diff options
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | swamid-2.0/anonymous.release-check.swamid.se-shibboleth.xml | 146 | ||||
-rw-r--r-- | swamid-2.0/assurance.release-check.swamid.se-shibboleth.xml | 152 | ||||
-rw-r--r-- | swamid-2.0/cocov1-1.release-check.swamid.se-shibboleth.xml | 165 | ||||
-rw-r--r-- | swamid-2.0/cocov1-2.release-check.swamid.se-shibboleth.xml | 163 | ||||
-rw-r--r-- | swamid-2.0/cocov1-3.release-check.swamid.se-shibboleth.xml | 159 | ||||
-rw-r--r-- | swamid-2.0/esi.release-check.swamid.se-shibboleth.xml | 146 | ||||
-rw-r--r-- | swamid-2.0/mfa.release-check.swamid.se-shibboleth.xml | 152 | ||||
-rw-r--r-- | swamid-2.0/noec.release-check.swamid.se-shibboleth.xml | 141 | ||||
-rw-r--r-- | swamid-2.0/personalized.release-check.swamid.se-shibboleth.xml | 146 | ||||
-rw-r--r-- | swamid-2.0/rands.release-check.swamid.se-shibboleth.xml | 146 | ||||
-rw-r--r-- | swamid-sp-2.0.mxml | 11 |
12 files changed, 1530 insertions, 3 deletions
@@ -225,7 +225,7 @@ testEntCat: @echo "Checking for wrong Name in EntityAttributes/Attribute" @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "Attribute "` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute' - 2>/dev/null | grep "Attribute " | sed 's/.* Name="//' | sed -e 's/ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"//' -e 's/">//' | egrep -v "http://macedir.org/entity-category|http://macedir.org/entity-category-support|urn:oasis:names:tc:SAML:attribute:assurance-certification|urn:oasis:names:tc:SAML:profiles:subject-id:req|http://www.swamid.se/assurance-requirement" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category" - @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<|>http://www.swamid.se/category/research-and-education<|>http://www.swamid.se/category/hei-service<|>http://www.swamid.se/category/nren-service<|>http://www.swamid.se/category/sfs-1993-1153<|>http://www.swamid.se/category/eu-adequate-protection<|>http://refeds.org/category/hide-from-discovery<|>http://id.elegnamnden.se/st/1.0/sigservice<|>http://id.elegnamnden.se/ec/1.0/loa3-pnr<|>http://id.elegnamnden.se/ec/1.0/eidas-naturalperson<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true + @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<|>http://www.swamid.se/category/research-and-education<|>http://www.swamid.se/category/hei-service<|>http://www.swamid.se/category/nren-service<|>http://www.swamid.se/category/sfs-1993-1153<|>http://www.swamid.se/category/eu-adequate-protection<|>http://refeds.org/category/hide-from-discovery<|>http://id.elegnamnden.se/st/1.0/sigservice<|>http://id.elegnamnden.se/ec/1.0/loa3-pnr<|>http://id.elegnamnden.se/ec/1.0/eidas-naturalperson<|>https://refeds.org/category/anonymous<|>https://myacademicid.org/entity-categories/esi<|>https://refeds.org/category/personalized<|>https://refeds.org/category/pseudonymous<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category-support" @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category-support"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category-support"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<" ; then echo " $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement" @@ -276,9 +276,9 @@ testRegistrationAuthority: done | grep . && exit 1 || exit 0 #test: syntaxtest testMDUI testOrgData testEntCat testSimpleSign testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority -test: syntaxtest testMDUI testEntCat testSimpleSign testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority +test: syntaxtest testMDUI testEntCat testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority -test2: $(SWAMIDXML) schematest testEntCat testSimpleSign testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority +test2: $(SWAMIDXML) schematest testEntCat testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority #test2: $(SWAMIDXML) .time/%.time: swamid-2.0/%.xml diff --git a/swamid-2.0/anonymous.release-check.swamid.se-shibboleth.xml b/swamid-2.0/anonymous.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..11a73bab --- /dev/null +++ b/swamid-2.0/anonymous.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://anonymous.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = https://refeds.org/category/anonymous--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>https://refeds.org/category/anonymous</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - REFEDS Anonymous</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - REFEDS Anonymous</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://anonymous.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/assurance.release-check.swamid.se-shibboleth.xml b/swamid-2.0/assurance.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..706cff2d --- /dev/null +++ b/swamid-2.0/assurance.