From 2262d03a2e3593100ae503133c9f8f6dea672e5e Mon Sep 17 00:00:00 2001
From: Björn Mattsson <bjorn@sunet.se>
Date: Tue, 5 Apr 2022 08:33:43 +0200
Subject: SWAMID-541, SWAMID-743 Added AL3 for LiU and eduID + fixed Makefile
 to allow AL3

---
 Makefile                                             | 4 +++-
 swamid-2.0/fs.liu.se-adfs-services-trust.xml         | 1 +
 swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml | 1 +
 swamid-2.0/idp.dev.eduid.se-idp.xml.xml              | 1 +
 swamid-2.0/login.idp.eduid.se-idp.xml.xml            | 1 +
 5 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index ce20ed07..a07c10dc 100644
--- a/Makefile
+++ b/Makefile
@@ -231,7 +231,7 @@ testEntCat:
 	@echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement"
 	@for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://www.swamid.se/assurance-requirement"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://www.swamid.se/assurance-requirement"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo "  $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true
 	@echo "Checking for wrong AttributeValue in EntityAttributes/Attribute urn:oasis:names:tc:SAML:attribute:assurance-certification"
-	@for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo "  $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true
+	@for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/assurance/al3<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo "  $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || true
 
 testValidContact:
 	@echo "Checking for valid Contact Information"
@@ -245,6 +245,8 @@ testSimpleSign:
 	@for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo "  $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done | grep . && exit 1 || exit 0
 
 testALlevel:
+	@echo "Check for IdP:s with AL3 without AL2"
+	@for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al3 $$x && ! grep -q http://www.swamid.se/policy/assurance/al2 $$x ; then echo "  $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done
 	@echo "Check for IdP:s with AL2 without AL1"
 	@for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al2 $$x && ! grep -q http://www.swamid.se/policy/assurance/al1 $$x ; then echo "  $$x" | sed 's/.*/[1;31m&[0m/' ; fi ; done
 
diff --git a/swamid-2.0/fs.liu.se-adfs-services-trust.xml b/swamid-2.0/fs.liu.se-adfs-services-trust.xml
index 396cfe7d..28fdce4a 100644
--- a/swamid-2.0/fs.liu.se-adfs-services-trust.xml
+++ b/swamid-2.0/fs.liu.se-adfs-services-trust.xml
@@ -8,6 +8,7 @@
       <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue>
         <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue>
+        <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue>
         <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>
       </samla:Attribute>
       <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
diff --git a/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml b/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml
index da42ca93..e1db4430 100644
--- a/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml
+++ b/swamid-2.0/fs.test.ad.liu.se-adfs-services-trust.xml
@@ -8,6 +8,7 @@
       <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue>
         <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue>
+        <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue>
         <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>
       </samla:Attribute>
       <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
diff --git a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml
index cef2d597..ac5b8dfc 100644
--- a/swamid-2.0/idp.dev.eduid.se-idp.xml.xml
+++ b/swamid-2.0/idp.dev.eduid.se-idp.xml.xml
@@ -8,6 +8,7 @@
       <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <saml:AttributeValue>http://www.swamid.se/policy/assurance/al1</saml:AttributeValue>
         <saml:AttributeValue>http://www.swamid.se/policy/assurance/al2</saml:AttributeValue>
+        <saml:AttributeValue>http://www.swamid.se/policy/assurance/al3</saml:AttributeValue>
         <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</saml:AttributeValue>
         <saml:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</saml:AttributeValue>
       </saml:Attribute>
diff --git a/swamid-2.0/login.idp.eduid.se-idp.xml.xml b/swamid-2.0/login.idp.eduid.se-idp.xml.xml
index 27a40240..a7cc4d79 100644
--- a/swamid-2.0/login.idp.eduid.se-idp.xml.xml
+++ b/swamid-2.0/login.idp.eduid.se-idp.xml.xml
@@ -8,6 +8,7 @@
       <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <samla:AttributeValue>http://www.swamid.se/policy/assurance/al1</samla:AttributeValue>
         <samla:AttributeValue>http://www.swamid.se/policy/assurance/al2</samla:AttributeValue>
+        <samla:AttributeValue>http://www.swamid.se/policy/assurance/al3</samla:AttributeValue>
         <samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa</samla:AttributeValue>
         <samla:AttributeValue>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi</samla:AttributeValue>
         <samla:AttributeValue>https://refeds.org/sirtfi</samla:AttributeValue>
-- 
cgit v1.2.3