swamid-2.0/wg-onboard.lan.kth.se-shibboleth.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="https://wg-onboard.lan.kth.se/shibboleth">
  <md:Extensions>
    <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/" registrationInstant="2022-11-01T16:15:34Z">
      <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy>
    </mdrpi:RegistrationInfo>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <mdattr:EntityAttributes>
      <samla:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <samla:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</samla:AttributeValue>
      </samla:Attribute>
    </mdattr:EntityAttributes>
  </md:Extensions>
  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
    <md:Extensions>
      <init:RequestInitiator Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/Login"/>
      <mdui:UIInfo>
        <mdui:Description xml:lang="en">Wireguard</mdui:Description>
        <mdui:Description xml:lang="sv">Wireguard</mdui:Description>
        <mdui:DisplayName xml:lang="en">Wireguard</mdui:DisplayName>
        <mdui:DisplayName xml:lang="sv">Wireguard</mdui:DisplayName>
        <mdui:InformationURL xml:lang="en">https://www.lan.kth.se/vpn/vpn.html</mdui:InformationURL>
        <mdui:InformationURL xml:lang="sv">https://www.lan.kth.se/vpn/vpn.html</mdui:InformationURL>
        <mdui:Keywords xml:lang="en">Wireguard</mdui:Keywords>
        <mdui:Keywords xml:lang="sv">Wireguard</mdui:Keywords>
        <mdui:PrivacyStatementURL xml:lang="en">https://intra.kth.se/en/it/natverk/regler-policys/policy-for-hantering-av-personuppgifter-inom-ramen-for-identitetsutgivaren-identity-provider-idp-som-faststallts-av-kungliga-tekniska-hogskolan-1.924071</mdui:PrivacyStatementURL>
        <mdui:PrivacyStatementURL xml:lang="sv">https://intra.kth.se/it/natverk/regler-policys/policy-for-hantering-av-personuppgifter-inom-ramen-for-identitetsutgivaren-identity-provider-idp-som-faststallts-av-kungliga-tekniska-hogskolan-1.924071</mdui:PrivacyStatementURL>
      </mdui:UIInfo>
    </md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo>
        <ds:KeyName>wg-onboard.lan.kth.se</ds:KeyName>
        <ds:X509Data>
          <ds:X509SubjectName>CN=wg-onboard.lan.kth.se</ds:X509SubjectName>
          <ds:X509Certificate>MIIEETCCAnmgAwIBAgIUWy1PZjHDVjFPCwf1dsMOVG9QLuswDQYJKoZIhvcNAQEL
BQAwIDEeMBwGA1UEAxMVd2ctb25ib2FyZC5sYW4ua3RoLnNlMB4XDTIyMTEwMTEz
MDYwMloXDTMyMTAyOTEzMDYwMlowIDEeMBwGA1UEAxMVd2ctb25ib2FyZC5sYW4u
a3RoLnNlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvtQAlnmmuHNW
d2V3DHi2PTmrvjVJ5sEszptVTUSvwAHg5f+gxdkZc/akALM4kwMnpgE7mAr26AGt
D+AIlK8/1hF72Lq/sqQI9Qa7xUNpNc8lX24yP3mM1KtM1VayyQUV3c2td/CMX+Gx
gJxXbq2KWJo4SlKnIKWNER3QuS+mLNiacak1SeqFlBaB7mgdyLlTeJbCK+ApcpCn
u/Pha6KmrwMJaniFiXY11X4oYDhr5VM+fws/9x15o2+zr/N8K8ynBKsGsmoXmMSi
chLGTcvteNUkSPAN1cOMJ4hvdyu5IKEPBPzeQk/PX7FClu6xYTyLvJkINErqUNTc
NJ5aMlSNDJNSMkysjYfEePjd8yhBRFmex3OJF189cs24cpDu03ibEuTIP/RhqpJW
6olZf50/oLs+52By9a+Jgmx7BnGCwxeHxFjBAaznuLwL/rbOpF/MMqFOGLboSQL8
7N6Ri1HTpaAtTW9YGhJ3mPn7wJbgwICgD1BCADktAO+mVfWgCDvRAgMBAAGjQzBB
MCAGA1UdEQQZMBeCFXdnLW9uYm9hcmQubGFuLmt0aC5zZTAdBgNVHQ4EFgQUth46
h9C5rlvETR1MyiicWRR9VI8wDQYJKoZIhvcNAQELBQADggGBALu5sO5KMQbIAtb9
DwmvAm6lW5MKJLdlWaS3/Ow2kJ7MqrbsiFs2jWSmY2zZ0h9s5R8N7+kZUR8empia
WgTRzqfH9buNs32l0mHK0/WQyimw2L8Foy0LPKRfvixzSf0HM7j4FWFtnOeHY9cy
P5tC44CsJI7sjRDX/rOr/Ij7lFxj/9qhWG6ltW/fCoFd7I0lVX3NrRq19eWl582d
kgKjJkMtpJ9VNkILg2d4uPl2iv4Tv7CuWrddfSSbs4bixLpaeZuSbqCCFEgueVni
M15UP00yDLVb5hqoE8UvxZKtyOqpEjjeCaRxLWXgLZrntsS+QvTNK0HBNvlTU7fc
Q7zqK5HCg7w6yGztt1xeUytxh1BxtAyEQSaBBi5zc+f6+QKqyrrBeS2bfPxak7Zv
2NSRpFboOIaQxXFUubFFYt9UyyuqoVNOkaQOMawqfxINdzTAWqMYSXw4dxET16ZK
SgMRw9ARXq8hRTj4fQN5NewMxQWOtOT1z/H0oCk+scg5HSlnvQ==
</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo>
        <ds:KeyName>wg-onboard.lan.kth.se</ds:KeyName>
        <ds:X509Data>
          <ds:X509SubjectName>CN=wg-onboard.lan.kth.se</ds:X509SubjectName>
          <ds:X509Certificate>MIIEETCCAnmgAwIBAgIUH7uSkFMdkyJfpwh9IWPCmrIztBYwDQYJKoZIhvcNAQEL
