saml2 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/lib/saml2/attribute.rb +1 -4
  3. data/lib/saml2/attribute_consuming_service.rb +2 -2
  4. data/lib/saml2/base.rb +5 -4
  5. data/lib/saml2/endpoint.rb +1 -2
  6. data/lib/saml2/entity.rb +61 -14
  7. data/lib/saml2/identity_provider.rb +14 -8
  8. data/lib/saml2/indexed_object.rb +6 -1
  9. data/lib/saml2/key.rb +8 -0
  10. data/lib/saml2/organization_and_contacts.rb +9 -5
  11. data/lib/saml2/role.rb +10 -6
  12. data/lib/saml2/schemas.rb +4 -0
  13. data/lib/saml2/service_provider.rb +0 -8
  14. data/lib/saml2/sso.rb +9 -5
  15. data/lib/saml2/version.rb +1 -1
  16. data/schemas/MetadataExchange.xsd +112 -0
  17. data/schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd +195 -0
  18. data/schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd +108 -0
  19. data/schemas/ws-addr.xsd +137 -0
  20. data/schemas/ws-authorization.xsd +145 -0
  21. data/schemas/ws-federation.xsd +471 -0
  22. data/schemas/ws-securitypolicy-1.2.xsd +1205 -0
  23. data/spec/fixtures/FederationMetadata.xml +670 -0
  24. data/spec/fixtures/identity_provider.xml +45 -0
  25. data/spec/lib/entity_spec.rb +4 -0
  26. data/spec/lib/identity_provider_spec.rb +14 -0
  27. data/spec/lib/service_provider_spec.rb +1 -1
  28. metadata +18 -7
data/spec/fixtures/FederationMetadata.xml ADDED
@@ -0,0 +1,670 @@
1
+ <EntityDescriptor ID="_b28f9ce7-238f-4607-8218-6e162d33a010"
2
+ entityID="http://adfs.school.edu/adfs/services/trust"
3
+ xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
4
+ <RoleDescriptor xsi:type="fed:ApplicationServiceType"
5
+ protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706"
6
+ ServiceDisplayName="adfs.school.edu"
7
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
8
+ xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
9
+ <KeyDescriptor use="encryption">
10
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
11
+ <X509Data>
12
+ <X509Certificate>
13
+ MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
14
+ VQQGEwJVUzENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
15
+ GTAXBgNVBAoTEEluc3RydWN0dXJlLCBJbmMxEzARBgNVBAsTCk9wZXJhdGlvbnMx
16
+ IDAeBgNVBAMTF0NhbnZhcyBTQU1MIENlcnRpZmljYXRlMSIwIAYJKoZIhvcNAQkB
17
+ FhNvcHNAaW5zdHJ1Y3R1cmUuY29tMB4XDTEzMDQyMjE3NDQ0M1oXDTE1MDQyMjE3
18
+ NDQ0M1owgasxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5T
19
+ YWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5zdHJ1Y3R1cmUsIEluYzETMBEGA1UE
20
+ CxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2FudmFzIFNBTUwgQ2VydGlmaWNhdGUx
21
+ IjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVjdHVyZS5jb20wggEiMA0GCSqGSIb3
22
+ DQEBAQUAA4IBDwAwggEKAoIBAQDHRYRp/slsoqD7iPFo+8UFjqd+LgSQ062x09CG
23
+ m5uW9smY/x2ig8hxfd05Dtk42wrA9frRh6QiEhtoy8qL/4g/LOmYq5USDdzLXsPF
24
+ /nqTVPkTOhGcuSpfJbxucRsMfGL6IvrGqLNxpyfroyV1dv9/fim+d6bs7js5k1i5
25
+ EkKksgVlnnpUpOx5pswWVcZICeIJwTMe1C0KHcpUMycZxMHueJ+Y7tWHtWW+R75T
26
+ QWdWjL+TevEL57B3cW19+9Sud2Y63DcwP6V0aDrwArxQwmp73uUb5ol6gSSvD+Ol
27
+ CIsf6S/5gqMdgqxJJsWqzBOTeDsVr8m2Dx3VX7Plho7pk06FAgMBAAGjggEUMIIB
28
+ EDAdBgNVHQ4EFgQUQy1zIfZP/NZKPYLGugNSjjBnTYgwgeAGA1UdIwSB2DCB1YAU
29
+ Qy1zIfZP/NZKPYLGugNSjjBnTYihgbGkga4wgasxCzAJBgNVBAYTAlVTMQ0wCwYD
30
+ VQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5z
31
+ dHJ1Y3R1cmUsIEluYzETMBEGA1UECxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2Fu
32
+ dmFzIFNBTUwgQ2VydGlmaWNhdGUxIjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVj
