blob: d2332dfd3b6e2b5dcf357c7bac6fa1b24f480677 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://groupes-aa.renater.fr">
<md:Extensions>
<mdrpi:RegistrationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" registrationAuthority="https://federation.renater.fr/" registrationInstant="2014-09-25T15:11:29Z">
<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>https://federation.renater.fr/category/collaboratif</saml:AttributeValue>
<saml:AttributeValue>https://federation.renater.fr/scope/community</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:DisplayName xml:lang="en">RENATER - Validation of the Authorization Service</mdui:DisplayName>
<mdui:InformationURL xml:lang="fr">https://groupes-aa.renater.fr</mdui:InformationURL>
<mdui:Description xml:lang="en">Authorization service based on Sympa group manager (Universalistes) and SAML Attributes Authorities.
It allows virtual organizations (e.g. research communities) composed by people belonging to different institutions (i.e. managed by different referentials) to access to common resources (if authorization was granted) after having been authenticated by their respective institutions.
This service will be in charge of authentication and provide accurate access control on a community's web resource (group defined in Sympa). This resource can therefore be hosted anywhere.</mdui:Description>
<mdui:DisplayName xml:lang="fr">RENATER - Validation du Service d'autorisation</mdui:DisplayName>
<mdui:Description xml:lang="fr">Service d'autorisation basé sur le gestionnaire de groupes Sympa (Universalistes) et les Attributes Authorities SAML.
Il permet à des organisations virtuelles (VO, communautés de chercheurs) appartenant à des établissements différents (donc gérés dans des référentiels différents) d'accéder à des ressources communes (sur autorisation) après authentification auprès de leurs établissements respectifs.
Ce service se chargera de l'authentification et permettra un contrôle d'accès fin sur une ressource Web d'une communauté (groupe défini dans Sympa) qui peut donc être hébergée n'importe où.</mdui:Description>
</mdui:UIInfo>
</md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIC+jCCAeKgAwIBAgIJALBSjVtKCuQcMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV
BAMTEWRhbW9uYS5yZW5hdGVyLmZyMB4XDTE0MDkyMjE0NDgxMVoXDTI0MDkxOTE0
NDgxMVowHDEaMBgGA1UEAxMRZGFtb25hLnJlbmF0ZXIuZnIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDm5OyzbhKkpArqcqSUY0eMh62d8p+/Y0Cssiie
Mb2tiETFm2GSssPWSKl8NdIKY31TnQT8kJesZLllfIuIHZAsw2vv3VNVQJsTbY8o
indBepdVJWejKxgp80ylL9QDZhtz2dG6VJhtrypT45/f8rTtMfcIY1sN95FEigwZ
GLXlEPTIH9r7U831DQDaOn5uR0jz+wO7bA+NvBGove4BkD1HJ4fkLWC9amSgQpan
Lw0YJ5xgYpCDZk4y0oDQObd4oBVXb30+jr2vnYZFTTfM0mxTj5naDia6ez7rAQwv
qViUwQE+Z+thInH6erNHF7G5LJA4u4PX2s/u3TSitQePs3IbAgMBAAGjPzA9MBwG
A1UdEQQVMBOCEWRhbW9uYS5yZW5hdGVyLmZyMB0GA1UdDgQWBBQXqnecrfW7ivww
4GfxSu1We4CLOjANBgkqhkiG9w0BAQUFAAOCAQEAeD8GgYq59YNJv1u9j7M5/j3O
gmk1jxFrcCeH82qF4/eQPkqMwtOlWRi4EW7ZIQusnchXyllBtOBasQNmPBfjq0GX
zALi3Sd8sLDODKa+rRoJzZs0V3mlRU6UaEHyXMlnrpv3yn92buVxjMpX6PXFlQbB
+Aqsv8O0II4O/6eU+hDXSpZEQFUc6iRZ7fT4IXD5SHrbHDbAU0w7ZTknn3YlQglh
B2xZ41JS1unwqh1+azyjNCYMn9P8UYanAOTDdycZqCOFASXGSkd+aCHWrHz1lVGo
