopedAffiliation"/> - <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="norEduPersonNIN"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="sv">Stockholms konstnärliga högskola</OrganizationName> diff --git a/swamid-2.0/www.itslearning.com-integrations-samlmetadata-saml2v2-extensions-1.xml b/swamid-2.0/www.itslearning.com-integrations-samlmetadata-saml2v2-extensions-1.xml new file mode 100644 index 00000000..17aadd9d --- /dev/null +++ b/swamid-2.0/www.itslearning.com-integrations-samlmetadata-saml2v2-extensions-1.xml @@ -0,0 +1,134 @@ +<?xml version="1.0" encoding="UTF-8"?> +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://www.itslearning.com/integrations/samlmetadata/saml2v2/extensions/1"> + <Extensions> + <attr:EntityAttributes xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/eu-adequate-protection</samla:AttributeValue> + </samla:Attribute> + </attr:EntityAttributes> + </Extensions> + <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <Extensions> + <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> + <mdui:DisplayName xml:lang="en">itslearning</mdui:DisplayName> + <mdui:DisplayName xml:lang="sv">itslearning</mdui:DisplayName> + <mdui:Description xml:lang="en">itslearning is a cloud-based LMS that connects people with passions, ideas, and each other.</mdui:Description> + <mdui:Description xml:lang="sv">itslearning is a cloud-based LMS that connects people with passions, ideas, and each other.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://itslearning.com/global/higher-education/lms-overview/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://itslearning.com/global/higher-education/lms-overview/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://itslearning.com/global/privacy-policy/</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://itslearning.com/global/privacy-policy/</mdui:PrivacyStatementURL> + </mdui:UIInfo> + </Extensions> + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIHlTCCBn2gAwIBAgIQP+NA0KNpKn1K1cqIg6opAjANBgkqhkiG9w0BAQsFADCB +ljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNV +BAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl +cnZlciBDQTAeFw0xODA1MTYwMDAwMDBaFw0yMDA3MTIyMzU5NTlaMIH5MQswCQYD +VQQGEwJOTzENMAsGA1UEERMENTA1ODESMBAGA1UECBMJSG9yZGFsYW5kMQ8wDQYD +VQQHEwZCZXJnZW4xGTAXBgNVBAkTEFNvbGhlaW1zZ2F0ZW4gN0QxFzAVBgNVBAoT +Dkl0c2xlYXJuaW5nIEFTMRQwEgYDVQQLEwtFbmdpbmVlcmluZzE0MDIGA1UECxMr +SXNzdWVkIHRocm91Z2ggSXRzbGVhcm5pbmcgQVMgRS1QS0kgTWFuYWdlcjEXMBUG +A1UECxMOSW5zdGFudFNTTCBQcm8xHTAbBgNVBAMTFGF1dGguaXRzbGVhcm5pbmcu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL3Ce3rHV+lFOBev +YHDvE35mN548WlVj5EZ59qSAdi43mvb1VSk0cQOyXkFs3AlvhGwjDhlD8xHZlY95 +WXjUjiyTsl3jfNOpfBZXW19tElKSpLP/3sKkPCOm8LE+mjH0Jut+BFkvsVMHm5CU +1uoUjtRwqPc9GWQhbP7aNO6OvMTi/wDixuNr1y4Sxt8ssKJXwApW27bMlglxg6zo +uq9V/L96e5OjupiIa7ijUT/WYPyn4JIGwImkZF6IMQBj3YlV8AnshQUwdFsF1NLJ +SxzklleuZrSbsdNI8xMHAe/XtDJnU8l/OvJzOFxHlRLyE5wA/5PPsZSN0N1zDqiX +A8ScZQIDAQABo4IDeDCCA3QwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtC +wSQwHQYDVR0OBBYEFNaycWFeuFE1hKeVCODgJ4n9BU3PMA4GA1UdDwEB/wQEAwIF +oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQ +BgNVHSAESTBHMDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczov +L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2g +S4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9u +VmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUG +CCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdh +bml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB +hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wOQYDVR0RBDIwMIIUYXV0aC5pdHNs +ZWFybmluZy5jb22CGHd3dy5hdXRoLml0c2xlYXJuaW5nLmNvbTCCAXwGCisGAQQB +1nkCBAIEggFsBIIBaAFmAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo +/csAAAFjaTlcbwAABAMARjBEAiBRV9veyNwZtaj3ZexTcKre6ym6JxlFqZRkGWFq +e3/vfAIgGxI4b/Eti7nqIcZvITs5Wc8533Hr0neltIT2yoO8c6AAdgBep3P531bA +57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAWNpOVy1AAAEAwBHMEUCIQDorbHP +ACo344R70Nsqj/yR3mFD9rMMFtHk/rh05NZeSgIgSL1WkhcxSGGS/xa/50O/MmCw +4+pdNbDl3pS7JHljb4kAdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZ +EwAAAWNpOVyrAAAEAwBGMEQCIF5BrhHAPwfg0OwGXoZtQXzyxnpbGUI3P1Ymw/x0 +3YTTAiBTljVCbwKXsQwIxfyXdtQd+bqbfjOrNdNvZuxeP53tUTANBgkqhkiG9w0B +AQsFAAOCAQEAQnj3qAwRvND9Yax6CbVIafBLrM5fjHisBnFtwenCrUoqklmp5dQR +fDAD1Xtwt/Wkq5r3bIib/5G1zn6k4c0dCVV9/n2L2/QmWgzpU+c2NtuzohWSw3wX +wUcb5n/1paq94ghOBtKgGlzXPwjsCZMkeUTDFjKixcDMjH/FIVbYqVYCHcOWGKuH +MyIHFtqoK7v6gY3RAZxSuuFZw7O4BZ9wibfGKY0VLxW3HE0a6Fz9EpG2fDKBvHKt +Zit0Oo8ffXXp4SorTdYx5FYi465WzExrKcKOvfxgsCoCpLENi5R4RSDZfMNLe3lN +BZ3nmbrlzGnKqIX5ScicLNLtdVyxUJXoAA==</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="encryption"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIHlTCCBn2gAwIBAgIQP+NA0KNpKn1K1cqIg6opAjANBgkqhkiG9w0BAQsFADCB +ljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNV +BAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl +cnZlciBDQTAeFw0xODA1MTYwMDAwMDBaFw0yMDA3MTIyMzU5NTlaMIH5MQswCQYD +VQQGEwJOTzENMAsGA1UEERMENTA1ODESMBAGA1UECBMJSG9yZGFsYW5kMQ8wDQYD +VQQHEwZCZXJnZW4xGTAXBgNVBAkTEFNvbGhlaW1zZ2F0ZW4gN0QxFzAVBgNVBAoT +Dkl0c2xlYXJuaW5nIEFTMRQwEgYDVQQLEwtFbmdpbmVlcmluZzE0MDIGA1UECxMr +SXNzdWVkIHRocm91Z2ggSXRzbGVhcm5pbmcgQVMgRS1QS0kgTWFuYWdlcjEXMBUG +A1UECxMOSW5zdGFudFNTTCBQcm8xHTAbBgNVBAMTFGF1dGguaXRzbGVhcm5pbmcu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL3Ce3rHV+lFOBev +YHDvE35mN548WlVj5EZ59qSAdi43mvb1VSk0cQOyXkFs3AlvhGwjDhlD8xHZlY95 +WXjUjiyTsl3jfNOpfBZXW19tElKSpLP/3sKkPCOm8LE+mjH0Jut+BFkvsVMHm5CU +1uoUjtRwqPc9GWQhbP7aNO6OvMTi/wDixuNr1y4Sxt8ssKJXwApW27bMlglxg6zo +uq9V/L96e5OjupiIa7ijUT/WYPyn4JIGwImkZF6IMQBj3YlV8AnshQUwdFsF1NLJ +SxzklleuZrSbsdNI8xMHAe/XtDJnU8l/OvJzOFxHlRLyE5wA/5PPsZSN0N1zDqiX +A8ScZQIDAQABo4IDeDCCA3QwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtC +wSQwHQYDVR0OBBYEFNaycWFeuFE1hKeVCODgJ4n9BU3PMA4GA1UdDwEB/wQEAwIF +oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQ +BgNVHSAESTBHMDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczov +L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2g +S4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9u +VmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUG +CCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdh +bml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB +hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wOQYDVR0RBDIwMIIUYXV0aC5pdHNs +ZWFybmluZy5jb22CGHd3dy5hdXRoLml0c2xlYXJuaW5nLmNvbTCCAXwGCisGAQQB +1nkCBAIEggFsBIIBaAFmAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo +/csAAAFjaTlcbwAABAMARjBEAiBRV9veyNwZtaj3ZexTcKre6ym6JxlFqZRkGWFq +e3/vfAIgGxI4b/Eti7nqIcZvITs5Wc8533Hr0neltIT2yoO8c6AAdgBep3P531bA +57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAWNpOVy1AAAEAwBHMEUCIQDorbHP +ACo344R70Nsqj/yR3mFD9rMMFtHk/rh05NZeSgIgSL1WkhcxSGGS/xa/50O/MmCw +4+pdNbDl3pS7JHljb4kAdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZ +EwAAAWNpOVyrAAAEAwBGMEQCIF5BrhHAPwfg0OwGXoZtQXzyxnpbGUI3P1Ymw/x0 +3YTTAiBTljVCbwKXsQwIxfyXdtQd+bqbfjOrNdNvZuxeP53tUTANBgkqhkiG9w0B +AQsFAAOCAQEAQnj3qAwRvND9Yax6CbVIafBLrM5fjHisBnFtwenCrUoqklmp5dQR +fDAD1Xtwt/Wkq5r3bIib/5G1zn6k4c0dCVV9/n2L2/QmWgzpU+c2NtuzohWSw3wX +wUcb5n/1paq94ghOBtKgGlzXPwjsCZMkeUTDFjKixcDMjH/FIVbYqVYCHcOWGKuH +MyIHFtqoK7v6gY3RAZxSuuFZw7O4BZ9wibfGKY0VLxW3HE0a6Fz9EpG2fDKBvHKt +Zit0Oo8ffXXp4SorTdYx5FYi465WzExrKcKOvfxgsCoCpLENi5R4RSDZfMNLe3lN +BZ3nmbrlzGnKqIX5ScicLNLtdVyxUJXoAA==</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + </KeyDescriptor> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.itslearning.com/elogin/SingleLogoutHandler.aspx"/> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.itslearning.com/eLogin/AssertionConsumerService.aspx"/> + </SPSSODescriptor> + <Organization> + <OrganizationName xml:lang="en">itslearning</OrganizationName> + <OrganizationDisplayName xml:lang="en">itslearning</OrganizationDisplayName> + <OrganizationURL xml:lang="en">http://itslearning.com</OrganizationURL> + </Organization> + <ContactPerson xml:lang="en" contactType="technical"> + <EmailAddress>support@itslearning.com</EmailAddress> + </ContactPerson> + <ContactPerson xml:lang="en" contactType="support"> + <EmailAddress>support@itslearning.com</EmailAddress> + </ContactPerson> +</EntityDescriptor> diff --git a/swamid-2.0/www.mediafora.net-simplesaml-module.php-saml-sp-metadata.php-media-network-sp.xml b/swamid-2.0/www.mediafora.net-simplesaml-module.php-saml-sp-metadata.php-media-network-sp.xml index 31b13c35..ef7edd32 100644 --- a/swamid-2.0/www.mediafora.net-simplesaml-module.php-saml-sp-metadata.php-media-network-sp.xml +++ b/swamid-2.0/www.mediafora.net-simplesaml-module.php-saml-sp-metadata.php-media-network-sp.xml @@ -48,6 +48,11 @@ <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> </md:AttributeConsumingService> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">Danish e-Infrastructure Cooperation</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">Danish e-Infrastructure Cooperation (DeIC)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://www.deic.dk</md:OrganizationURL> + </md:Organization> <md:ContactPerson contactType="technical"> <md:GivenName>Administrator</md:GivenName> <md:EmailAddress>mailto:netdrift@deic.dk</md:EmailAddress> diff --git a/swamid-2.0/www.scalable-learning.com.xml b/swamid-2.0/www.scalable-learning.com.xml index f84682bf..41be2b69 100644 --- a/swamid-2.0/www.scalable-learning.com.xml +++ b/swamid-2.0/www.scalable-learning.com.xml @@ -27,25 +27,25 @@ <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> - MIIDjDCCAnQCCQDC601Yku4SKjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC - U0UxEjAQBgNVBAgMCVNUT0NLSE9MTTESMBAGA1UEBwwJU1RPQ0tIT0xNMRowGAYD - VQQKDBFTQ0FMQUJMRSBMRUFSTklORzEQMA4GA1UECwwHc2NhbGVhcjEiMCAGA1UE - AwwZd3d3LnNjYWxhYmxlLWxlYXJuaW5nLmNvbTAeFw0xNzA5MjcwODI0MjVaFw0x - ODA5MjcwODI0MjVaMIGHMQswCQYDVQQGEwJTRTESMBAGA1UECAwJU1RPQ0tIT0xN - MRIwEAYDVQQHDAlTVE9DS0hPTE0xGjAYBgNVBAoMEVNDQUxBQkxFIExFQVJOSU5H - MRAwDgYDVQQLDAdzY2FsZWFyMSIwIAYDVQQDDBl3d3cuc2NhbGFibGUtbGVhcm5p - bmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAut3wWgrigP2C - L8zUlER/YfTtQCvExXxCBRLtP9pxHb4q3a+PkJvy+xUD4TZhtLu5rdMqXvSfrCCC - K6FO+MoLmVu7BzANl2RW37FUtkc2oyDD79hVwyZkcb3VSbYe3v4E5wwyEr40EZuY - VK8VvGXZWCj1jw3wWfqU8Y683luDvRq7B7dlRDkzV5NfuOhk0Ghq3WoqPX//1+TE - hWrFXJw/t/KVIatePcOFUj2q8+fvAfVgJ/RS7NKCqbmcm7dYR38QptWXpK22FDEh - 9QNFFXLahLK/g52rMdonlL646TgXfHcYdK3h9uHkh0d2cTaNFUisho/RQ706GwOV - rrmfMjKXrQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQApgL+f6XwcQ13PWxKJemFK - QqIZQbsADqK+KOlpOWFO8aNbvDd5WsFgvQEbKwbPeGIfp7Nb0/5gtabWBwOs0dA3 - 3llHJeGzWH5NMr0R/2+N8z2XY50Z8a5w38vSvgHwFgJh1HEsFhx5zFOsHjSYI3PD - +vyDMuhCPe1UhoTeffBmmH97Oe1DBVlzDwTD9ZdcAaiGB9XbaLP6gDFuBjU/GBd3 - Ngbl+ZAuTcGpNzUYfuNC9MXHcn3/SKyl5NnL4wEe1j9sL0JnDYwvSTlnovqOVHY4 - nCMfHlNippwYPVOHUqOxAnKoInWIxsKiyQkFsjG/sbIwCc7rTwpdn9jtTAnvZkPn +MIIDjDCCAnQCCQCh7bSsfobdQTANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC +U0UxEjAQBgNVBAgMCVNUT0NLSE9MTTESMBAGA1UEBwwJU1RPQ0tIT0xNMRowGAYD +VQQKDBFTQ0FMQUJMRSBMRUFSTklORzEQMA4GA1UECwwHc2NhbGVhcjEiMCAGA1UE +AwwZd3d3LnNjYWxhYmxlLWxlYXJuaW5nLmNvbTAeFw0xODA2MjAwOTM4NTRaFw0y +ODA2MTcwOTM4NTRaMIGHMQswCQYDVQQGEwJTRTESMBAGA1UECAwJU1RPQ0tIT0xN +MRIwEAYDVQQHDAlTVE9DS0hPTE0xGjAYBgNVBAoMEVNDQUxBQkxFIExFQVJOSU5H +MRAwDgYDVQQLDAdzY2FsZWFyMSIwIAYDVQQDDBl3d3cuc2NhbGFibGUtbGVhcm5p +bmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAut3wWgrigP2C +L8zUlER/YfTtQCvExXxCBRLtP9pxHb4q3a+PkJvy+xUD4TZhtLu5rdMqXvSfrCCC +K6FO+MoLmVu7BzANl2RW37FUtkc2oyDD79hVwyZkcb3VSbYe3v4E5wwyEr40EZuY +VK8VvGXZWCj1jw3wWfqU8Y683luDvRq7B7dlRDkzV5NfuOhk0Ghq3WoqPX//1+TE +hWrFXJw/t/KVIatePcOFUj2q8+fvAfVgJ/RS7NKCqbmcm7dYR38QptWXpK22FDEh +9QNFFXLahLK/g52rMdonlL646TgXfHcYdK3h9uHkh0d2cTaNFUisho/RQ706GwOV +rrmfMjKXrQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQC2ZNlfR4tmpPP+IKSy+vyw +KHJPktZ2K7MeOyNTTqALvehn6ocwAXYqZC3WzF8XRfylBDw0B8p+0X5n0zHur4SW +k2wQZYqucXlSI4ieM09zjbMZ6L9KCmWKRgRSXrFKZBBIu2mKJOmNczjnMJA6Sv+H +MPc3VCi4C5rN7EetQsGuorktolOdQFZRbL0loG2Z8/CAbW05/bZOLJ9BBoaw1iZn +9o6ziZGDvSVeC5Fb//N8RvyNUtBJ503MoM2uHJnLUZSpc0tHqr30AXAuC7TYDqWU +0tJT075eMQgPc8Mbxt8zlCui3nWZdWQ+3ynJsGuNl8yy1GX1xxN6bXdyOPHCpEY9 </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> diff --git a/swamid-idp-2.0.mxml b/swamid-idp-2.0.mxml index ccc9add9..0c1d77d8 100644 --- a/swamid-idp-2.0.mxml +++ b/swamid-idp-2.0.mxml @@ -7,9 +7,9 @@ <!