33
+ dHVyZS5jb22CCQCE7rMTjetHCjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
34
+ A4IBAQC1dgkv3cT4KRMR42mIKgJRp4Jf7swUrtoAFOdOr1R6fjI/9bFNSVNgauiQ
35
+ flN6q8QA5B2sbDihiSqAylm9F34hpI3C3PvzSWzuIk+Z2FPHcA05CZtwrUWj1M0c
36
+ eBXxXragtR7ZYtIbEb0srzBfwoFYvWnLU7tM8t6wM6+1rxvOuQFVCCSXyptsGoBl
37
+ D9qyzAbyYDgJZYpbTjaA9bqhpkn/9CLN3JhNHLyBVr03fp3hQqNwZ2do9bFZBnW0
38
+ c5Dx9pbKTvC3TAUb2cwUD69yTYS1oq7//yIC2ha2ouzkV/VpB1fcF5YEj2pc6uaj
39
+ lOTDX4Eg7OBEkTzU8cX04b15bJfE
40
+ </X509Certificate>
41
+ </X509Data>
42
+ </KeyInfo>
43
+ </KeyDescriptor>
44
+ <fed:ClaimTypesRequested>
45
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/wcPersonPrimaryAffiliation"
46
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
47
+ <auth:DisplayName>wcPersonPrimaryAffiliation</auth:DisplayName>
48
+ </auth:ClaimType>
49
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"
50
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
51
+ <auth:DisplayName>E-Mail Address</auth:DisplayName>
52
+ <auth:Description>The e-mail address of the user</auth:Description>
53
+ </auth:ClaimType>
54
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"
55
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
56
+ <auth:DisplayName>Given Name</auth:DisplayName>
57
+ <auth:Description>The given name of the user</auth:Description>
58
+ </auth:ClaimType>
59
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"
60
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
61
+ <auth:DisplayName>Name</auth:DisplayName>
62
+ <auth:Description>The unique name of the user</auth:Description>
63
+ </auth:ClaimType>
64
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"
65
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
66
+ <auth:DisplayName>UPN</auth:DisplayName>
67
+ <auth:Description>The user principal name (UPN) of the user</auth:Description>
68
+ </auth:ClaimType>
69
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"
70
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
71
+ <auth:DisplayName>Common Name</auth:DisplayName>
72
+ <auth:Description>The common name of the user</auth:Description>
73
+ </auth:ClaimType>
74
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"
75
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
76
+ <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
77
+ <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0
78
+ </auth:Description>
79
+ </auth:ClaimType>
80
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"
81
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
82
+ <auth:DisplayName>Group</auth:DisplayName>
83
+ <auth:Description>A group that the user is a member of</auth:Description>
84
+ </auth:ClaimType>
85
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"
86
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
87
+ <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
88
+ <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
89
+ </auth:ClaimType>
90
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"
91
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
92
+ <auth:DisplayName>Role</auth:DisplayName>
93
+ <auth:Description>A role that the user has</auth:Description>
94
+ </auth:ClaimType>
95
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"
96
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
97
+ <auth:DisplayName>Surname</auth:DisplayName>
98
+ <auth:Description>The surname of the user</auth:Description>
99
+ </auth:ClaimType>
100