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,152 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://assurance.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = Code of Conduct from SWAMID SP, RAF tests--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - REFEDS Assurance Framework</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - REFEDS Assurance Framework</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://assurance.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AttributeConsumingService index="1"> + <md:ServiceName xml:lang="en">Release-check for SWAMID</md:ServiceName> + <md:ServiceName xml:lang="sv">Release-check for SWAMID</md:ServiceName> + <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonAssurance" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/cocov1-1.release-check.swamid.se-shibboleth.xml b/swamid-2.0/cocov1-1.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..8a281c96 --- /dev/null +++ b/swamid-2.0/cocov1-1.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,165 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://cocov1-1.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = Code of Conduct from SWAMID SP, part 1--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - GÉANT CoCo del 1</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - GÉANT CoCo part 1</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://cocov1-1.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AttributeConsumingService index="1"> + <md:ServiceName xml:lang="en">Release-check for SWAMID</md:ServiceName> + <md:ServiceName xml:lang="sv">Release-check for SWAMID</md:ServiceName> + <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonUniqueID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonAssurance" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonOrcid" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="personalIdentityNumber" Name="urn:oid:1.2.752.29.4.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="schacHomeOrganizationType" Name="urn:oid:1.3.6.1.4.1.25178.1.2.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/cocov1-2.release-check.swamid.se-shibboleth.xml b/swamid-2.0/cocov1-2.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..255cb160 --- /dev/null +++ b/swamid-2.0/cocov1-2.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,163 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://cocov1-2.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = Code of Conduct from SWAMID SP, part 2--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - GÉANT CoCo del 2</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - GÉANT CoCo part 2</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://cocov1-2.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AttributeConsumingService index="1"> + <md:ServiceName xml:lang="en">Release-check for SWAMID</md:ServiceName> + <md:ServiceName xml:lang="sv">Release-check for SWAMID</md:ServiceName> + <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonUniqueID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="o" Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="norEduOrgAcronym" Name="urn:oid:1.3.6.1.4.1.2428.90.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="c" Name="urn:oid:2.5.4.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="co" Name="urn:oid:0.9.2342.19200300.100.1.43" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="schacHomeOrganization" Name="urn:oid:1.3.6.1.4.1.25178.1.2.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/cocov1-3.release-check.swamid.se-shibboleth.xml b/swamid-2.0/cocov1-3.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..9238e2ab --- /dev/null +++ b/swamid-2.0/cocov1-3.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,159 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://cocov1-3.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = Code of Conduct from non SWAMID SP--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue> + </saml:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - GÉANT CoCo del 3</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - GÉANT CoCo part 3</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://cocov1-3.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AttributeConsumingService index="1"> + <md:ServiceName xml:lang="en">Release-check for SWAMID</md:ServiceName> + <md:ServiceName xml:lang="sv">Release-check for SWAMID</md:ServiceName> + <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="personalIdentityNumber" Name="urn:oid:1.2.752.29.4.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/esi.release-check.swamid.se-shibboleth.xml b/swamid-2.0/esi.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..23611ec2 --- /dev/null +++ b/swamid-2.0/esi.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://esi.