<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://idportal.ki.se/shibboleth">
  <md:Extensions>
    <mdattr:EntityAttributes>
      <samla:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <samla:AttributeValue>https://refeds.org/category/code-of-conduct/v2</samla:AttributeValue>
      </samla:Attribute>
    </mdattr:EntityAttributes>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2024-10-08T14:33:36Z">
      <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy>
    </mdrpi:RegistrationInfo>
  </md:Extensions>
  <md:SPSSODescriptor AuthnRequestsSigned="1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:Extensions>
      <mdui:UIInfo>
        <mdui:DisplayName xml:lang="en">Karolinska Institutet ID Portal</mdui:DisplayName>
        <mdui:DisplayName xml:lang="sv">Karolinska Institutet ID-portal</mdui:DisplayName>
        <mdui:Logo xml:lang="en" height="100" width="200">https://login.ki.se/images/KI_digital_logotyp_positiv_RGB.svg</mdui:Logo>
        <mdui:Logo xml:lang="sv" height="100" width="200">https://login.ki.se/images/KI_digital_logotyp_positiv_RGB.svg</mdui:Logo>
        <mdui:Description xml:lang="en">Portal for activating and verifying Karolinska Institutet accounts</mdui:Description>
        <mdui:Description xml:lang="sv">Portal för aktivering och verifiering av konton hos Karolinska Institutet</mdui:Description>
        <mdui:InformationURL xml:lang="sv">https://idportal.ki.se</mdui:InformationURL>
        <mdui:InformationURL xml:lang="en">https://idportal.ki.se</mdui:InformationURL>
        <mdui:PrivacyStatementURL xml:lang="sv">https://idportal.ki.se/pp_sv.html</mdui:PrivacyStatementURL>
        <mdui:PrivacyStatementURL xml:lang="en">https://idportal.ki.se/pp_en.html</mdui:PrivacyStatementURL>
      </mdui:UIInfo>
      <init:RequestInitiator Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://idportal.ki.se/Shibboleth.sso/Login"/>
    </md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo>
        <ds:KeyName>kiidacauth01.user.ki.se</ds:KeyName>
        <ds:X509Data>
          <ds:X509SubjectName>CN=kiidacauth01.user.ki.se</ds:X509SubjectName>
          <ds:X509Certificate>MIIEFzCCAn+gAwIBAgIUWbtXnGcCOfYvnYQjNa7Vwt1qMcYwDQYJKoZIhvcNAQEL
BQAwIjEgMB4GA1UEAxMXa2lpZGFjYXV0aDAxLnVzZXIua2kuc2UwHhcNMjMwNTEx
MTU0NDU4WhcNMzMwNTA4MTU0NDU4WjAiMSAwHgYDVQQDExdraWlkYWNhdXRoMDEu
dXNlci5raS5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMsNmZx2
aqzGGeChtpT7txj3zdFw6cJdys+sz/qrLms7f8pKfQz5Yupjz5pP3KkTSsxd2+VV
aVqJFUplDBdz1bGptuP+GdgJMusyNIcMWwW3YWy7fK1KgG2Q2CoWChxuidJJdOTz
XDvJcTHxnICJRZ4lSC2VHl8U09+R4Bu7SPh7FnZ9tHAzmF4VsKkF2nvUpa4srspf
QuHyTczjSzcBnoZESHXUE9v3iisovvff6onvjzkLaFqIYlar6a8FXjGPslWnXnLx
4cWOAYV852nV7N5F4hgd13mavM8qYRzjc7QpRDIbNaaV0YhqDi/mq8vk6NIestNs
ZWq1yeI1tA8+D55jrpcME9TyxmXxHAVTZGWL8hdCqn2OZDubujneAQtTp0bVHC8a
8v9yYLM5Epq6VyXswDHeY6+ePE1CDV9Fd3iLmC8aMu7JqfN6HeWEsMXu+7wGYEld
bxp3aLSoE757my9tg7ESmzU1OZ/0QJ8Say0iiMfhKcGiGZ27r5ZRg014/wIDAQAB
o0UwQzAiBgNVHREEGzAZghdraWlkYWNhdXRoMDEudXNlci5raS5zZTAdBgNVHQ4E
FgQUf479m4voB7rtr3nxdxT/ZBjfRHYwDQYJKoZIhvcNAQELBQADggGBAC2fzoih
R4zYq9kch1dCpOfSrglDdkUIvjhntXEi+z7H+5RgpDai33a2LEhTit+yB1Ty7Psh
B0uUbEglTzB+2enGOjwpoYaivFAKQx5zoQqquElIjCzAEghoAmGIgZXhqDKJ/Fzb
MHQjvnG8O2bgJTyJAA5thizdrDETpaXcVov7HfPkldsz5upFHeWELZli4sTQQw6G
eiMzaO8PTcHojV/LinGVzkcUbZHbrFDoD/lgoGhfcE9q5OkU7t/g2ZXSjznvfeFn
zUa9qk2xxB0v1OzbWkp5e+zm6Svop2QWWJ55LSmST6V7TzvIJhrZjnsZMdsSXhCM
W8KQh145QueKB/1vBeFLgo32/TUrrtS6Nttl9owBplMS1QaMIR2XjN+opnoWc5dD
pV7uSAl+gwvp9MP8e4jMGxeLuZYf5MOswJSnpp88wTo+Bhj/Aq87/nnqLGopraQt
PkPLuWupp93CzbD8GdzqwSdTHqroxXck9qvMs2E+Cv3dgcRr/8NpyzSEcw==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo>
        <ds:KeyName>kiidacauth01.user.ki.se</ds:KeyName>
        <ds:X509Data>
          <ds:X509SubjectName>CN=kiidacauth01.user.ki.se</ds:X509SubjectName>
