From 26efd949b9236715f0ab8329a224932d12e88ba3 Mon Sep 17 00:00:00 2001 From: Einar Lönn Date: Thu, 4 May 2017 13:15:45 +0200 Subject: (first try to) add adfs.rkh.se per SWAMIDOPS-8564 --- swamid-2.0/adfs.rkh.se-adfs-services-trust.xml | 694 +++++++++++++++++++++++++ swamid-testing-idp-1.0.mxml | 1 + 2 files changed, 695 insertions(+) create mode 100644 swamid-2.0/adfs.rkh.se-adfs-services-trust.xml diff --git a/swamid-2.0/adfs.rkh.se-adfs-services-trust.xml b/swamid-2.0/adfs.rkh.se-adfs-services-trust.xml new file mode 100644 index 00000000..e5b2b491 --- /dev/null +++ b/swamid-2.0/adfs.rkh.se-adfs-services-trust.xml @@ -0,0 +1,694 @@ + + + + + + + MIIC2DCCAcCgAwIBAgIQIegdoPWQtZdGPbrIN9PWhTANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIEVuY3J5cHRpb24gLSBhZGZzLnJraC5zZTAeFw0xNzA0MTAwNjI2NDhaFw0xODA0MTAwNjI2NDhaMCgxJjAkBgNVBAMTHUFERlMgRW5jcnlwdGlvbiAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7GIwlKPp/BZDe8B8tunujoFHS2mssmv83lbyNjU84uKXE2yna9mebF0Q0UsT+AMejqTn8ViZ8xHxrqU1CG65CUXk+8HAjcgIEJdTe/95AypQcy0cMGCGXQAUYfa2+YIXqy+rr6vv2ag/x91SFBPV+jm9p/jOFd786asSgQFyHlfxl40ANOl1EneXGC0A4T5g05MP93j1puDGQUI2HzcQ6fA8EJk7PeY6k+AhNLHf6h0Khnae67Sov0pOxQCYkG19aW6vpgxc8PZFsCo1Sie2HXaJ6bMoafRSkO1mlUzi0iYOwlAA6YzOckH8g7eI1dvbO01y/PdbYq2M7HjsTH9+QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA6GO/fQxXo9KLoAzYnTDUR7lixWJ47+Fv9Y2waWEN3n+w7xfglMFW7w8ynGeNNkZv65MF2EUBVY6DsdYhrWEDGM0d72YcOiKUmR9/2uNOw+9f9zFQp/DUanyOBHOnUZufX/AXcDZrL1LwsBZPhgcncBdG91fZ1ADBWMJ0ffwrLYVXstsYwQCDnG653SiI21DoA/SU7ee7aLK4LN/BarjtJ5pFs7uFnN03MRDYBkdPqr540rgx2yFKy0jN1oUSMx4PY0xeGtbQTosp1rzpufndHBONd9upp/UUMtXBb8VD1pEQ74fPmzAJRcI+B6r69oMKDRmJ9pWFRlQ6iaB2xUFWE + + + + + + E-Mail Address + The e-mail address of the user + + + Given Name + The given name of the user + + + Name + The unique name of the user + + + UPN + The user principal name (UPN) of the user + + + Common Name + The common name of the user + + + AD FS 1.x E-Mail Address + The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0 + + + Group + A group that the user is a member of + + + AD FS 1.x UPN + The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0 + + + Role + A role that the user has + + + Surname + The surname of the user + + + PPID + The private identifier of the user + + + Name ID + The SAML name identifier of the user + + + Authentication time stamp + Used to display the time and date that the user was authenticated + + + Authentication method + The method used to authenticate the user + + + Deny only group SID + The deny-only group SID of the user + + + Deny only primary SID + The deny-only primary SID of the user + + + Deny only primary group SID + The deny-only primary group SID of the user + + + Group SID + The group SID of the user + + + Primary group SID + The primary group SID of the user + + + Primary SID + The primary SID of the user + + + Windows account name + The domain account name of the user in the form of domain\user + + + Is Registered User + User is registered to use this device + + + Device Identifier + Identifier of the device + + + Device Registration Identifier + Identifier for Device Registration + + + Device Registration DisplayName + Display name of Device Registration + + + Device OS type + OS type of the device + + + Device OS Version + OS