From fd01235df8c84dbe106a0bf464e14ff190d58a66 Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubomir.bucek@eox.at>
Date: Wed, 14 Oct 2020 12:52:11 +0200
Subject: [PATCH] test change to esa sso
---
.../shibboleth-conf/idp-metadata-esa-test.xml | 116 ++++++++++++++++++
...metadata.xml => idp-metadata_samltest.xml} | 0
shibauth/shibboleth-conf/shibboleth2.xml | 4 +-
3 files changed, 118 insertions(+), 2 deletions(-)
create mode 100644 shibauth/shibboleth-conf/idp-metadata-esa-test.xml
rename shibauth/shibboleth-conf/{idp-metadata.xml => idp-metadata_samltest.xml} (100%)
diff --git a/shibauth/shibboleth-conf/idp-metadata-esa-test.xml b/shibauth/shibboleth-conf/idp-metadata-esa-test.xml
new file mode 100644
index 00000000..647078b2
--- /dev/null
+++ b/shibauth/shibboleth-conf/idp-metadata-esa-test.xml
@@ -0,0 +1,116 @@
+<EntityDescriptor entityID="https://umssoidp.cdsv3.eu:443/shibboleth" validUntil="2030-01-01T00:00:00Z"
+ xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">esa.int</shibmd:Scope>
+ </Extensions>
+
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIEQjCCAyqgAwIBAgIJAJw83mLahxpQMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNV
+BAYTAklUMQ4wDAYDVQQIEwVMYXppbzENMAsGA1UEBxMEUm9tZTEZMBcGA1UEChMQ
+Q0RTVjMgQ29uc29ydGl1bTEOMAwGA1UECxMFU3BhY2UxGjAYBgNVBAMTEXVtc3Nv
+aWRwLmNkc3YzLmV1MB4XDTE1MDQwMjE2Mzg1M1oXDTI1MDMzMDE2Mzg1M1owczEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAgTBUxhemlvMQ0wCwYDVQQHEwRSb21lMRkwFwYD
+VQQKExBDRFNWMyBDb25zb3J0aXVtMQ4wDAYDVQQLEwVTcGFjZTEaMBgGA1UEAxMR
+dW1zc29pZHAuY2RzdjMuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCrDTGZEQj7uMw347TnyMac0HnkLY046e/4V+boJBuQsP7Moxh6xHH2qcdS2UbW
+xtSBOUuS/aAz92udzY8wBrKUUvvWKEnyh3v84+kfNYugBp4ZpW7pJbfUh9KjUvWh
+G3LtZfyuRaCdyYF6TKh0K+96IRSpwe5wFXqRev7a6+8fDcTL73cFFBLjDaMFelIz
+szskhsGalXAq5WP20aDog0eiEbf8oTa5NDPY1UZDnwDmF0lNDm4lsYGAv59h+8kU
+ODGmmGVo5zrz7ujcU1sChc9iy9GlGEzekFAoEj6y9fbieyE4Wz6QW4nLeO1YZtjz
+kvOi6yp2raNQSI4hwVEWNDK/AgMBAAGjgdgwgdUwHQYDVR0OBBYEFKXpmub0bNGS
+gtwbyAUqu2kD1e8WMIGlBgNVHSMEgZ0wgZqAFKXpmub0bNGSgtwbyAUqu2kD1e8W
+oXekdTBzMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFTGF6aW8xDTALBgNVBAcTBFJv
+bWUxGTAXBgNVBAoTEENEU1YzIENvbnNvcnRpdW0xDjAMBgNVBAsTBVNwYWNlMRow
+GAYDVQQDExF1bXNzb2lkcC5jZHN2My5ldYIJAJw83mLahxpQMAwGA1UdEwQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADggEBAGMnf0UOmtKB2VF/TsjG1Lz7fJ48sySGC9R6
+TLy3lbUplogZsIBdt/cc+DP6O6l2z16hDb9B0X9QjJjO1qvM4oQPjlm8dZGCnyFV
+EsstRM9EgOdnFIh16+q6x+u6c2XhnnLDdRsjsP7p53dT+iShgjI448voZDE3DLcs
+b2eQu+iN5rmNfvg6DdaP/+2cvkoMvKL5dF+YRk5KNLn2vHi3Fti6uIpWAfgiICHr
+dadCFX5qVlnadZP9Av35lM4VaDz+5eOFvjl1G+7+yEyaoi/m6gjrgrOI4Mqc1zcu
+DhMOi9NqX4P9LSI1seXUf0feKA5wB+ei7MgqSSpooJc2PEnFyRg=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+
+ <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+ Location="https://umssoidp.cdsv3.eu:8110/idp/profile/SAML1/SOAP/ArtifactResolution"
+ index="1"/>
+
+ <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://umssoidp.cdsv3.eu:8110/idp/profile/SAML2/SOAP/ArtifactResolution"
+ index="2"/>
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+ Location="https://umssoidp.cdsv3.eu:443/idp/profile/Shibboleth/SSO" />
+
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://umssoidp.cdsv3.eu:443/idp/profile/SAML2/Redirect/SSO" />
+
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://umssoidp.cdsv3.eu:443/idp/profile/SAML2/Redirect/SLO"
