1

Surpriseplus

2022-09-16 78abd11f9447f93362514e63bda4dd2c6de568da

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?xml version="1.0" encoding="UTF-8"?>
<!--
     This is example metadata only. Do *NOT* supply it as is without review,
     and do *NOT* provide it in real time to your partners.
 
     This metadata is not dynamic - it will not change as your configuration changes.
-->
<EntityDescriptor  xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://cas.example.org/idp">
 
    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
 
        <Extensions>
            <shibmd:Scope regexp="false">example.org</shibmd:Scope>
<!--
    Fill in the details for your IdP here 
 
            <mdui:UIInfo>
                <mdui:DisplayName xml:lang="en">A Name for the IdP at cas.example.org</mdui:DisplayName>
                <mdui:Description xml:lang="en">Enter a description of your IdP at cas.example.org</mdui:Description>
                <mdui:Logo height="80" width="80">https://cas.example.org/Path/To/Logo.png</mdui:Logo>
            </mdui:UIInfo>
-->
        </Extensions>
 
        <KeyDescriptor use="signing">
            <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
MIIDHDCCAgSgAwIBAgIUGpyOKIYGeSajZkElQ1SbRDScfwkwDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPY2FzLmV4YW1wbGUub3JnMB4XDTIyMDgxMTA2MTEwNVoX
DTQyMDgxMTA2MTEwNVowGjEYMBYGA1UEAwwPY2FzLmV4YW1wbGUub3JnMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0T2g3z8hvu8BBwkzn2WVPqHfmWX
6nyuRitmZ6aobGCz2lHiJia1qH7iS++0iUgFYgSIeCfJ0pwzw4nZqTJ/gzP3zaA2
Sdfn5Viku+LOeRTOaQby0RcT01KWsEGPLpGpwc7Zu/94fiLF0RMLjr3j1SFUNyXC
xc6/Q1GrEduNWpEdIzuSyxAVKabW0KWQZouauhr37Gw0mlWRxAn1i3JzsN4aNF+i
RazyHGeoXUvewF8e20XEak7MphYwWxXSf2mA55NDwsFiwNbLP9Xw4OZz8cFIESjy
Is0/FMo+9RcvegTyVqMNMzP55ilkq08uHp8aLCRqdzNHoeQCYSUVL8n90wIDAQAB
o1owWDAdBgNVHQ4EFgQUKJzV+WTf1yyLej0kvM8GLY8zXXEwNwYDVR0RBDAwLoIP
Y2FzLmV4YW1wbGUub3JnhhtjYXMuZXhhbXBsZS5vcmdpZHAvbWV0YWRhdGEwDQYJ
KoZIhvcNAQELBQADggEBAJNJ8qVEROlXea/0iiRCywKJiY1Nv46omiCf/VpAW798
576kYF3KaAPok65pe7bXuzNwzwufxMgXXleGhJZZPmVmIgBbuutTB6Uqg6dFhbza
gq1Hwn0joaES6pj8chpp7LyDSu9f3h2IKjHyTMD0P2BOGTgZkhmosugn2MIbYfoW
4TwHst3bcRbYJE/cBU3p/aN1VlNTPhNvpxqQFSEgGLGnksCB/2hXSF2R5fjRwYeJ
KN36MHcIojQw8k7023ierBrsLFupLdsNAXHLe6lW/6WDf12gefKDGd1X1QF2szCy
oA0pDAa2kViIMZMDIKaL44r1R8fs0NrNysRQ3e0p7WA=
                        </ds:X509Certificate>
                    </ds:X509Data>
            </ds:KeyInfo>
 
