<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div><div><div>Hi,</div><div><br></div><div>This is the metadata file which give a feedback that everything is ok, but nothing is read:</div><div><br></div><div><div>&lt;?xml version="1.0" encoding="UTF-8"?&gt;</div><div>&lt;EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_17f4835f-df3b-41eb-bf98-4321cdab2bf6" entityID="http://bla.com/trust"&gt;</div><div>&nbsp; &nbsp;&lt;ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;ds:SignedInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;ds:Reference URI="#_17f4835f-df3b-41eb-bf98-4321cdab2bf6"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;ds:Transforms&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/ds:Transforms&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;ds:DigestValue&gt;mErB5PiBx2+KMZYu8prJSZxSy6o4FeJc/OZUuckhie0=&lt;/ds:DigestValue&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/ds:Reference&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/ds:SignedInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;ds:SignatureValue&gt;iUfHqj48oYZA+sy+mogIJG3ooSl4l/XBE1NCnnSYzqxHgftNXqLBMcgldnIIiDwwGXyKAHN5d7aFk3FbURwQ1/1V4LlaUrh8Ppm82/DXTJDLrLyyj1zk/5FBsSRW8gW3roB0+LCAE+xzr4qKWiCtVroIPwTP1wyGwdpfiF+RUd9EnRdPmRDb3hYV3/77tXBfsbDv0bz5EPzbAmsXaufndjpnuDluz5kddJyjdjX/77MCpTdBR2oLWx6/lxH2ZGEJf/MtyMB58TnmPLFQ5sHW9S2KkO3ODGbpy1+rw5/sYe5TFYYWGhIu7+uHGuhl94k4x/i1N1ch9Zs02Ou1V6CmOg==&lt;/ds:SignatureValue&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;X509Certificate&gt;MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiLA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVdZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vMj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpWMKg9O964HofAorO5KZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY9ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=&lt;/X509Certificate&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/KeyInfo&gt;</div><div>&nbsp; &nbsp;&lt;/ds:Signature&gt;</div><div>&nbsp; &nbsp;&lt;RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="bla.com"&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;KeyDescriptor use="encryption"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;X509Certificate&gt;MIIC7DCCAdSgAwIBAgIQdtaCBGq5JZlHSOqPMWkKjjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDI2WhcNMTYwMTIzMjIwNDI2WjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmSpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKq1rfU0BsBW8cEPxpla6sWZhEA7AvTPFiNUJ8B1Ih3O01A6dq7mGycTHdxG+m3ZIUcCmihExjxrGRT4pd9f78uJCCHxm+gBfq8gHgA2gml/jtxeRRc4h8cl3qgBdTdpyEN6dFLbGYRgNo1JIDSJzSrNbmNggoKpzuWLMBjJ2AHfnG6hAzJWtvM2phf88WbWoxYAQmm1Fq3Usy6WgYFg+Iz1Z4XEgAB35bG4nmqROU4U3djmR4DxZup4zbKi422t32tFy8MU/VEshiREKB22BcxNHTXi1YHXNtCQixMcOvK21w/Ha1o8AypZ9yBBj3cfwTJ9NLO4Xf9+Mf9FeA6BgZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKJHmw9MjdjXYf9q4Szo76xDfZC1jV+MXPizPEKzujjF5V90u6WWWbmR4ye9zT6nuMfFP7fNbm46A9yhuUiqeXpLQP80rC7d5XJeEhIhogLRH6xJXKOF5XVbN0RGi7ARTHsEzjyuZWs2N2ibPU55gLTlGTr/aW7jbs5UWEXG2ymM4SmiAUQbG8bRXNI6bQYe7Db2XEZ4H2D8TUMcHn0LtTF+dhpQTOep9Yf8/6Qdci/6FptSfi4nNPPKzvGfBu9uVaeCl/aGI3LA8QYIPbdIfUoJge5ym04j9sUVW7fkyWY8WkmQPZHntjeTYkBH4nLUH/OkLCa1KC6a3K67cp3j6AE=&lt;/X509Certificate&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/KeyInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/KeyDescriptor&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:ClaimTypesRequested&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;E-Mail Address&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The e-mail address of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Given Name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The given name of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The unique name of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;UPN&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The user principal name (UPN) of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Common Name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The common name of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;AD FS 1.x E-Mail Address&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Group&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;A group that the user is a member of&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;AD FS 1.x UPN&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Role&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;A role that the user has&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Surname&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The surname of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;PPID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The private identifier of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Name ID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The SAML name identifier of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Authentication time stamp&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;Used to display the time and date that the user was authenticated&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Authentication method&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The method used to authenticate the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Deny only group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The deny-only group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Deny only primary SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The deny-only primary SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Deny only primary group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The deny-only primary group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Primary group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The primary group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Primary SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The primary SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Windows account name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The domain account name of the user in the form of &amp;lt;domain&amp;gt;\&amp;lt;user&amp;gt;&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:ClaimTypesRequested&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:TargetScopes&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/ls/&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;http://bla.com/adfs/services/trust&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:TargetScopes&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:ApplicationServiceEndpoint&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:ApplicationServiceEndpoint&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:PassiveRequestorEndpoint&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/ls/&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:PassiveRequestorEndpoint&gt;</div><div>&nbsp; &nbsp;&lt;/RoleDescriptor&gt;</div><div>&nbsp; &nbsp;&lt;RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="bla.com"&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;KeyDescriptor use="signing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;X509Certificate&gt;MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVdZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vLj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpWMKg9O964HofAorO5VZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY6ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=&lt;/X509Certificate&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/KeyInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/KeyDescriptor&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:TokenTypesOffered&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:TokenTypesOffered&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:ClaimTypesOffered&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;E-Mail Address&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The e-mail address of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Given Name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The given name of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The unique name of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;UPN&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The user principal name (UPN) of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Common Name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The common name of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;AD FS 1.x E-Mail Address&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Group&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;A group that the user is a member of&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;AD FS 1.x UPN&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Role&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;A role that the user has&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Surname&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The surname of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;PPID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The private identifier of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Name ID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The SAML name identifier of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Authentication time stamp&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;Used to display the time and date that the user was authenticated&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Authentication method&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The method used to authenticate the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Deny only group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The deny-only group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Deny only primary SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The deny-only primary SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Deny only primary group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The deny-only primary group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Primary group SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The primary group SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Primary SID&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The primary SID of the user&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:DisplayName&gt;Windows account name&lt;/auth:DisplayName&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;auth:Description&gt;The domain account name of the user in the form of &amp;lt;domain&amp;gt;\&amp;lt;user&amp;gt;&lt;/auth:Description&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/auth:ClaimType&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:ClaimTypesOffered&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:SecurityTokenServiceEndpoint&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/services/trust/2005/certificatemixed&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Metadata&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;wsx:MetadataReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address