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"
101
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
102
+ <auth:DisplayName>PPID</auth:DisplayName>
103
+ <auth:Description>The private identifier of the user</auth:Description>
104
+ </auth:ClaimType>
105
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"
106
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
107
+ <auth:DisplayName>Name ID</auth:DisplayName>
108
+ <auth:Description>The SAML name identifier of the user</auth:Description>
109
+ </auth:ClaimType>
110
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"
111
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
112
+ <auth:DisplayName>Authentication time stamp</auth:DisplayName>
113
+ <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
114
+ </auth:ClaimType>
115
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"
116
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
117
+ <auth:DisplayName>Authentication method</auth:DisplayName>
118
+ <auth:Description>The method used to authenticate the user</auth:Description>
119
+ </auth:ClaimType>
120
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"
121
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
122
+ <auth:DisplayName>Deny only group SID</auth:DisplayName>
123
+ <auth:Description>The deny-only group SID of the user</auth:Description>
124
+ </auth:ClaimType>
125
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"
126
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
127
+ <auth:DisplayName>Deny only primary SID</auth:DisplayName>
128
+ <auth:Description>The deny-only primary SID of the user</auth:Description>
129
+ </auth:ClaimType>
130
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid"
131
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
132
+ <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
133
+ <auth:Description>The deny-only primary group SID of the user</auth:Description>
134
+ </auth:ClaimType>
135
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"
136
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
137
+ <auth:DisplayName>Group SID</auth:DisplayName>
138
+ <auth:Description>The group SID of the user</auth:Description>
139
+ </auth:ClaimType>
140
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"
141
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
142
+ <auth:DisplayName>Primary group SID</auth:DisplayName>
143
+ <auth:Description>The primary group SID of the user</auth:Description>
144
+ </auth:ClaimType>
145
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"
146
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
147
+ <auth:DisplayName>Primary SID</auth:DisplayName>
148
+ <auth:Description>The primary SID of the user</auth:Description>
149
+ </auth:ClaimType>
150
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"
151
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
152
+ <auth:DisplayName>Windows account name</auth:DisplayName>
153
+ <auth:Description>The domain account name of the user in the form of
154
+ &lt;domain&gt;\&lt;user&gt;</auth:Description>
155
+ </auth:ClaimType>
156
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/WCpersonID" Optional="true"
157
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
158
+ <auth:DisplayName>WCPersonID</auth:DisplayName>
159
+ </auth:ClaimType>
160
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ipPhone" Optional="true"
161
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
