Author: anil.saldhana(a)jboss.com Date: 2011-01-31 11:55:42 -0500 (Mon, 31 Jan 2011) New Revision: 683 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java Log: additional metadata parsing Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-01-31 16:16:32 UTC (rev 682) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-01-31 16:55:42 UTC (rev 683) @@ -29,6 +29,7 @@ import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.parsers.AbstractParser; import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; +import org.picketlink.identity.federation.core.parsers.saml.metadata.SAMLEntitiesDescriptorParser; import org.picketlink.identity.federation.core.parsers.saml.metadata.SAMLEntityDescriptorParser; import org.picketlink.identity.federation.core.parsers.saml.xacml.SAMLXACMLRequestParser; import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; @@ -111,6 +112,11 @@ SAMLEntityDescriptorParser entityDescriptorParser = new SAMLEntityDescriptorParser(); return entityDescriptorParser.parse( xmlEventReader ); } + else if( JBossSAMLConstants.ENTITIES_DESCRIPTOR.get().equals( localPart )) + { + SAMLEntitiesDescriptorParser entityDescriptorParser = new SAMLEntitiesDescriptorParser(); + return entityDescriptorParser.parse( xmlEventReader ); + } else if( JBossSAMLURIConstants.ASSERTION_NSURI.get().equals(nsURI) ) { SAMLAssertionParser assertionParser = new SAMLAssertionParser(); Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java 2011-01-31 16:55:42 UTC (rev 683) @@ -0,0 +1,85 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.parsers.saml.metadata; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.events.EndElement; +import javax.xml.stream.events.StartElement; +import javax.xml.stream.events.XMLEvent; + +import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; +import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType; + +/** + * Parse the SAML Entities Descriptor + * @author Anil.Saldhana(a)redhat.com + * @since Jan 31, 2011 + */ +public class SAMLEntitiesDescriptorParser implements ParserNamespaceSupport +{ + private String EDT = JBossSAMLConstants.ENTITIES_DESCRIPTOR.get(); + + public Object parse( XMLEventReader xmlEventReader ) throws ParsingException + { + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, EDT ); + + EntitiesDescriptorType entitiesDescriptorType = new EntitiesDescriptorType(); + + //Get the Child Elements + while( xmlEventReader.hasNext() ) + { + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); + if( xmlEvent instanceof EndElement ) + { + StaxParserUtil.validate( (EndElement)xmlEvent , EDT ); + StaxParserUtil.getNextEndElement(xmlEventReader); + break; + } + startElement = (StartElement) xmlEvent; + String localPart = startElement.getName().getLocalPart(); + + if( JBossSAMLConstants.ENTITY_DESCRIPTOR.get().equals( localPart )) + { + SAMLEntityDescriptorParser entityParser = new SAMLEntityDescriptorParser(); + entitiesDescriptorType.addEntityDescriptor( entityParser.parse(xmlEventReader)); + } + else + throw new RuntimeException( "Unknown " + localPart ); + } + return entitiesDescriptorType; + } + + public boolean supports( QName qname ) + { + String nsURI = qname.getNamespaceURI(); + String localPart = qname.getLocalPart(); + + return nsURI.equals( JBossSAMLURIConstants.ASSERTION_NSURI.get() ) + && localPart.equals( EDT ); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-01-31 16:16:32 UTC (rev 682) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-01-31 16:55:42 UTC (rev 683) @@ -46,6 +46,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IndexedEndpointType; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyTypes; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.LocalizedNameType; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.LocalizedURIType; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.OrganizationType; @@ -173,6 +174,16 @@ idpSSODescriptor.addArtifactResolutionService(endpoint); } + else if( JBossSAMLConstants.ASSERTION_ID_REQUEST_SERVICE.get().equals( localPart )) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + EndpointType endpoint = getEndpointType(startElement); + + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate( endElement, JBossSAMLConstants.ASSERTION_ID_REQUEST_SERVICE.get() ); + + idpSSODescriptor.addAssertionIDRequestService( endpoint ); + } else if( JBossSAMLConstants.SINGLE_LOGOUT_SERVICE.get().equals( localPart )) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); @@ -193,6 +204,26 @@ idpSSODescriptor.addSingleSignOnService( endpoint ); } + else if( JBossSAMLConstants.MANAGE_NAMEID_SERVICE.get().equals( localPart )) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + EndpointType endpoint = getEndpointType(startElement); + + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate( endElement, JBossSAMLConstants.MANAGE_NAMEID_SERVICE.get() ); + + idpSSODescriptor.addManageNameIDService( endpoint ); + } + else if( JBossSAMLConstants.NAMEID_MAPPING_SERVICE.get().equals( localPart )) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + EndpointType endpoint = getEndpointType(startElement); + + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate( endElement, JBossSAMLConstants.NAMEID_MAPPING_SERVICE.get() ); + + idpSSODescriptor.addNameIDMappingService( endpoint ); + } else if (JBossSAMLConstants.NAMEID_FORMAT.get().equalsIgnoreCase( localPart )) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); @@ -203,7 +234,16 @@ AttributeType attribute = SAMLParserUtil.parseAttribute(xmlEventReader); idpSSODescriptor.addAttribute(attribute); } - else + else if (JBossSAMLConstants.KEY_DESCRIPTOR.get().equalsIgnoreCase( localPart )) + { + KeyDescriptorType keyDescriptor = new KeyDescriptorType(); + String use = StaxParserUtil.getAttributeValue(startElement, "use" ); + keyDescriptor.setUse( KeyTypes.fromValue(use) ); + + Element key = StaxParserUtil.getDOMElement(xmlEventReader); + keyDescriptor.setKeyInfo(key); + } + else throw new RuntimeException( "Unknown " + localPart ); } return idpSSODescriptor; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-01-31 16:16:32 UTC (rev 682) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-01-31 16:55:42 UTC (rev 683) @@ -33,6 +33,7 @@ ARTIFACT_RESOLUTION_SERVICE( "ArtifactResolutionService" ), ASSERTION( "Assertion" ), ASSERTION_CONSUMER_SERVICE_URL( "AssertionConsumerServiceURL" ), + ASSERTION_ID_REQUEST_SERVICE( "AssertionIDRequestService" ), ATTRIBUTE( "Attribute" ), ATTRIBUTE_AUTHORITY_DESCRIPTOR( "AttributeAuthorityDescriptor" ), ATTRIBUTE_SERVICE( "AttributeService" ), @@ -56,6 +57,7 @@ ENCRYPTED_ASSERTION( "EncryptedAssertion" ), ENTITY_ID( "entityID" ), ENTITY_DESCRIPTOR( "EntityDescriptor" ), + ENTITIES_DESCRIPTOR( "EntitiesDescriptor" ), FORMAT( "Format" ), FRIENDLY_NAME( "FriendlyName" ), ID( "ID" ), @@ -73,12 +75,14 @@ LOCATION( "Location" ), LOGOUT_REQUEST( "LogoutRequest" ), LOGOUT_RESPONSE( "LogoutResponse" ), + MANAGE_NAMEID_SERVICE( "ManageNameIDService" ), METADATA_MIME("application/samlmetadata+xml"), METHOD( "Method" ), NAME( "Name" ), NAME_FORMAT( "NameFormat" ), NAMEID( "NameID" ), NAMEID_FORMAT( "NameIDFormat" ), + NAMEID_MAPPING_SERVICE( "NameIDMappingService" ), NAMEID_POLICY( "NameIDPolicy" ), NAME_QUALIFIER( "NameQualifier" ), NOT_BEFORE( "NotBefore" ), Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-01-31 16:55:42 UTC (rev 683) @@ -0,0 +1,54 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.saml.v2.metadata; + +import static org.junit.Assert.assertNotNull; + +import java.io.InputStream; + +import junit.framework.Assert; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType; + +/** + * Unit test the SAML metadata parsing + * @author Anil.Saldhana(a)redhat.com + * @since Jan 31, 2011 + */ +public class SAMLMetadataParsingUnitTestCase +{ + @Test + public void testEntitiesDescriptor() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = + tcl.getResourceAsStream("saml2/metadata/seam-entities.xml"); + assertNotNull("Inputstream not null", is); + + SAMLParser parser = new SAMLParser(); + EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is); + Assert.assertNotNull(entities); + Assert.assertEquals( 2, entities.getEntityDescriptor().size() ); + } +} \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/seam-entities.xml 2011-01-31 16:55:42 UTC (rev 683) @@ -0,0 +1,154 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xs... + <EntityDescriptor entityID="http://localhost:8888/opensso"> + <IDPSSODescriptor WantAuthnRequestsSigned="false" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate> + MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh + bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w + ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw + CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK + BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B + AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+ + RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY + Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U + QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA + cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC + /FfwWigmrW0Y0Q==</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <ArtifactResolutionService index="0" + isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="http://localhost:8888/opensso/ArtifactResolver/metaAlias/idp" /> + <SingleLogoutService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="http://localhost:8888/opensso/IDPSloRedirect/metaAlias/idp" + ResponseLocation="http://localhost:8888/opensso/IDPSloRedirect/metaAlias/idp" /> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="http://localhost:8888/opensso/IDPSloPOST/metaAlias/idp" + ResponseLocation="http://localhost:8888/opensso/IDPSloPOST/metaAlias/idp" /> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="http://localhost:8888/opensso/IDPSloSoap/metaAlias/idp" /> + <ManageNameIDService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="http://localhost:8888/opensso/IDPMniRedirect/metaAlias/idp" + ResponseLocation="http://localhost:8888/opensso/IDPMniRedirect/metaAlias/idp" /> + <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="http://localhost:8888/opensso/IDPMniPOST/metaAlias/idp" + ResponseLocation="http://localhost:8888/opensso/IDPMniPOST/metaAlias/idp" /> + <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="http://localhost:8888/opensso/IDPMniSoap/metaAlias/idp" /> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> + <NameIDFormat> + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat> + <NameIDFormat> + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat> + <SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="http://localhost:8888/opensso/SSORedirect/metaAlias/idp" /> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="http://localhost:8888/opensso/SSOPOST/metaAlias/idp" /> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="http://localhost:8888/opensso/SSOSoap/metaAlias/idp" /> + <NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="http://localhost:8888/opensso/NIMSoap/metaAlias/idp" /> + <AssertionIDRequestService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="http://localhost:8888/opensso/AIDReqSoap/IDPRole/metaAlias/idp" /> + <AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" + Location="http://localhost:8888/opensso/AIDReqUri/IDPRole/metaAlias/idp" /> + </IDPSSODescriptor> + </EntityDescriptor> + <EntityDescriptor entityID="http://idp.ssocircle.com" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + <IDPSSODescriptor WantAuthnRequestsSigned="false" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate> + MIIB8TCCAVqgAwIBAgIFAIxwZnIwDQYJKoZIhvcNAQEEBQAwLjELMAkGA1UEBhMCREUxEjAQBgNV + BAoTCVNTT0NpcmNsZTELMAkGA1UEAxMCQ0EwHhcNMDkwMjIyMTUwNDI0WhcNMTEwNTIyMTUwNDI0 + WjBLMQswCQYDVQQGEwJERTESMBAGA1UEChMJU1NPQ2lyY2xlMQwwCgYDVQQLEwNpZHAxGjAYBgNV + BAMTEWlkcC5zc29jaXJjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbzDRkudC/ + aC2gMqRVVaLdPJJEwpFB4o71fR5bnNd2ocnnNzJ/W9CoCargzKx+EJ4Nm3vWmX/IZRCFvrvy9C78 + fP1cmt6Sa091K9luaMAyWn7oC8h/YBXH7rB42tdvWLY4Kl9VJy6UCclvasyrfKx+SR4KU6zCsM62 + 2Kvp5wW67QIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAGyaydfJHDkm77C39gq9bBb7OqK8OXEUTbIM + p8PDJZzIf9QkpkE7gHGcWctRKi7fNdONulc5kn2K2nbvCGrbWsWQvr/DA0bjkBrK8OeWpRhLe7fl + +JUgsErMcDIzRTmjNpZzUZp+WESRHV1j3SIcfY4tJM2uMt4Sc/afVnl5P6wL</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + + </KeyDescriptor> + <KeyDescriptor use="encryption"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate> + MIIB8TCCAVqgAwIBAgIFAIxwZnIwDQYJKoZIhvcNAQEEBQAwLjELMAkGA1UEBhMCREUxEjAQBgNV + BAoTCVNTT0NpcmNsZTELMAkGA1UEAxMCQ0EwHhcNMDkwMjIyMTUwNDI0WhcNMTEwNTIyMTUwNDI0 + WjBLMQswCQYDVQQGEwJERTESMBAGA1UEChMJU1NPQ2lyY2xlMQwwCgYDVQQLEwNpZHAxGjAYBgNV + BAMTEWlkcC5zc29jaXJjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbzDRkudC/ + aC2gMqRVVaLdPJJEwpFB4o71fR5bnNd2ocnnNzJ/W9CoCargzKx+EJ4Nm3vWmX/IZRCFvrvy9C78 + fP1cmt6Sa091K9luaMAyWn7oC8h/YBXH7rB42tdvWLY4Kl9VJy6UCclvasyrfKx+SR4KU6zCsM62 + 2Kvp5wW67QIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAGyaydfJHDkm77C39gq9bBb7OqK8OXEUTbIM + p8PDJZzIf9QkpkE7gHGcWctRKi7fNdONulc5kn2K2nbvCGrbWsWQvr/DA0bjkBrK8OeWpRhLe7fl + +JUgsErMcDIzRTmjNpZzUZp+WESRHV1j3SIcfY4tJM2uMt4Sc/afVnl5P6wL</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"> + + <xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">128</xenc:... + </EncryptionMethod> + </KeyDescriptor> + <ArtifactResolutionService index="0" + isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.ssocircle.com:443/sso/ArtifactResolver/metaAlias/ssocircle" /> + <SingleLogoutService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/ssocircle" + ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/ssocircle" /> + <!-- + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/ssocircle" + ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/ssocircle" /> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.ssocircle.com:443/sso/IDPSloSoap/metaAlias/ssocircle" /> + --> + <ManageNameIDService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/ssocircle" + ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/ssocircle" /> + <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://idp.ssocircle.com:443/sso/IDPMniPOSTmetaAlias/ssocircle" + ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniPOST/metaAlias/ssocircle" /> + + <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.ssocircle.com:443/sso/IDPMniSoap/metaAlias/ssocircle" /> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> + <SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/ssocircle" /> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://idp.ssocircle.com:443/sso/SSOPOST/metaAlias/ssocircle" /> + + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.ssocircle.com:443/sso/SSOSoap/metaAlias/ssocircle" /> + <NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.ssocircle.com:443/sso/NIMSoap/metaAlias/ssocircle" /> + </IDPSSODescriptor> + </EntityDescriptor> + +</EntitiesDescriptor> \ No newline at end of file