        </KeyDescriptor>
        <KeyDescriptor use="encryption">
            <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
MIIDHTCCAgWgAwIBAgIVAN3/uRyxTuHkc9Y8dsobGoMbMTzgMA0GCSqGSIb3DQEB
CwUAMBoxGDAWBgNVBAMMD2Nhcy5leGFtcGxlLm9yZzAeFw0yMjA4MTEwNjExMDZa
Fw00MjA4MTEwNjExMDZaMBoxGDAWBgNVBAMMD2Nhcy5leGFtcGxlLm9yZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUh6JvzzvWVoBQU7vBrpOBIcI6v
nGwGEea7E7TrsF22I1SuDTnNTN06obrsp26E0CQBdHCWFKpSxtX4oD8WdkifV/dr
IoyPj4Er43OAeub6cU4yjx4ZPJwfyuKDk/rCS9XnM3BcnqbfnjE7WfW6+BAxI8Fl
v0U1ZnY9LsJ1kDkFVzC/HjDm5DKhYVh01HAPeRwozLQKfIpkU8yOpixV/3mf8pKG
umRaIz2+/1hOs7EkMKde0C21jWKDzqndcGoY482hv9d9LTQ7V1W2fqtYb7gY6j3k
DjKAGn3vK/8Jtutss6ARLwOW9GQg4oK1lpyRxXpRTqaT5ewgumA3+IGpLtECAwEA
AaNaMFgwHQYDVR0OBBYEFGO2wHN0abH64oyQaxecQSWwWSeRMDcGA1UdEQQwMC6C
D2Nhcy5leGFtcGxlLm9yZ4YbY2FzLmV4YW1wbGUub3JnaWRwL21ldGFkYXRhMA0G
CSqGSIb3DQEBCwUAA4IBAQBhKKJ4OXskeLh6NiTB9J2uA+Gj5kG/JwMENj/IAZ1w
CFBZsIMaZX6sB5cNa7zSgzvj/r8HagXQaAPr2bAbEEGT+PYY5fHrDS6/YaoQSG3L
HoQV3jI/GUROyqOYlJZrt6yR90rqH6+D9jrdIf3hfBDfm8HNAUGYTzvlS0XrDczr
JVNyoub4p1GSck0hMZm9toge61RGJUDjqEQSvIpygR/BlCJxKZbAeWPjWhBSNbin
1gy4j1wbAakyalxortgd4I5T6bOhaugGmqyGHkddcVVFdYnj+Dud8QcJDGaklrZu
TIOtTW5x48Pd3vH9rawV/52RGI0VFe/zGmV7czWV1T8b
                        </ds:X509Certificate>
                    </ds:X509Data>
            </ds:KeyInfo>
 
        </KeyDescriptor>
 
        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://cas.example.org:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cas.example.org:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
 
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cas.example.org/idp/profile/SAML2/Redirect/SLO"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cas.example.org/idp/profile/SAML2/POST/SLO"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://cas.example.org/idp/profile/SAML2/POST-SimpleSign/SLO"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cas.example.org:8443/idp/profile/SAML2/SOAP/SLO"/>
 
        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 
        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://cas.example.org/idp/profile/Shibboleth/SSO"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cas.example.org/idp/profile/SAML2/POST/SSO"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://cas.example.org/idp/profile/SAML2/POST-SimpleSign/SSO"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cas.example.org/idp/profile/SAML2/Redirect/SSO"/>
 
    </IDPSSODescriptor>
 
 
    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
 
        <Extensions>
            <shibmd:Scope regexp="false">example.org</shibmd:Scope>
        </Extensions>
 