BQAwIDEeMBwGA1UEAxMVd2ctb25ib2FyZC5sYW4ua3RoLnNlMB4XDTIyMTEwMTEz
MDYwM1oXDTMyMTAyOTEzMDYwM1owIDEeMBwGA1UEAxMVd2ctb25ib2FyZC5sYW4u
a3RoLnNlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA6Tr/wqjXzFrw
BVufIBPScjL/baaQFwRQHp5oKGXd4l7jlXtpFpUX+kmzZhMKUvFX7D+irY1sF7t4
9lPQ1lUftBKM/n7Ay9KgErvyDMgmxp+azYRyBN5IULhwM97QvqYTzvUskobDOS+w
Yx0+r5LaiSKagQW/oxYwMg0zpYO+olNzG3a+SJuY/9HB+m5yR025u5Mewe3/oGZo
BbKt/Q8IQ+h9QwB359hoGkPYNPtocM91vprx4hafdSPDb1KDfFML0/40kiWYDUWA
+SXxCfSV+KTasNhTgN57buuTqP8L6+xScfxbipU2oXRwFJdQmc5Y+yBtNRrLaMpC
y0SwZQ9erJ7X9tXgYJSAkzlCjkkRoIy3xuoMzhAS31SmsELsvmSr26uQtaPUmALJ
UzVXoBNfo3b7UWT6xg/Io1uoMZfusPDLTDauOjNeSZ1pxyfmuvYzu9rLu+Lb4mve
eJX7jpXhjXLYHAy1d734fOB06CzNvYDS7T8hzBdHU4HSon6L6F3BAgMBAAGjQzBB
MCAGA1UdEQQZMBeCFXdnLW9uYm9hcmQubGFuLmt0aC5zZTAdBgNVHQ4EFgQU+IHb
7jP2lAcGKJIfdZ3KIrDvo4EwDQYJKoZIhvcNAQELBQADggGBAClZfWkbFjmbuc2/
YhBb2cCOyVr/sN4rmrD2DzO7uJOhg8soIVgER/ya3xOgYdj/0pIKkb+ZHPGAWA7n
8QFFR4ROeGSt+SBl582X72vo6a3tUfX/JEfAZRBXOj3T0uSDRdY/SdEbIKq+yxdz
V43/mF5hNBAsCOw0cqq4MJq11cnasmrFq9kljsmb9MTOxJtz5OktMT2IjS5zmPHJ
J0ahbV4x0GSXAyZik1NXcDPtlNVmAFvk3P0r1nfhpbGcIs45qmLpW40Zvxkjm0QK
1NDj8nQ5i+KWW8xap+xWvEI8eetTvJ9cDZRrZW3o/cvWcP/dgvwnerx0H99wifep
4VBcR5NGvJPwxsrpHHPfrqYf7paiW898aO3uc6Efv8KuoWuS+N14ZBvJAXpWhRbC
XXBejSbeZIRtLRYpgenVMlwxCuHxA0h+q0FDNZ1uteV62l2CaP5zeZzbzFbTrenV
AWE9gLXkqERlcPFazSerNf/Uzw8IYZBb6p5gWI84epkbYBX3Kw==
</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
    </md:KeyDescriptor>
    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SLO/SOAP"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SLO/Redirect"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SLO/POST"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SLO/Artifact"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SAML2/POST" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SAML2/ECP" index="4"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SAML/POST" index="5"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://wg-onboard.lan.kth.se/Shibboleth.sso/SAML/Artifact" index="6"/>
    <md:AttributeConsumingService index="1">
      <md:ServiceName xml:lang="en">Wireguard</md:ServiceName>
      <md:ServiceName xml:lang="sv">Wireguard</md:ServiceName>
      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
      <md:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
    </md:AttributeConsumingService>
  </md:SPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en">Royal Institute of Technology</md:OrganizationName>
    <md:OrganizationName xml:lang="sv">Kungliga Tekniska högskolan</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">KTH</md:OrganizationDisplayName>
    <md:OrganizationDisplayName xml:lang="sv">KTH</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">https://www.kth.se/en</md:OrganizationURL>
    <md:OrganizationURL xml:lang="sv">https://www.kth.se/</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="administrative">
    <md:Company>Kungliga Tekniska högskolan</md:Company>
    <md:GivenName>Hans</md:GivenName>
    <md:SurName>Åkerman</md:SurName>
    <md:EmailAddress>mailto:hakerman@kth.se</md:EmailAddress>
    <md:TelephoneNumber>+4687906000</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="technical">
    <md:Company>Kungliga Tekniska högskolan</md:Company>
    <md:GivenName>Hans</md:GivenName>
    <md:SurName>Akerman</md:SurName>
    <md:EmailAddress>mailto:hakerman@kth.se</md:EmailAddress>
    <md:TelephoneNumber>+4687906000</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="support">
    <md:Company>Kungliga Tekniska högskolan</md:Company>
    <md:GivenName>IT-Support</md:GivenName>
    <md:EmailAddress>mailto:it-support@kth.se</md:EmailAddress>
    <md:TelephoneNumber>+46 8 790 6600</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
    <md:Company>Kungliga Tekniska högskolan</md:Company>
    <md:GivenName>Hans</md:GivenName>
    <md:SurName>Åkerman</md:SurName>
    <md:EmailAddress>mailto:hakerman@kth.se</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>