xmlns="http://www.w3.org/2005/08/addressing"&gt;https://bla.com/adfs/services/trust/mex&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/wsx:MetadataReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/wsx:MetadataSection&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/Metadata&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/Metadata&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:SecurityTokenServiceEndpoint&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;fed:PassiveRequestorEndpoint&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;EndpointReference xmlns="http://www.w3.org/2005/08/addressing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;Address&gt;https://bla.com/adfs/ls/&lt;/Address&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/EndpointReference&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/fed:PassiveRequestorEndpoint&gt;</div><div>&nbsp; &nbsp;&lt;/RoleDescriptor&gt;</div><div>&nbsp; &nbsp;&lt;SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;KeyDescriptor use="encryption"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;X509Certificate&gt;MIIC7DCCAdSgAwIBAgIQdtaCBGq5JZlHSOqPMWkKjjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDI2WhcNMTYwMTIzMjIwNDI2WjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKq1rfU0BsBW8cEPxpla6sWZhEA7AvTPFiNUJ8B1Ii3O01A6dq7mGycTHdxG+m3ZIUcCmihExjxrGRT4pd9f78uJCCHxm+gBfq8gHgA2gml/jtxeRRc4h8cl3qgBdTdpyEN6dFLbGYRgNo1JIDSJzSrNbmNggoKpzuWLMBjJ2AHfnG6hAzJWtvM2phf88WbWoxYAQmm1Fq3Usy6WgYFg+Iz1Z4XEgAB35bG4nmqROU4U3djmR4DxZup4zbKi422t32tFy8MU/VEshiREKB22BcxNHTXi1YHXNtCQixMcOvK21w/Ha1o8AypZ8yBBj3cfwTJ9NLO4Xf9+Mf9FeA6BgZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKJHmw9MjdjXYf9q4Szo76xDfZC1jV+MXPizPEKzujjF5V90u6WWWbmR4ye9zT6nuMfFP7fNbm46A9yhuUiqeXpLQP80rC7d5XJeEhIhogLRH6xJXKOF5XVbN0RGi7ARTHsFzjyuZWs2N2ibPU55gLTlGTr/aW7jbs5UWEXG2ymM4SmiAUQbG8bRXNI6bQYe7Db2XEZ4H2D8TUMcHn0LtTF+dhpQTOep9Yf8/6Qdci/6FptSfi4nNPPKzvGfBu9uVaeCl/aGI3LA8QYIPbdIfUoJge5ym04j9sUVW7fkyWY8WkmQPZHntjeTYkBH4nLUH/OkLCa1KC6a3K67cp3j6AE=&lt;/X509Certificate&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/KeyInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/KeyDescriptor&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;KeyDescriptor use="signing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;X509Certificate&gt;MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuYXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVdZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vMj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpVMKg9O964HofAorO5VZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY9ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=&lt;/X509Certificate&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/KeyInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/KeyDescriptor&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;NameIDFormat&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/NameIDFormat&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;NameIDFormat&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/NameIDFormat&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;NameIDFormat&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/NameIDFormat&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" index="0" isDefault="true" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://bla.com/adfs/ls/" index="1" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" index="2" /&gt;</div><div>&nbsp; &nbsp;&lt;/SPSSODescriptor&gt;</div><div>&nbsp; &nbsp;&lt;IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;KeyDescriptor use="encryption"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;X509Certificate&gt;MIIC7DCCAdSgAwIBAgIQdtaCBGq5JZlHSOqPMWkKjjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDI2WhcNMTYwMTIzMjIwNDI2WjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLlRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKq1rfU0BsBW8cEPxpla6sWZhEA7AvTPFiNUJ8B1Ih3O01A6dq7mGycTHdxG+m3ZIUcCmihExjxrGRT4pd9f78uJCCHxm+gBfq8gHgA2gml/jtxeRRc4h8cl3qgBdTdpyEN6dFLbGYRgNo1JIDSJzSrNbmNggoKpzuWLMBjJ2AHfnG6hAzJWtvM2phf88WbWoxYAQmm1Fq3Usy6WgYFg+Iz1Z4XEgAB35bG4nmqROU4U3djmR4DxZup4zbKi422t32tFy8MU/VEshiREKB22BcxNHTXi1YHXNtCQixMcOvK21w/Ha1o8AypZ8yBBj3cfwTJ9NLO4Xf9+Mf9FeA6BgZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKJHmw9MjdjXYf9q4Szo76xDfZC1jV+MXPizPEKzujjF5V90u6WWWbmR4ye9zT6nuMfFP7fNbm46A9yhuUiqeXpLQP80rC7d5XJeEhIhogLRH6xJXKOF5XVbN0RGi7ARTHsEzjyuZWs2N2ibPU55gLTlGTr/aW7jbs5UWEXG2ymM4SmiAUQbG8bRXNI6bQYe7Db2XEZ4H2D8TUMcHn0LtTF+dhpQTOep9Yf8/6Qdci/6FptSfi4nNPPKzvGfBu9uVaeCl/aGI3LA8QYIPbdIfUoJge5ym04j9sUVW7fkyWY8WkmQPZHntjeTYkBH4nLUH/OkLCa1KC6a3K67cp3j6AE=&lt;/X509Certificate&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/KeyInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/KeyDescriptor&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;KeyDescriptor