-- Opt-out from eduGAIN IDP:s --> <xi:include href="swamid-2.0/shibboleth.uhr.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/idp.qa.lnu.se-idp-shibboleth.xml"/> - <xi:include href="swamid-2.0/adfs01.fhs.se-adfs-services-trust.xml"/> <xi:include href="swamid-2.0/idp.antagning.se-aws-idp.xml"/> <xi:include href="swamid-2.0/adfs2.gu.se-adfs-services-trust.xml"/> <xi:include href="swamid-2.0/weblogin.smhi.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/idp.umu.se-saml2-idp-metadata.php.xml"/> + <xi:include href="swamid-2.0/siths-idp.sunet.se-saml2-idp-metadata.php.xml"/> </md:EntitiesDescriptor> diff --git a/swamid-sp-2.0.mxml b/swamid-sp-2.0.mxml index 68ca4f80..cce14ad2 100644 --- a/swamid-sp-2.0.mxml +++ b/swamid-sp-2.0.mxml @@ -626,7 +626,6 @@ <xi:include href="swamid-2.0/pingpong.hj.se-Shibboleth.sso-Metadata.xml"/> <xi:include href="swamid-2.0/redcap.ki.se-shibboleth.xml"/> <xi:include href="swamid-2.0/redcap.tst.ki.se-shibboleth.xml"/> - <xi:include href="swamid-2.0/itslearning.com.xml"/> <xi:include href="swamid-2.0/test.itslearning.com.xml"/> <xi:include href="swamid-2.0/test-rkh.pingpong.net-Shibboleth.sso-Metadata.xml"/> <xi:include href="swamid-2.0/diskus-demo.ub.uu.se-saml-metadata.xml"/> @@ -659,7 +658,6 @@ <xi:include href="swamid-2.0/administrationsverktyg.umu.se-shibboleth.xml"/> <xi:include href="swamid-2.0/administrationsverktyg.test.umu.se-shibboleth.xml"/> <xi:include href="swamid-2.0/nfg.su.se-shibboleth.sso.xml"/> - <xi:include href="swamid-2.0/test-lubcat.lub.lu.se-shibboleth.xml"/> <xi:include href="swamid-2.0/studium.uu.se-studium.xml"/> <xi:include href="swamid-2.0/valda.uhr.se-shibboleth.xml"/> <xi:include href="swamid-2.0/sunet.my.salesforce.com.xml"/> @@ -708,4 +706,20 @@ <xi:include href="swamid-2.0/luplay.education.lu.se-shibboleth.xml"/> <xi:include href="swamid-2.0/play.kth.se-external-kaltura.nordu.net.xml"/> <xi:include href="swamid-2.0/hvplay.hv.se.xml"/> + <xi:include href="swamid-2.0/swamid-2.grandid.com-module.php-saml-sp-metadata.php-gu-swamid-draftit.xml"/> + <xi:include href="swamid-2.0/play.mau.se.xml"/> + <xi:include href="swamid-2.0/kauplay.kau.se.xml"/> + <xi:include href="swamid-2.0/play.ju.se.xml"/> + <xi:include href="swamid-2.0/indico.test.uu.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/ra.se-leg.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/hkrplay.hkr.se.xml"/> + <xi:include href="swamid-2.0/app.sh.se.xml"/> + <xi:include href="swamid-2.0/lubcat.lub.lu.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/play.shh.se.xml"/> + <xi:include href="swamid-2.0/www.itslearning.com-integrations-samlmetadata-saml2v2-extensions-1.xml"/> + <xi:include href="swamid-2.0/337-mediaspace.kaltura.nordu.net.xml"/> + <xi:include href="swamid-2.0/medlem.lintek.