+ ResponseLocation="https://umssoidp.cdsv3.eu:443/idp/profile/SAML2/Redirect/SLO"/>
+ </IDPSSODescriptor>
+
+ <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">esa.int</shibmd:Scope>
+ </Extensions>
+
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIEQjCCAyqgAwIBAgIJAJw83mLahxpQMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNV
+BAYTAklUMQ4wDAYDVQQIEwVMYXppbzENMAsGA1UEBxMEUm9tZTEZMBcGA1UEChMQ
+Q0RTVjMgQ29uc29ydGl1bTEOMAwGA1UECxMFU3BhY2UxGjAYBgNVBAMTEXVtc3Nv
+aWRwLmNkc3YzLmV1MB4XDTE1MDQwMjE2Mzg1M1oXDTI1MDMzMDE2Mzg1M1owczEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAgTBUxhemlvMQ0wCwYDVQQHEwRSb21lMRkwFwYD
+VQQKExBDRFNWMyBDb25zb3J0aXVtMQ4wDAYDVQQLEwVTcGFjZTEaMBgGA1UEAxMR
+dW1zc29pZHAuY2RzdjMuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCrDTGZEQj7uMw347TnyMac0HnkLY046e/4V+boJBuQsP7Moxh6xHH2qcdS2UbW
+xtSBOUuS/aAz92udzY8wBrKUUvvWKEnyh3v84+kfNYugBp4ZpW7pJbfUh9KjUvWh
+G3LtZfyuRaCdyYF6TKh0K+96IRSpwe5wFXqRev7a6+8fDcTL73cFFBLjDaMFelIz
+szskhsGalXAq5WP20aDog0eiEbf8oTa5NDPY1UZDnwDmF0lNDm4lsYGAv59h+8kU
+ODGmmGVo5zrz7ujcU1sChc9iy9GlGEzekFAoEj6y9fbieyE4Wz6QW4nLeO1YZtjz
+kvOi6yp2raNQSI4hwVEWNDK/AgMBAAGjgdgwgdUwHQYDVR0OBBYEFKXpmub0bNGS
+gtwbyAUqu2kD1e8WMIGlBgNVHSMEgZ0wgZqAFKXpmub0bNGSgtwbyAUqu2kD1e8W
+oXekdTBzMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFTGF6aW8xDTALBgNVBAcTBFJv
+bWUxGTAXBgNVBAoTEENEU1YzIENvbnNvcnRpdW0xDjAMBgNVBAsTBVNwYWNlMRow
+GAYDVQQDExF1bXNzb2lkcC5jZHN2My5ldYIJAJw83mLahxpQMAwGA1UdEwQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADggEBAGMnf0UOmtKB2VF/TsjG1Lz7fJ48sySGC9R6
+TLy3lbUplogZsIBdt/cc+DP6O6l2z16hDb9B0X9QjJjO1qvM4oQPjlm8dZGCnyFV
+EsstRM9EgOdnFIh16+q6x+u6c2XhnnLDdRsjsP7p53dT+iShgjI448voZDE3DLcs
+b2eQu+iN5rmNfvg6DdaP/+2cvkoMvKL5dF+YRk5KNLn2vHi3Fti6uIpWAfgiICHr
+dadCFX5qVlnadZP9Av35lM4VaDz+5eOFvjl1G+7+yEyaoi/m6gjrgrOI4Mqc1zcu
+DhMOi9NqX4P9LSI1seXUf0feKA5wB+ei7MgqSSpooJc2PEnFyRg=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+
+ <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+ Location="https://umssoidp.cdsv3.eu:8110/idp/profile/SAML1/SOAP/AttributeQuery" />
+
+ <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://umssoidp.cdsv3.eu:8110/idp/profile/SAML2/SOAP/AttributeQuery" />
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+
+ </AttributeAuthorityDescriptor>
+
+</EntityDescriptor>
diff --git a/shibauth/shibboleth-conf/idp-metadata.xml b/shibauth/shibboleth-conf/idp-metadata_samltest.xml
similarity index 100%
rename from shibauth/shibboleth-conf/idp-metadata.xml
rename to shibauth/shibboleth-conf/idp-metadata_samltest.xml
diff --git a/shibauth/shibboleth-conf/shibboleth2.xml b/shibauth/shibboleth-conf/shibboleth2.xml
index 568b8f4d..424920c7 100755
--- a/shibauth/shibboleth-conf/shibboleth2.xml
+++ b/shibauth/shibboleth-conf/shibboleth2.xml
@@ -8,7 +8,7 @@
REMOTE_USER="eppn uid persistent-id targeted-id">
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="true" cookieProps="https">
- <SSO entityID="https://samltest.id/saml/idp">
+ <SSO entityID="https://umssoidp.cdsv3.eu:443/shibboleth">
SAML2
</SSO>
<Logout>SAML2 Local</Logout>
@@ -19,7 +19,7 @@
</Sessions>
<Errors supportContact="admin@eox.at"
helpLocation="/about.html"/>
- <MetadataProvider type="XML" validate="false" path="idp-metadata.xml"/>
+ <MetadataProvider type="XML" validate="false" path="idp-metadata-esa-test.xml"/>
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
--
GitLab