diff options
Diffstat (limited to 'swamid-2.0/idpv4.lu.se-idp-shibboleth.xml')
| -rw-r--r-- | swamid-2.0/idpv4.lu.se-idp-shibboleth.xml | 120 |
1 files changed, 58 insertions, 62 deletions
diff --git a/swamid-2.0/idpv4.lu.se-idp-shibboleth.xml b/swamid-2.0/idpv4.lu.se-idp-shibboleth.xml index 3c8d0514..46564a7c 100644 --- a/swamid-2.0/idpv4.lu.se-idp-shibboleth.xml +++ b/swamid-2.0/idpv4.lu.se-idp-shibboleth.xml @@ -4,23 +4,23 @@ <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2020-05-28T12:09:49Z"> <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> </mdrpi:RegistrationInfo> - <attr:EntityAttributes xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"> - <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> - <saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue> - <saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue> - <saml:AttributeValue>http://www.swamid.se/policy/assurance/al3</saml:AttributeValue> - <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</saml:AttributeValue> - <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</saml:AttributeValue> - <saml:AttributeValue>https://refeds.org/sirtfi</saml:AttributeValue> - </saml:Attribute> + <mdattr:EntityAttributes> + <samla:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</samla:AttributeValue> + <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue> + </samla:Attribute> <samla:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue> </samla:Attribute> - </attr:EntityAttributes> + </mdattr:EntityAttributes> </md:Extensions> - <IDPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0" errorURL="https://error.swamid.se/?errorurl_code=ERRORURL_CODE&errorurl_ts=ERRORURL_TS&errorurl_rp=ERRORURL_RP&errorurl_tid=ERRORURL_TID&errorurl_ctx=ERRORURL_CTX&entityid=https://idpv4.lu.se/idp/shibboleth"> - <Extensions> + <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0" errorURL="https://error.swamid.se/?errorurl_code=ERRORURL_CODE&errorurl_ts=ERRORURL_TS&errorurl_rp=ERRORURL_RP&errorurl_tid=ERRORURL_TID&errorurl_ctx=ERRORURL_CTX&entityid=https://idpv4.lu.se/idp/shibboleth"> + <md:Extensions> <shibmd:Scope regexp="false">lu.se</shibmd:Scope> <mdui:UIInfo> <mdui:DisplayName xml:lang="sv">Lunds universitet</mdui:DisplayName> @@ -41,9 +41,8 @@ <mdui:DomainHint>lth.se</mdui:DomainHint> <mdui:IPHint>130.235.0.0/16</mdui:IPHint> </mdui:DiscoHints> - </Extensions> - <!-- First signing certificate is BackChannel --> - <KeyDescriptor use="signing"> + </md:Extensions> + <md:KeyDescriptor use="signing"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> @@ -72,9 +71,8 @@ </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> - </KeyDescriptor> - <!-- Second signing certificate is FrontChannel --> - <KeyDescriptor use="signing"> + </md:KeyDescriptor> + <md:KeyDescriptor use="signing"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> @@ -103,8 +101,8 @@ </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="encryption"> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> @@ -133,21 +131,20 @@ </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> - </KeyDescriptor> - <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idpv4.lu.se:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/> - <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idpv4.lu.se:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idpv4.lu.se/idp/profile/SAML2/POST/SLO"/> - <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idpv4.lu.se/idp/profile/SAML2/Redirect/SLO"/> - <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idpv4.lu.se/idp/profile/Shibboleth/SSO"/> - <SingleSignOnService xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" req-attr:supportsRequestedAttributes="true" Location="https://idpv4.lu.se/idp/profile/SAML2/Redirect/SSO"/> - <SingleSignOnService xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" req-attr:supportsRequestedAttributes="true" Location="https://idpv4.lu.se/idp/profile/SAML2/POST/SSO"/> - </IDPSSODescriptor> - <AttributeAuthorityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol"> - <Extensions> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idpv4.lu.se:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idpv4.lu.se:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idpv4.lu.se/idp/profile/SAML2/POST/SLO"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idpv4.lu.se/idp/profile/SAML2/Redirect/SLO"/> + <md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idpv4.lu.se/idp/profile/Shibboleth/SSO"/> + <md:SingleSignOnService xmlns:ns7="urn:oasis:names:tc:SAML:protocol:ext:req-attr" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" ns7:supportsRequestedAttributes="true" Location="https://idpv4.lu.se/idp/profile/SAML2/Redirect/SSO"/> + <md:SingleSignOnService xmlns:ns7="urn:oasis:names:tc:SAML:protocol:ext:req-attr" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ns7:supportsRequestedAttributes="true" Location="https://idpv4.lu.se/idp/profile/SAML2/POST/SSO"/> + </md:IDPSSODescriptor> + <md:AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol"> + <md:Extensions> <shibmd:Scope regexp="false">lu.se</shibmd:Scope> - </Extensions> - <!-- First signing certificate is BackChannel --> - <KeyDescriptor use="signing"> + </md:Extensions> + <md:KeyDescriptor use="signing"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> @@ -176,9 +173,8 @@ </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> - </KeyDescriptor> - <!-- Second signing certificate is FrontChannel --> - <KeyDescriptor use="signing"> + </md:KeyDescriptor> + <md:KeyDescriptor use="signing"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> @@ -207,8 +203,8 @@ </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> - </KeyDescriptor> - <KeyDescriptor use="encryption"> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> @@ -237,27 +233,27 @@ </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> - </KeyDescriptor> - <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idpv4.lu.se:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> - </AttributeAuthorityDescriptor> - <Organization xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - <OrganizationName xml:lang="en">LU</OrganizationName> - <OrganizationDisplayName xml:lang="sv">Lunds universitet</OrganizationDisplayName> - <OrganizationDisplayName xml:lang="en">Lund University</OrganizationDisplayName> - <OrganizationURL xml:lang="en">http://www.lu.se/</OrganizationURL> - </Organization> - <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="administrative"> - <GivenName>Eskil</GivenName> - <SurName>Swahn</SurName> - <EmailAddress>mailto:eskil.swahn@ldc.lu.se</EmailAddress> - </ContactPerson> - <ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="support"> - <SurName>LU Servicedesk</SurName> - <EmailAddress>mailto:servicedesk@lu.se</EmailAddress> - </ContactPerson> - <ContactPerson xmlns:remd="http://refeds.org/metadata" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security"> - <GivenName>IRT Lund University</GivenName> - <EmailAddress>mailto:abuse@lu.se</EmailAddress> - <TelephoneNumber>+46462229000</TelephoneNumber> - </ContactPerson> + </md:KeyDescriptor> + <md:AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idpv4.lu.se:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> + </md:AttributeAuthorityDescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">LU</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="sv">Lunds universitet</md:OrganizationDisplayName> + <md:OrganizationDisplayName xml:lang="en">Lund University</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">http://www.lu.se/</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:GivenName>Eskil</md:GivenName> + <md:SurName>Swahn</md:SurName> + <md:EmailAddress>mailto:eskil.swahn@ldc.lu.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:SurName>LU Servicedesk</md:SurName> + <md:EmailAddress>mailto:servicedesk@lu.se</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security"> + <md:GivenName>IRT Lund University</md:GivenName> + <md:EmailAddress>mailto:abuse@lu.se</md:EmailAddress> + <md:TelephoneNumber>+46462229000</md:TelephoneNumber> + </md:ContactPerson> </md:EntityDescriptor> |