        <KeyDescriptor use="signing">
            <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
MIIDHDCCAgSgAwIBAgIUGpyOKIYGeSajZkElQ1SbRDScfwkwDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPY2FzLmV4YW1wbGUub3JnMB4XDTIyMDgxMTA2MTEwNVoX
DTQyMDgxMTA2MTEwNVowGjEYMBYGA1UEAwwPY2FzLmV4YW1wbGUub3JnMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0T2g3z8hvu8BBwkzn2WVPqHfmWX
6nyuRitmZ6aobGCz2lHiJia1qH7iS++0iUgFYgSIeCfJ0pwzw4nZqTJ/gzP3zaA2
Sdfn5Viku+LOeRTOaQby0RcT01KWsEGPLpGpwc7Zu/94fiLF0RMLjr3j1SFUNyXC
xc6/Q1GrEduNWpEdIzuSyxAVKabW0KWQZouauhr37Gw0mlWRxAn1i3JzsN4aNF+i
RazyHGeoXUvewF8e20XEak7MphYwWxXSf2mA55NDwsFiwNbLP9Xw4OZz8cFIESjy
Is0/FMo+9RcvegTyVqMNMzP55ilkq08uHp8aLCRqdzNHoeQCYSUVL8n90wIDAQAB
o1owWDAdBgNVHQ4EFgQUKJzV+WTf1yyLej0kvM8GLY8zXXEwNwYDVR0RBDAwLoIP
Y2FzLmV4YW1wbGUub3JnhhtjYXMuZXhhbXBsZS5vcmdpZHAvbWV0YWRhdGEwDQYJ
KoZIhvcNAQELBQADggEBAJNJ8qVEROlXea/0iiRCywKJiY1Nv46omiCf/VpAW798
576kYF3KaAPok65pe7bXuzNwzwufxMgXXleGhJZZPmVmIgBbuutTB6Uqg6dFhbza
gq1Hwn0joaES6pj8chpp7LyDSu9f3h2IKjHyTMD0P2BOGTgZkhmosugn2MIbYfoW
4TwHst3bcRbYJE/cBU3p/aN1VlNTPhNvpxqQFSEgGLGnksCB/2hXSF2R5fjRwYeJ
KN36MHcIojQw8k7023ierBrsLFupLdsNAXHLe6lW/6WDf12gefKDGd1X1QF2szCy
oA0pDAa2kViIMZMDIKaL44r1R8fs0NrNysRQ3e0p7WA=
                        </ds:X509Certificate>
                    </ds:X509Data>
            </ds:KeyInfo>
 
        </KeyDescriptor>
        <KeyDescriptor use="encryption">
            <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
MIIDHTCCAgWgAwIBAgIVAN3/uRyxTuHkc9Y8dsobGoMbMTzgMA0GCSqGSIb3DQEB
CwUAMBoxGDAWBgNVBAMMD2Nhcy5leGFtcGxlLm9yZzAeFw0yMjA4MTEwNjExMDZa
Fw00MjA4MTEwNjExMDZaMBoxGDAWBgNVBAMMD2Nhcy5leGFtcGxlLm9yZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUh6JvzzvWVoBQU7vBrpOBIcI6v
nGwGEea7E7TrsF22I1SuDTnNTN06obrsp26E0CQBdHCWFKpSxtX4oD8WdkifV/dr
IoyPj4Er43OAeub6cU4yjx4ZPJwfyuKDk/rCS9XnM3BcnqbfnjE7WfW6+BAxI8Fl
v0U1ZnY9LsJ1kDkFVzC/HjDm5DKhYVh01HAPeRwozLQKfIpkU8yOpixV/3mf8pKG
umRaIz2+/1hOs7EkMKde0C21jWKDzqndcGoY482hv9d9LTQ7V1W2fqtYb7gY6j3k
DjKAGn3vK/8Jtutss6ARLwOW9GQg4oK1lpyRxXpRTqaT5ewgumA3+IGpLtECAwEA
AaNaMFgwHQYDVR0OBBYEFGO2wHN0abH64oyQaxecQSWwWSeRMDcGA1UdEQQwMC6C
D2Nhcy5leGFtcGxlLm9yZ4YbY2FzLmV4YW1wbGUub3JnaWRwL21ldGFkYXRhMA0G
CSqGSIb3DQEBCwUAA4IBAQBhKKJ4OXskeLh6NiTB9J2uA+Gj5kG/JwMENj/IAZ1w
CFBZsIMaZX6sB5cNa7zSgzvj/r8HagXQaAPr2bAbEEGT+PYY5fHrDS6/YaoQSG3L
HoQV3jI/GUROyqOYlJZrt6yR90rqH6+D9jrdIf3hfBDfm8HNAUGYTzvlS0XrDczr
JVNyoub4p1GSck0hMZm9toge61RGJUDjqEQSvIpygR/BlCJxKZbAeWPjWhBSNbin
1gy4j1wbAakyalxortgd4I5T6bOhaugGmqyGHkddcVVFdYnj+Dud8QcJDGaklrZu
TIOtTW5x48Pd3vH9rawV/52RGI0VFe/zGmV7czWV1T8b
                        </ds:X509Certificate>
                    </ds:X509Data>
            </ds:KeyInfo>
 
        </KeyDescriptor>
 
        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://cas.example.org:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
        <!-- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cas.example.org:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> -->
        <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
 
    </AttributeAuthorityDescriptor>
 
</EntityDescriptor>