version of the device + + + Is Managed Device + Device is managed by a management service + + + Forwarded Client IP + IP address of the user + + + Client Application + Type of the Client Application + + + Client User Agent + Device type the client is using to access the application + + + Client IP + IP address of the client + + + Endpoint Path + Absolute Endpoint path which can be used to determine active versus passive clients + + + Proxy + DNS name of the federation server proxy that passed the request + + + Application Identifier + Identifier for the Relying Party + + + Application policies + Application policies of the certificate + + + Authority Key Identifier + The Authority Key Identifier extension of the certificate that signed an issued certificate + + + Basic Constraint + One of the basic constraints of the certificate + + + Enhanced Key Usage + Describes one of the enhanced key usages of the certificate + + + Issuer + The name of the certificate authority that issued the X.509 certificate + + + Issuer Name + The distinguished name of the certificate issuer + + + Key Usage + One of the key usages of the certificate + + + Not After + Date in local time after which a certificate is no longer valid + + + Not Before + The date in local time on which a certificate becomes valid + + + Certificate Policies + The policies under which the certificate has been issued + + + Public Key + Public Key of the certificate + + + Certificate Raw Data + The raw data of the certificate + + + Subject Alternative Name + One of the alternative names of the certificate + + + Serial Number + The serial number of a certificate + + + Signature Algorithm + The algorithm used to create the signature of a certificate + + + Subject + The subject from the certificate + + + Subject Key Identifier + Describes the subject key identifier of the certificate + + + Subject Name + The subject distinguished name from a certificate + + + V2 Template Name + The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific. + + + V1 Template Name + The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific. + + + Thumbprint + Thumbprint of the certificate + + + X.509 Version + The X.509 format version of a certificate + + + Inside Corporate Network + Used to indicate if a request originated inside corporate network + + + Password Expiration Time + Used to display the time when the password expires + + + Password Expiration Days + Used to display the number of days to password expiry + + + Update Password URL + Used to display the web address of update password service + + + Authentication Methods References + Used to indicate all authentication methods used to authenticate the user + + + Client Request ID + Identifier for a user session + + + + +
https://adfs.rkh.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256
+ + +
https://adfs.rkh.se/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256
+ + +
https://adfs.rkh.se/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256
+ + +
https://adfs.rkh.se/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256
+ + +
https://adfs.rkh.se/adfs/ls/
+ + +
http://adfs.rkh.se/adfs/services/trust
+ + + + +
https://adfs.rkh.se/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256
+ + + + +
https://adfs.rkh.se/adfs/ls/