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = https://myacademicid.org/entity-categories/esi--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>https://myacademicid.org/entity-categories/esi</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - European Student Identifier</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - European Student Identifier</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://esi.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://esi.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/mfa.release-check.swamid.se-shibboleth.xml b/swamid-2.0/mfa.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..922e807b --- /dev/null +++ b/swamid-2.0/mfa.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,152 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://mfa.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = Code of Conduct from SWAMID SP, MFA tests--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - REFEDS Assurance Framework</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - REFEDS Assurance Framework</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://mfa.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AttributeConsumingService index="1"> + <md:ServiceName xml:lang="en">Release-check for SWAMID</md:ServiceName> + <md:ServiceName xml:lang="sv">Release-check for SWAMID</md:ServiceName> + <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="eduPersonAssurance" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/noec.release-check.swamid.se-shibboleth.xml b/swamid-2.0/noec.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..f08fa928 --- /dev/null +++ b/swamid-2.0/noec.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,141 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://noec.release-check.swamid.se/shibboleth"> + <!-- Test with SP without any EC --> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - No EC</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - No EC</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://noec.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://noec.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/personalized.release-check.swamid.se-shibboleth.xml b/swamid-2.0/personalized.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..9ab09971 --- /dev/null +++ b/swamid-2.0/personalized.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://personalized.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = https://refeds.org/category/personalized--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>https://refeds.org/category/personalized</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - REFEDS Personalized</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - REFEDS Personalized</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://personalized.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-2.0/rands.release-check.swamid.se-shibboleth.xml b/swamid-2.0/rands.release-check.swamid.se-shibboleth.xml new file mode 100644 index 00000000..6a995a49 --- /dev/null +++ b/swamid-2.0/rands.release-check.swamid.se-shibboleth.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://rands.release-check.swamid.se/shibboleth"> + <!-- Test with SP with EC = Research and Scholarship--> + <md:Extensions> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2021-10-19T15:49:00Z"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> + <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> + <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> + </samla:Attribute> + </mdattr:EntityAttributes> + </md:Extensions> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="sv">SWAMID Entity Category Release Check - REFEDS R and S</mdui:DisplayName> + <mdui:DisplayName xml:lang="en">SWAMID Entity Category Release Check - REFEDS R and S</mdui:DisplayName> + <mdui:Description xml:lang="sv">Detta är en testtjänst avsedd för systemadministratörer med identitetsutgivare registrerade i SWAMID. Tjänsten testar om identitetsutfärdaren följer SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:Description xml:lang="en">This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release.