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml"/> + <xi:include href="swamid-2.0/medlem.stuff.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml"/> + <xi:include href="swamid-2.0/medlem.consensus.liu.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml"/> + <xi:include href="swamid-2.0/medlem.gotastudentkar.se-saml-simplesamlwww-module.php-saml-sp-metadata.php-ageramedlem.xml"/> </md:EntitiesDescriptor> diff --git a/swamid-testing-idp-1.0.mxml b/swamid-testing-idp-1.0.mxml index e6873af5..a950b1c7 100644 --- a/swamid-testing-idp-1.0.mxml +++ b/swamid-testing-idp-1.0.mxml @@ -18,15 +18,12 @@ <xi:include href="swamid-2.0/idp-test.nordu.net-simplesaml-saml2-idp-metadata.php.xml"/> <xi:include href="swamid-2.0/idp2-test.slu.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/idp2.test.umu.se-saml2-idp-metadata.php.xml"/> - <xi:include href="swamid-2.0/idp-fre-1.eduid.se-idp.xml"/> <xi:include href="swamid-2.0/selfservice.test.hb.se-shibboleth.xml"/> <xi:include href="swamid-2.0/ladok3.its.umu.se-user-idp.xml"/> <xi:include href="swamid-2.0/idp.esh.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/kitstidp01.tst.ki.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/swamid2.shh.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/shibboleth.umu.se-test.xml"/> - <xi:include href="swamid-2.0/pilot.idp.eduid.se-idp.xml"/> - <xi:include href="swamid-2.0/pilot.idp.eduid.se-idp.xml"/> <xi:include href="swamid-2.0/idp-test.suni.se-adfs-services-trust.xml"/> <xi:include href="swamid-2.0/demo.weblogin.uu.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/idpsimplesaml.irf.se-simplesaml-saml2-idp-metadata.php.xml"/> @@ -55,7 +52,10 @@ <xi:include href="swamid-2.0/idp.hv.se-idp-shibboleth.xml"/> <xi:include href="swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml"/> <xi:include href="swamid-2.0/adfs.tad.hv.se-adfs-services-trust.xml"/> - <xi:include href="swamid-2.0/siths-idp.sunet.se-saml2-idp-metadata.php.xml"/> <xi:include href="swamid-2.0/login1.fhs.se-adfs-services-trust.xml"/> <xi:include href="swamid-2.0/idp.dev.eduid.se-idp.xml.xml"/> + <xi:include href="swamid-2.0/testidpv3.lu.se-idp-shibboleth.xml"/> + <xi:include href="swamid-2.0/idp-test.it.su.se.xml"/> + <xi:include href="swamid-2.0/adfs.test.umu.se-adfs-services-trust.xml"/> + <xi:include href="swamid-2.0/tsidp1.test.bth.se-idp-shibboleth.xml"/> </EntitiesDescriptor> diff --git a/swamid-testing-sp-1.0.mxml b/swamid-testing-sp-1.0.mxml index 0ddef7fe..d3a9091c 100644 --- a/swamid-testing-sp-1.0.mxml +++ b/swamid-testing-sp-1.0.mxml @@ -46,5 +46,4 @@ <xi:include href="swamid-2.0/sp.haikom.com-saml-kph-test.xml"/> <xi:include href="swamid-2.0/s2s.ifmsa.se-saml2-proxy_saml2_backend.xml"/> <xi:include href="swamid-2.0/uppsala-test.blackboard.com-lms.xml"/> - <xi:include href="swamid-2.0/ra.se-leg.se-shibboleth.xml"/> </EntitiesDescriptor> |