+ + + + + + + + MIIC0jCCAbqgAwIBAgIQaSSS4YxptKVG3RUlliWcizANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBhZGZzLnJraC5zZTAeFw0xNzA0MTAwNjI2NDhaFw0xODA0MTAwNjI2NDhaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz2C5vMszlVP70ZPTWY2fbTfDSGG+yVpZoJmYFM+gUmXmELL93mQ0yeCbqb8HnZtm45hEXvBGvzQwUpaD3HSPPV9PF02YFZgz/rrjlQJQ70l0V7ybZzgH64yM45qIKGPXlXIw6qtOl0mNpwR4xqu7/E7e+wlZLB7TSAchT7vhESqOxKbWB4D49mqQZDNK0GbQmNEokkxMR3nxqbFwVh8MwJ5QyQtEifNi9FqiPqF9I/N0bVErqFVENj5WAXPCFQ0hYSH4ulLbAsByRbM4a0J3p2xta/Y/CbvkCnPRrtcEqSd6wk3Ya0qllhDN45rglc9MKDnDtx2zuBQkdLyJMkCAwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCPtKzEQH5cDNNRupUtm4M7OGkNQgOQLZG4/nyYtwH00OcKmzlZASH13t03mlvwcWP3NoFeHqXJbROOkrzhG094KmGjvDDFGiNTxP/hnlfqsynzzNSy8dpBQqVavBxGdbee2A5VyXdBhOIkOXUGaIdGZFkMmAANkktnRuOWEfQdBV3vui3wBdHUKJrNglPaUKmnmH5bTR2j7+jmXT+uLAFrsQzQmC7pebHM1TlRVzoQHdbH1jM9x3fyfRArJcINzy+dO36Inzlwb3eUcd282qOAZc7tGCj/j6Jn8TGzUOe8ZFD5jxZjjYWGkJ70MfmlVGzTXiI9mQogZnZoTMDyd/4J + + + + + + + + + + E-Mail Address + The e-mail address of the user + + + Given Name + The given name of the user + + + Name + The unique name of the user + + + UPN + The user principal name (UPN) of the user + + + Common Name + The common name of the user + + + AD FS 1.x E-Mail Address + The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0 + + + Group + A group that the user is a member of + + + AD FS 1.x UPN + The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0 + + + Role + A role that the user has + + + Surname + The surname of the user + + + PPID + The private identifier of the user + + + Name ID + The SAML name identifier of the user + + + Authentication time stamp + Used to display the time and date that the user was authenticated + + + Authentication method + The method used to authenticate the user + + + Deny only group SID + The deny-only group SID of the user + + + Deny only primary SID + The deny-only primary SID of the user + + + Deny only primary group SID + The deny-only primary group SID of the user + + + Group SID + The group SID of the user + + + Primary group SID + The primary group SID of the user + + + Primary SID + The primary SID of the user + + + Windows account name + The domain account name of the user in the form of domain\user + + + Is Registered User + User is registered to use this device + + + Device Identifier + Identifier of the device + + + Device Registration Identifier + Identifier for Device Registration + + + Device Registration DisplayName + Display name of Device Registration + + + Device OS type + OS type of the device + + + Device OS Version + OS version of the device + + + Is Managed Device + Device is managed by a management service + + + Forwarded Client IP + IP address of the user + + + Client Application + Type of the Client Application + + + Client User Agent + Device type the client is using to access the application + + + Client IP + IP address of the client + + + Endpoint Path + Absolute Endpoint path which can be used to determine active versus passive clients + + + Proxy + DNS name of the federation server proxy that passed the request + + + Application Identifier + Identifier for the Relying Party + + + Application policies + Application policies of the certificate + + + Authority Key Identifier + The