</mdui:Description> + <mdui:InformationURL xml:lang="sv">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:InformationURL xml:lang="en">https://release-check.swamid.se/</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="sv">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=sv_SE</mdui:PrivacyStatementURL> + <mdui:PrivacyStatementURL xml:lang="en">https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy?showLanguage=en_GB</mdui:PrivacyStatementURL> + <mdui:Logo height="100" width="115" xml:lang="sv">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + <mdui:Logo height="100" width="115" xml:lang="en">https://release-check.swamid.se/swamid-logo-2-100x115.png</mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUVLubTApZL2saWYLEDnANQ2IlVZwwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMVoXDTI5 +MTAxNDIwMjczMVowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAqjbqLKcx/P9wAjFXioquaT/+Xc49fEXzKKe/ +/mpulp7/PLgPGlhh7xoELq3bDG0MKr1P6rI+LGyhuUEN7GJaQL6AoYklOB6Vzss4 +Q6L599oo67mSrtIofJuVxhC1xZBUwaTXE0nBrnSWaoXRqxuBrdK9jkcb46tDLSYW +2ZLEjyi6VZKIa9GfE/VY0houKBUDbBZ6tIfGgghdN8LwP6bqt7aYM8pLzunT5Lzc +qtmTxeIXAxTv0pXtn8FEeiL7VWaVahbGftM+caZdgeSOAROfRd9bY9m8p947WLQi +95GOiVZi67Q1DPGN7RVFcqf4p/XG3JbL9gbHp2iUg+ZpiHoPceAlgJ2mLX1Dd5bg +fhhakatd4n/iGbyJ11/1DLIHs4ZnamKJmBfm3HSeKqm/NypHB3yEH9Hmb8YFiI6t ++z+xV9BPO1V4wjf4eWZ2qHoh+LTM3ACaBRGXfnhPZ9+NHXOdTw21ISRD/IT1B2wU +X5XjWPoiJEcbgtl70RE75jmtKTuJAgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUSNJ0a4YZc9dSPseR3mwnyDI+MwEwDQYJKoZIhvcN +AQELBQADggGBAEUacJEitgrF/UH670StEcRkKE0bccxzUZOy/TPRyjaJwhuFYbTZ +fbLK9JB/7QTdI0S4XNNyVIFS+v1089C33GaFzHqIdnTwlPtuaTL5V9h0ew9W8B5i +l/uyi7WM+Ij3wrm2JEbpUgLNDKRu87wl4TuCU+SqJafsC2t9z1Q8molPUh2sQ7ci +6QaLvHBSehU2sVChYonq3rlkP37KPrzHUza/ZH8U6SWRkJC8zb4jzw0i1RWZnMyT +l7TbjEQN53ES6jlX+Rj/wLFRpCURcJRcoEIrBqVMmyyM+RegscFCbSqO1PVHCDbM +lHGqMElLpJ1KSAA4y+4zfU4WbSno850PQlZ2KDEHbEsb/k7NI59D+0hUhNBfP2fc +Ccma1I451Mf1ANzrFCniqUXbre5nqNGQHuVrtk7cMUYyt4bv8rCkYQP0J6a+HYw8 +LoEDqj2cS1ZW7uhbCJrHuAkGGgBrd+l6OCiMVpqBC+AJT/zTeFHLSKXl/TuR/v1e +KK/Bciw51EZ7Ew== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:KeyName>3b2548e9acf6</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=3b2548e9acf6</ds:X509SubjectName> + <ds:X509Certificate>MIID9jCCAl6gAwIBAgIUAQvlKdIv0wTBgd8wnoQ4DMBVuv4wDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MB4XDTE5MTAxNzIwMjczMloXDTI5 +MTAxNDIwMjczMlowFzEVMBMGA1UEAxMMM2IyNTQ4ZTlhY2Y2MIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEArkGRHvmLAaHApuzIaKg9tXjyDuBBC6dtGPvf +iOCuGSO7FcfwWBmmeQ3qQdIOj++ecAfIIsArWtFmH4CX6o7EbJfKPfPCjeyLwSAP +TRLJQ0sj8FTPdVIXeKMK6KdOiLyI2cLHvVIJ2Ct63SbWuoHqMMT5BnGl5ZUYpbwm +yFcb2WkadRzfulrDy6UqsoZrXawzCmnFJtmwBuh+TbM1VWS290bDLL3raAKSl7KY +aGk7rcfe8cXAEX1Ou8nBxWe9OFoki1HytqK20Tc8vACGVqkbRA7QXtYS5uj0Ym5J +nj3BFYfkTLkElw1vLRthCjQ2/4p3R/CJQdvQ7CVLAQJYempX/r+TL/rH2OjIMS8I +wt2niE+XxfuMs9EsAUHlG4FU2smdHGdTQ6FD5INUB6OWOuFtCcHCZewkqomXh/DQ +GkHfKwuM8mExYMV9aROTY0lc73E/pPeQiOfaZQAFWnCdRtGBMzHEMRgyVyTzT0ZM +fy6M7Z7ZMSrX9AzAhwGPul5JdlI3AgMBAAGjOjA4MBcGA1UdEQQQMA6CDDNiMjU0 +OGU5YWNmNjAdBgNVHQ4EFgQUBrd0LadG54fHunxCfaqmNsUQrhowDQYJKoZIhvcN +AQELBQADggGBAJH1qvbnXW3CTfJSwt3rdK7iu7wtnTTUltTtQWZO7JNos5QEYltW +/XlvqoEk/0a7oeWjv8lQ2I3wtL3Hk93nxzjAWKavKEFKfw/12ryhgF1wRYtdmiLO +8NTV+y21z3sdGjkDzDr61dLYO2k6DRgVkEDkkC6SzV7CnxB4xQlfH7ZbUiIPLcnO +PXuUkV962ifnenos/XAICroOg8MSe8HJOzisngnbfVLrV59JCXBFkjTMVdtfj2oY +RgIJCBe+ZTO5ZyjP5SA/WA+R7/PTDJkcPnUEpXU3RrPkvxeO2i5ED+FDKn/qwTUi +CJgz70bIWAPKvqbylF2/PGxnQplF4k5MOOPxgBQi7SN76TfwCj8yGDL9jHHLyeNC +b/uFMt24uGhuR2Lj6EQSTjXr3MwyN8OI0mTMUsc4CZsWiKRUsAGZ+H9/2feChOUO +2xgD+4RpO5RQYVqnCOalXlyxlo1YvEc3KahBPwCwnXcWjdU7VJ7pcXfaQFb/uA8v +rtSd5rXgy930PQ== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://rands.release-check.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://rands.release-check.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">SWAMID</md:OrganizationName> + <md:OrganizationName xml:lang="sv">SWAMID</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Swedish Academic Identity Federation (SWAMID)</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.swamid.se</md:OrganizationURL> + <md:OrganizationURL xml:lang="sv">http://www.swamid.se</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>SWAMID Operations</md:GivenName> + <md:EmailAddress>mailto:operations@swamid.se</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/swamid-sp-2.0.mxml b/swamid-sp-2.0.mxml index 948c71b4..058c9a23 100644 --- a/swamid-sp-2.0.mxml +++ b/swamid-sp-2.0.mxml @@ -707,4 +707,15 @@ <xi:include href="swamid-2.0/drive.sunet.se-index.php-apps-user_saml-saml-metadata.xml"/> <xi:include href="swamid-2.0/su-graylog.cnaas.sunet.se.xml"/> <xi:include href="swamid-2.0/mdh-graylog.cnaas.sunet.se.xml"/> + <xi:include href="swamid-2.0/noec.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/rands.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/cocov1-1.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/cocov1-2.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/cocov1-3.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/assurance.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/esi.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/anonymous.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/personalized.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/mfa.release-check.swamid.se-shibboleth.xml"/> + <xi:include href="swamid-2.0/pseudonymous.release-check.swamid.se-shibboleth.xml"/> </md:EntitiesDescriptor> |