bGESZR7Tv0Rg476ex/x+VHEXmJZurlD9Sf7UAMbErhorRKPsfrReAuWpaqSJyw==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIC+jCCAeKgAwIBAgIJALBSjVtKCuQcMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV
BAMTEWRhbW9uYS5yZW5hdGVyLmZyMB4XDTE0MDkyMjE0NDgxMVoXDTI0MDkxOTE0
NDgxMVowHDEaMBgGA1UEAxMRZGFtb25hLnJlbmF0ZXIuZnIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDm5OyzbhKkpArqcqSUY0eMh62d8p+/Y0Cssiie
Mb2tiETFm2GSssPWSKl8NdIKY31TnQT8kJesZLllfIuIHZAsw2vv3VNVQJsTbY8o
indBepdVJWejKxgp80ylL9QDZhtz2dG6VJhtrypT45/f8rTtMfcIY1sN95FEigwZ
GLXlEPTIH9r7U831DQDaOn5uR0jz+wO7bA+NvBGove4BkD1HJ4fkLWC9amSgQpan
Lw0YJ5xgYpCDZk4y0oDQObd4oBVXb30+jr2vnYZFTTfM0mxTj5naDia6ez7rAQwv
qViUwQE+Z+thInH6erNHF7G5LJA4u4PX2s/u3TSitQePs3IbAgMBAAGjPzA9MBwG
A1UdEQQVMBOCEWRhbW9uYS5yZW5hdGVyLmZyMB0GA1UdDgQWBBQXqnecrfW7ivww
4GfxSu1We4CLOjANBgkqhkiG9w0BAQUFAAOCAQEAeD8GgYq59YNJv1u9j7M5/j3O
gmk1jxFrcCeH82qF4/eQPkqMwtOlWRi4EW7ZIQusnchXyllBtOBasQNmPBfjq0GX
zALi3Sd8sLDODKa+rRoJzZs0V3mlRU6UaEHyXMlnrpv3yn92buVxjMpX6PXFlQbB
+Aqsv8O0II4O/6eU+hDXSpZEQFUc6iRZ7fT4IXD5SHrbHDbAU0w7ZTknn3YlQglh
B2xZ41JS1unwqh1+azyjNCYMn9P8UYanAOTDdycZqCOFASXGSkd+aCHWrHz1lVGo
bGESZR7Tv0Rg476ex/x+VHEXmJZurlD9Sf7UAMbErhorRKPsfrReAuWpaqSJyw==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://groupes-aa.renater.fr/Shibboleth.sso/SAML2/POST" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://groupes-aa.renater.fr/Shibboleth.sso/SAML/POST" index="5"/>
<md:AttributeConsumingService index="0">
<md:ServiceName xml:lang="fr">RENATER - Validation du Service d'autorisation</md:ServiceName>
<md:ServiceName xml:lang="en">RENATER - Validation of the Authorization Service</md:ServiceName>
<md:ServiceDescription xml:lang="fr">Service d'autorisation basé sur le gestionnaire de groupes Sympa (Universalistes) et les Attributes Authorities SAML.
Il permet à des organisations virtuelles (VO, communautés de chercheurs) appartenant à des établissements différents (donc gérés dans des référentiels différents) d'accéder à des ressources communes (sur autorisation) après authentification auprès de leurs établissements respectifs.
Ce service se chargera de l'authentification et permettra un contrôle d'accès fin sur une ressource Web d'une communauté (groupe défini dans Sympa) qui peut donc être hébergée n'importe où.</md:ServiceDescription>
<md:ServiceDescription xml:lang="en">Authorization service based on Sympa group manager (Universalistes) and SAML Attributes Authorities.
It allows virtual organizations (e.g. research communities) composed by people belonging to different institutions (i.e. managed by different referentials) to access to common resources (if authorization was granted) after having been authenticated by their respective institutions.
This service will be in charge of authentication and provide accurate access control on a community's web resource (group defined in Sympa). This resource can therefore be hosted anywhere.</md:ServiceDescription>
<md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">GIP RENATER</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">GIP RENATER</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">http://www.renater.fr</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:EmailAddress>support@renater.fr</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
|