Authority Key Identifier extension of the certificate that signed an issued certificate + + + Basic Constraint + One of the basic constraints of the certificate + + + Enhanced Key Usage + Describes one of the enhanced key usages of the certificate + + + Issuer + The name of the certificate authority that issued the X.509 certificate + + + Issuer Name + The distinguished name of the certificate issuer + + + Key Usage + One of the key usages of the certificate + + + Not After + Date in local time after which a certificate is no longer valid + + + Not Before + The date in local time on which a certificate becomes valid + + + Certificate Policies + The policies under which the certificate has been issued + + + Public Key + Public Key of the certificate + + + Certificate Raw Data + The raw data of the certificate + + + Subject Alternative Name + One of the alternative names of the certificate + + + Serial Number + The serial number of a certificate + + + Signature Algorithm + The algorithm used to create the signature of a certificate + + + Subject + The subject from the certificate + + + Subject Key Identifier + Describes the subject key identifier of the certificate + + + Subject Name + The subject distinguished name from a certificate + + + V2 Template Name + The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific. + + + V1 Template Name + The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific. + + + Thumbprint + Thumbprint of the certificate + + + X.509 Version + The X.509 format version of a certificate + + + Inside Corporate Network + Used to indicate if a request originated inside corporate network + + + Password Expiration Time + Used to display the time when the password expires + + + Password Expiration Days + Used to display the number of days to password expiry + + + Update Password URL + Used to display the web address of update password service + + + Authentication Methods References + Used to indicate all authentication methods used to authenticate the user + + + Client Request ID + Identifier for a user session + + + + +
https://adfs.rkh.se/adfs/services/trust/2005/certificatemixed
+ + + + +
https://adfs.rkh.se/adfs/services/trust/mex
+ + + + + + + + +
https://adfs.rkh.se/adfs/ls/
+ + + + + + + + MIIC2DCCAcCgAwIBAgIQIegdoPWQtZdGPbrIN9PWhTANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIEVuY3J5cHRpb24gLSBhZGZzLnJraC5zZTAeFw0xNzA0MTAwNjI2NDhaFw0xODA0MTAwNjI2NDhaMCgxJjAkBgNVBAMTHUFERlMgRW5jcnlwdGlvbiAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7GIwlKPp/BZDe8B8tunujoFHS2mssmv83lbyNjU84uKXE2yna9mebF0Q0UsT+AMejqTn8ViZ8xHxrqU1CG65CUXk+8HAjcgIEJdTe/95AypQcy0cMGCGXQAUYfa2+YIXqy+rr6vv2ag/x91SFBPV+jm9p/jOFd786asSgQFyHlfxl40ANOl1EneXGC0A4T5g05MP93j1puDGQUI2HzcQ6fA8EJk7PeY6k+AhNLHf6h0Khnae67Sov0pOxQCYkG19aW6vpgxc8PZFsCo1Sie2HXaJ6bMoafRSkO1mlUzi0iYOwlAA6YzOckH8g7eI1dvbO01y/PdbYq2M7HjsTH9+QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA6GO/fQxXo9KLoAzYnTDUR7lixWJ47+Fv9Y2waWEN3n+w7xfglMFW7w8ynGeNNkZv65MF2EUBVY6DsdYhrWEDGM0d72YcOiKUmR9/2uNOw+9f9zFQp/DUanyOBHOnUZufX/AXcDZrL1LwsBZPhgcncBdG91fZ1ADBWMJ0ffwrLYVXstsYwQCDnG653SiI21DoA/SU7ee7aLK4LN/BarjtJ5pFs7uFnN03MRDYBkdPqr540rgx2yFKy0jN1oUSMx4PY0xeGtbQTosp1rzpufndHBONd9upp/UUMtXBb8VD1pEQ74fPmzAJRcI+B6r69oMKDRmJ9pWFRlQ6iaB2xUFWE + + + + + + + MIIC0jCCAbqgAwIBAgIQaSSS4YxptKVG3RUlliWcizANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBhZGZzLnJraC5zZTAeFw0xNzA0MTAwNjI2NDhaFw0xODA0MTAwNjI2NDhaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz2C5vMszlVP70ZPTWY2fbTfDSGG+yVpZoJmYFM+gUmXmELL93mQ0yeCbqb8HnZtm45hEXvBGvzQwUpaD3HSPPV9PF02YFZgz/rrjlQJQ70l0V7ybZzgH64yM45qIKGPXlXIw6qtOl0mNpwR4xqu7/E7e+wlZLB7TSAchT7vhESqOxKbWB4D49mqQZDNK0GbQmNEokkxMR3nxqbFwVh8MwJ5QyQtEifNi9FqiPqF9I/N0bVErqFVENj5WAXPCFQ0hYSH4ulLbAsByRbM4a0J3p2xta/Y/CbvkCnPRrtcEqSd6wk3Ya0qllhDN45rglc9MKDnDtx2zuBQkdLyJMkCAwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCPtKzEQH5cDNNRupUtm4M7OGkNQgOQLZG4/nyYtwH00OcKmzlZASH13t03mlvwcWP3NoFeHqXJbROOkrzhG094KmGjvDDFGiNTxP/hnlfqsynzzNSy8dpBQqVavBxGdbee2A5VyXdBhOIkOXUGaIdGZFkMmAANkktnRuOWEfQdBV3vui3wBdHUKJrNglPaUKmnmH5bTR2j7+jmXT+uLAFrsQzQmC7pebHM1TlRVzoQHdbH1jM9x3fyfRArJcINzy+dO36Inzlwb3eUcd282qOAZc7tGCj/j6Jn8TGzUOe8ZFD5jxZjjYWGkJ70MfmlVGzTXiI9mQogZnZoTMDyd/4J + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + MIIC2DCCAcCgAwIBAgIQIegdoPWQtZdGPbrIN9PWhTANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIEVuY3J5cHRpb24gLSBhZGZzLnJraC5zZTAeFw0xNzA0MTAwNjI2NDhaFw0xODA0MTAwNjI2NDhaMCgxJjAkBgNVBAMTHUFERlMgRW5jcnlwdGlvbiAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7GIwlKPp/BZDe8B8tunujoFHS2mssmv83lbyNjU84uKXE2yna9mebF0Q0UsT+AMejqTn8ViZ8xHxrqU1CG65CUXk+8HAjcgIEJdTe/95AypQcy0cMGCGXQAUYfa2+YIXqy+rr6vv2ag/x91SFBPV+jm9p/jOFd786asSgQFyHlfxl40ANOl1EneXGC0A4T5g05MP93j1puDGQUI2HzcQ6fA8EJk7PeY6k+AhNLHf6h0Khnae67Sov0pOxQCYkG19aW6vpgxc8PZFsCo1Sie2HXaJ6bMoafRSkO1mlUzi0iYOwlAA6YzOckH8g7eI1dvbO01y/PdbYq2M7HjsTH9+QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA6GO/fQxXo9KLoAzYnTDUR7lixWJ47+Fv9Y2waWEN3n+w7xfglMFW7w8ynGeNNkZv65MF2EUBVY6DsdYhrWEDGM0d72YcOiKUmR9/2uNOw+9f9zFQp/DUanyOBHOnUZufX/AXcDZrL1LwsBZPhgcncBdG91fZ1ADBWMJ0ffwrLYVXstsYwQCDnG653SiI21DoA/SU7ee7aLK4LN/BarjtJ5pFs7uFnN03MRDYBkdPqr540rgx2yFKy0jN1oUSMx4PY0xeGtbQTosp1rzpufndHBONd9upp/UUMtXBb8VD1pEQ74fPmzAJRcI+B6r69oMKDRmJ9pWFRlQ6iaB2xUFWE + + + + + + + MIIC0jCCAbqgAwIBAgIQaSSS4YxptKVG3RUlliWcizANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBhZGZzLnJraC5zZTAeFw0xNzA0MTAwNjI2NDhaFw0xODA0MTAwNjI2NDhaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIGFkZnMucmtoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz2C5vMszlVP70ZPTWY2fbTfDSGG+yVpZoJmYFM+gUmXmELL93mQ0yeCbqb8HnZtm45hEXvBGvzQwUpaD3HSPPV9PF02YFZgz/rrjlQJQ70l0V7ybZzgH64yM45qIKGPXlXIw6qtOl0mNpwR4xqu7/E7e+wlZLB7TSAchT7vhESqOxKbWB4D49mqQZDNK0GbQmNEokkxMR3nxqbFwVh8MwJ5QyQtEifNi9FqiPqF9I/N0bVErqFVENj5WAXPCFQ0hYSH4ulLbAsByRbM4a0J3p2xta/Y/CbvkCnPRrtcEqSd6wk3Ya0qllhDN45rglc9MKDnDtx2zuBQkdLyJMkCAwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCPtKzEQH5cDNNRupUtm4M7OGkNQgOQLZG4/nyYtwH00OcKmzlZASH13t03mlvwcWP3NoFeHqXJbROOkrzhG094KmGjvDDFGiNTxP/hnlfqsynzzNSy8dpBQqVavBxGdbee2A5VyXdBhOIkOXUGaIdGZFkMmAANkktnRuOWEfQdBV3vui3wBdHUKJrNglPaUKmnmH5bTR2j7+jmXT+uLAFrsQzQmC7pebHM1TlRVzoQHdbH1jM9x3fyfRArJcINzy+dO36Inzlwb3eUcd282qOAZc7tGCj/j6Jn8TGzUOe8ZFD5jxZjjYWGkJ70MfmlVGzTXiI9mQogZnZoTMDyd/4J + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/swamid-testing-idp-1.0.mxml b/swamid-testing-idp-1.0.mxml index 32cbb3ad..843cf755 100644 --- a/swamid-testing-idp-1.0.mxml +++ b/swamid-testing-idp-1.0.mxml @@ -58,4 +58,5 @@ + -- cgit v1.2.3