use="signing"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;X509Certificate&gt;MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVeZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vMj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpWMKg9O964HofAorO5VZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY9ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=&lt;/X509Certificate&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/X509Data&gt;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;/KeyInfo&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;/KeyDescriptor&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;NameIDFormat&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/NameIDFormat&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;NameIDFormat&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/NameIDFormat&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;NameIDFormat&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/NameIDFormat&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID" /&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name" /&gt;</div><div>&nbsp; &nbsp;&lt;/IDPSSODescriptor&gt;</div><div>&lt;/EntityDescriptor&gt;</div></div><div><br></div><div><p class="MsoNormal" style="font-size: 11pt; margin: 0cm 0cm 0.0001pt;"><span lang="NL">Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très cordialement,<o:p></o:p></span></p><p class="MsoNormal" style="font-size: 11pt; margin: 0cm 0cm 0.0001pt;"><br></p><p class="MsoNormal" style="font-size: 11pt; margin: 0cm 0cm 0.0001pt;">Henk Laracker<o:p></o:p></p><p class="MsoNormal" style="font-size: 11pt; margin: 0cm 0cm 0.0001pt;"><br></p></div></div></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Raghu Prabhala &lt;<a href="mailto:prabhalar@yahoo.com">prabhalar@yahoo.com</a>&gt;<br><span style="font-weight:bold">Reply-To: </span> Raghu Prabhala &lt;<a href="mailto:prabhalar@yahoo.com">prabhalar@yahoo.com</a>&gt;<br><span style="font-weight:bold">Date: </span> Monday 8 June 2015 23:31<br><span style="font-weight:bold">To: </span> Henk Laracker &lt;<a href="mailto:henk.laracker@planonsoftware.com">henk.laracker@planonsoftware.com</a>&gt;, "<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>" &lt;<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt;<br><span style="font-weight:bold">Subject: </span> Re: [keycloak-user] Import External IDP Config<br></div><div><br></div><div><div><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:13px"><div id="yiv4992452225"><div id="yui_3_16_0_1_1433798812245_2885" style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 13px; background-color: rgb(255, 255, 255);">Even I had similar issue earlier. Cleaning the browser cache and&nbsp;importing the config files&nbsp;addressed it&nbsp;You can give it a try.<br clear="none">&nbsp; </div><div id="yiv4992452225yui_3_16_0_1_1433764368442_13345" style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 13px; background-color: rgb(255, 255, 255);"> <div id="yiv4992452225yui_3_16_0_1_1433764368442_13344" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div class="qtdSeparateBR"><br><br></div><div class="yiv4992452225yqt6056342166" id="yiv4992452225yqt19094"><div id="yiv4992452225yui_3_16_0_1_1433764368442_13343" dir="ltr"> <hr size="1" id="yiv4992452225yui_3_16_0_1_1433764368442_13368">  <font id="yiv4992452225yui_3_16_0_1_1433764368442_13367" face="Arial" size="2"> <b><span style="font-weight: bold;">From:</span></b> Henk Laracker &lt;<a href="mailto:Henk.Laracker@planonsoftware.com">Henk.Laracker@planonsoftware.com</a>&gt;<br clear="none"> <b><span style="font-weight: bold;">To:</span></b> "<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>" &lt;<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt; <br clear="none"> <b><span style="font-weight: bold;">Sent:</span></b> Monday, June 8, 2015 9:51 AM<br clear="none"> <b><span style="font-weight: bold;">Subject:</span></b> [keycloak-user] Import External IDP Config<br clear="none"> </font> </div> <div class="yiv4992452225y_msg_container" id="yiv4992452225yui_3_16_0_1_1433764368442_13387"><br clear="none"><div id="yiv4992452225"><div id="yui_3_16_0_1_1433798812245_2881"><div id="yui_3_16_0_1_1433798812245_2880">Hi,</div><div id="yui_3_16_0_1_1433798812245_2908"><br clear="none"></div><div id="yui_3_16_0_1_1433798812245_2909">From two different customers I received a idp config xml file. Both files I can import without a error, but nothing is filled in the fields. From security reasons I can not send the files. What is input you need to solve this problem? Is it possible to change the log level of the keycloak server. We are running it on openshift (private)&nbsp;</div><div><br clear="none"></div><div id="yui_3_16_0_1_1433798812245_2912"><div class="yiv4992452225MsoNormal" id="yui_3_16_0_1_1433798812245_2911" style="margin: 0cm 0cm 0pt; font-size: 11pt;"><span id="yui_3_16_0_1_1433798812245_2910" lang="NL">Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très cordialement,</span></div><div class="yiv4992452225MsoNormal" id="yui_3_16_0_1_1433798812245_2913" style="margin: 0cm 0cm 0pt; font-size: 11pt;"><br clear="none"></div><div class="yiv4992452225MsoNormal" id="yui_3_16_0_1_1433798812245_2914" style="margin: 0cm 0cm 0pt; font-size: 11pt;">Henk Laracker</div><div class="yiv4992452225MsoNormal" id="yui_3_16_0_1_1433798812245_2915" style="margin: 0cm 0cm 0pt; font-size: 11pt;"><br clear="none"></div></div></div></div><br clear="none">_______________________________________________<br clear="none">keycloak-user mailing list<br clear="none"><a id="yui_3_16_0_1_1433798812245_2916" href="mailto:keycloak-user@lists.jboss.org" target="_blank" rel="nofollow" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none"><a id="yui_3_16_0_1_1433798812245_2917" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank" rel="nofollow" shape="rect">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br clear="none"><br clear="none"></div></div> </div> </div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 13px; background-color: rgb(255, 255, 255);">  </div></div></div></div></div></span></body></html>