          <ds:X509Certificate>MIIEFzCCAn+gAwIBAgIUAnopQsUB2Wx1FwGLkYLZd8+I+WIwDQYJKoZIhvcNAQEL
BQAwIjEgMB4GA1UEAxMXa2lpZGFjYXV0aDAxLnVzZXIua2kuc2UwHhcNMjMwNTEx
MTU0NDU1WhcNMzMwNTA4MTU0NDU1WjAiMSAwHgYDVQQDExdraWlkYWNhdXRoMDEu
dXNlci5raS5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKlCoEX6
aKXOdSBz3BMyjuGNgubCcOekadyu80KHjPIc+o2JiG1oXN8n7JzsDkK0U4AFCD9L
0H8/bqPOwIrKF4JB4ALLeHEOQCNDJ9pVXp4CuU0XD+kolLq07DbnvamyRmY/r821
tNYlsGO3aj5zyxT7jWT50FRfza8R8IFAVhkm1STrkXsSAaBYC7wUs5AT3E2Bqh9m
xobd76XSbD/HozCS7ydW8OT99HKakxzR4tg4JuIcyucvrPHDYDQ2OhLpfWdtM1j0
Ov+MDR+dIGw0BQdbVzIEC7LXLYf26f8TkERtc7IoAHwoACgfoJFHSn2lofUlJDRF
AeMnpW+NYMYvdY3jBBEslpGCNZ7HXGRL3yF2wjK8vJc8AXHS8O5kBtWtllqsHtRy
adF/9k4PhUWcD3h4jgH+MLd7SvJv/SWp3lM6KA0xV/Cn7t5xMO9ouj7c6Bielly2
k254r7TvEXFw/4h9rlmtaxOHRCRm+qzW/FtxxMwaKdL3FEVAL4bnss5PpwIDAQAB
o0UwQzAiBgNVHREEGzAZghdraWlkYWNhdXRoMDEudXNlci5raS5zZTAdBgNVHQ4E
FgQUyQSBFqtz5xI/0EKdwFqmrBZ3aK0wDQYJKoZIhvcNAQELBQADggGBAHW2AMwb
q+FaILghgHGF2L4Yt71jIzZYafm4jyFtjnq2DyWV9Yao42HjPV6mBF1VEB4PcZdH
XP+CQFacqDbK+ZaG7PriM/SM/8c3B75v7msetvnvyhnvjG0GNJiwKIOclW5KIPSd
iMXsL4Z02cGyFEaQSywL8qVzdZLm/AhtAclwbrpAEBWDXgmHJDQcfl4FNED+iTy+
uFeid5PbbhV+GZwLm8fkiPSMjr8cmiACGr/TjQzmLj3CHBaV2mpHC3pf19gPAHjc
zz64FxNaRHkBBnrL8iwPCW3Mt3ECfR756QiqX5JWMjZwe+eSpZ60wlyF2zGca6ou
L7IRYNdkSvomIBVeZsCRdlyGOEm1SMBdq/RcbxNlByKktyn4ufAlHsqQslFb8OtD
Z5kV85U/QtPBlYT3dQ/km3IeeJsosGsnIyyzI0b2poMaPBHZ0sS1z+ylz65Kp35O
0wsx0JjKtWjDiOS6tq8tumhiIoU97s9sNu66kT/UpNGPUK4fjDRCDRLzIg==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
    </md:KeyDescriptor>
    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idportal.ki.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idportal.ki.se/Shibboleth.sso/SLO/SOAP"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idportal.ki.se/Shibboleth.sso/SLO/Redirect"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idportal.ki.se/Shibboleth.sso/SLO/POST"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://idportal.ki.se/Shibboleth.sso/SLO/Artifact"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idportal.ki.se/Shibboleth.sso/SAML2/POST" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idportal.ki.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://idportal.ki.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://idportal.ki.se/Shibboleth.sso/SAML2/ECP" index="4"/>
    <md:AttributeConsumingService index="1" isDefault="true">
      <md:ServiceName xml:lang="en">ID Portal</md:ServiceName>
      <md:ServiceName xml:lang="sv">ID Portal</md:ServiceName>
      <md:RequestedAttribute FriendlyName="eduPersonAssurance" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
      <md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
    </md:AttributeConsumingService>
  </md:SPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en">Karolinska Institutet</md:OrganizationName>
    <md:OrganizationName xml:lang="sv">Karolinska Institutet</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">Karolinska Institutet</md:OrganizationDisplayName>
    <md:OrganizationDisplayName xml:lang="sv">Karolinska Institutet</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">https://ki.se/en</md:OrganizationURL>
    <md:OrganizationURL xml:lang="sv">https://ki.se</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="technical">
    <md:EmailAddress>mailto:selfservice@ki.se</md:EmailAddress>
  </md:ContactPerson>
  <md:ContactPerson contactType="support">
    <md:EmailAddress>mailto:selfservice@ki.se</md:EmailAddress>
  </md:ContactPerson>
  <md:ContactPerson contactType="administrative">
    <md:EmailAddress>mailto:selfservice@ki.se</md:EmailAddress>
  </md:ContactPerson>
  <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
    <md:GivenName>Security Response Team</md:GivenName>
    <md:EmailAddress>mailto:selfservice@ki.se</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>