162
+ <auth:DisplayName>EmailTest</auth:DisplayName>
163
+ </auth:ClaimType>
164
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Department" Optional="true"
165
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
166
+ <auth:DisplayName>Department</auth:DisplayName>
167
+ </auth:ClaimType>
168
+ </fed:ClaimTypesRequested>
169
+ <fed:TargetScopes>
170
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
171
+ <Address>https://adfs.school.edu/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256
172
+ </Address>
173
+ </EndpointReference>
174
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
175
+ <Address>https://adfs.school.edu/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256
176
+ </Address>
177
+ </EndpointReference>
178
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
179
+ <Address>https://adfs.school.edu/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256
180
+ </Address>
181
+ </EndpointReference>
182
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
183
+ <Address>https://adfs.school.edu/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256
184
+ </Address>
185
+ </EndpointReference>
186
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
187
+ <Address>https://adfs.school.edu/adfs/ls/</Address>
188
+ </EndpointReference>
189
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
190
+ <Address>http://adfs.school.edu/adfs/services/trust</Address>
191
+ </EndpointReference>
192
+ </fed:TargetScopes>
193
+ <fed:ApplicationServiceEndpoint>
194
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
195
+ <Address>https://adfs.school.edu/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256
196
+ </Address>
197
+ </EndpointReference>
198
+ </fed:ApplicationServiceEndpoint>
199
+ <fed:PassiveRequestorEndpoint>
200
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
201
+ <Address>https://adfs.school.edu/adfs/ls/</Address>
202
+ </EndpointReference>
203
+ </fed:PassiveRequestorEndpoint>
204
+ </RoleDescriptor>
205
+ <RoleDescriptor xsi:type="fed:SecurityTokenServiceType"
206
+ protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706"
207
+ ServiceDisplayName="adfs.school.edu"
208
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
209
+ xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
210
+ <KeyDescriptor use="signing">
211
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
212
+ <X509Data>
213
+ <X509Certificate>
214
+ MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
215
+ VQQGEwJVUzENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
216
+ GTAXBgNVBAoTEEluc3RydWN0dXJlLCBJbmMxEzARBgNVBAsTCk9wZXJhdGlvbnMx
217
+ IDAeBgNVBAMTF0NhbnZhcyBTQU1MIENlcnRpZmljYXRlMSIwIAYJKoZIhvcNAQkB
218
+ FhNvcHNAaW5zdHJ1Y3R1cmUuY29tMB4XDTEzMDQyMjE3NDQ0M1oXDTE1MDQyMjE3
219
+ NDQ0M1owgasxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5T
220
+ YWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5zdHJ1Y3R1cmUsIEluYzETMBEGA1UE
221
+ CxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2FudmFzIFNBTUwgQ2VydGlmaWNhdGUx
222
+ IjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVjdHVyZS5jb20wggEiMA0GCSqGSIb3
223
+ DQEBAQUAA4IBDwAwggEKAoIBAQDHRYRp/slsoqD7iPFo+8UFjqd+LgSQ062x09CG
224
+ m5uW9smY/x2ig8hxfd05Dtk42wrA9frRh6QiEhtoy8qL/4g/LOmYq5USDdzLXsPF
225
+ /nqTVPkTOhGcuSpfJbxucRsMfGL6IvrGqLNxpyfroyV1dv9/fim+d6bs7js5k1i5
226
+ EkKksgVlnnpUpOx5pswWVcZICeIJwTMe1C0KHcpUMycZxMHueJ+Y7tWHtWW+R75T
227
+ QWdWjL+TevEL57B3cW19+9Sud2Y63DcwP6V0aDrwArxQwmp73uUb5ol6gSSvD+Ol
228
+ CIsf6S/5gqMdgqxJJsWqzBOTeDsVr8m2Dx3VX7Plho7pk06FAgMBAAGjggEUMIIB
229
+ EDAdBgNVHQ4EFgQUQy1zIfZP/NZKPYLGugNSjjBnTYgwgeAGA1UdIwSB2DCB1YAU
230
+ Qy1zIfZP/NZKPYLGugNSjjBnTYihgbGkga4wgasxCzAJBgNVBAYTAlVTMQ0wCwYD
231
+ VQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5z
232
+ dHJ1Y3R1cmUsIEluYzETMBEGA1UECxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2Fu
233
+ dmFzIFNBTUwgQ2VydGlmaWNhdGUxIjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVj
234
+ dHVyZS5jb22CCQCE7rMTjetHCjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
235
+ A4IBAQC1dgkv3cT4KRMR42mIKgJRp4Jf7swUrtoAFOdOr1R6fjI/9bFNSVNgauiQ
236
+ flN6q8QA5B2sbDihiSqAylm9F34hpI3C3PvzSWzuIk+Z2FPHcA05CZtwrUWj1M0c
237
+ eBXxXragtR7ZYtIbEb0srzBfwoFYvWnLU7tM8t6wM6+1rxvOuQFVCCSXyptsGoBl
238
+ D9qyzAbyYDgJZYpbTjaA9bqhpkn/9CLN3JhNHLyBVr03fp3hQqNwZ2do9bFZBnW0
239
+ c5Dx9pbKTvC3TAUb2cwUD69yTYS1oq7//yIC2ha2ouzkV/VpB1fcF5YEj2pc6uaj
240
+ lOTDX4Eg7OBEkTzU8cX04b15bJfE
241
+ </X509Certificate>
242
+ </X509Data>
243
+ </KeyInfo>
244
+ </KeyDescriptor>
245
+ <KeyDescriptor use="signing">
246
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
247
+ <X509Data>
248
+ <X509Certificate>
249
+ MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
250
+ VQQGEwJVUzENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
251
+ GTAXBgNVBAoTEEluc3RydWN0dXJlLCBJbmMxEzARBgNVBAsTCk9wZXJhdGlvbnMx
252
+ IDAeBgNVBAMTF0NhbnZhcyBTQU1MIENlcnRpZmljYXRlMSIwIAYJKoZIhvcNAQkB
253
+ FhNvcHNAaW5zdHJ1Y3R1cmUuY29tMB4XDTEzMDQyMjE3NDQ0M1oXDTE1MDQyMjE3
254
+ NDQ0M1owgasxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5T
255
+ YWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5zdHJ1Y3R1cmUsIEluYzETMBEGA1UE
256
+ CxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2FudmFzIFNBTUwgQ2VydGlmaWNhdGUx
257
+ IjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVjdHVyZS5jb20wggEiMA0GCSqGSIb3
258
+ DQEBAQUAA4IBDwAwggEKAoIBAQDHRYRp/slsoqD7iPFo+8UFjqd+LgSQ062x09CG
259
+ m5uW9smY/x2ig8hxfd05Dtk42wrA9frRh6QiEhtoy8qL/4g/LOmYq5USDdzLXsPF
260
+ /nqTVPkTOhGcuSpfJbxucRsMfGL6IvrGqLNxpyfroyV1dv9/fim+d6bs7js5k1i5
261
+ EkKksgVlnnpUpOx5pswWVcZICeIJwTMe1C0KHcpUMycZxMHueJ+Y7tWHtWW+R75T
262
+ QWdWjL+TevEL57B3cW19+9Sud2Y63DcwP6V0aDrwArxQwmp73uUb5ol6gSSvD+Ol
263
+ CIsf6S/5gqMdgqxJJsWqzBOTeDsVr8m2Dx3VX7Plho7pk06FAgMBAAGjggEUMIIB
264
+ EDAdBgNVHQ4EFgQUQy1zIfZP/NZKPYLGugNSjjBnTYgwgeAGA1UdIwSB2DCB1YAU
265
+ Qy1zIfZP/NZKPYLGugNSjjBnTYihgbGkga4wgasxCzAJBgNVBAYTAlVTMQ0wCwYD
266
+ VQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5z
267
+ dHJ1Y3R1cmUsIEluYzETMBEGA1UECxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2Fu
268
+ dmFzIFNBTUwgQ2VydGlmaWNhdGUxIjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVj
269
+ dHVyZS5jb22CCQCE7rMTjetHCjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
270
+ A4IBAQC1dgkv3cT4KRMR42mIKgJRp4Jf7swUrtoAFOdOr1R6fjI/9bFNSVNgauiQ
271
+ flN6q8QA5B2sbDihiSqAylm9F34hpI3C3PvzSWzuIk+Z2FPHcA05CZtwrUWj1M0c
272
+ eBXxXragtR7ZYtIbEb0srzBfwoFYvWnLU7tM8t6wM6+1rxvOuQFVCCSXyptsGoBl
273
+ D9qyzAbyYDgJZYpbTjaA9bqhpkn/9CLN3JhNHLyBVr03fp3hQqNwZ2do9bFZBnW0
274
+ c5Dx9pbKTvC3TAUb2cwUD69yTYS1oq7//yIC2ha2ouzkV/VpB1fcF5YEj2pc6uaj
275
+ lOTDX4Eg7OBEkTzU8cX04b15bJfE
276
+ </X509Certificate>
277
+ </X509Data>
278
+ </KeyInfo>
279
+ </KeyDescriptor>
280
+ <fed:TokenTypesOffered>
281
+ <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/>
282
+ <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/>
283
+ </fed:TokenTypesOffered>
284
+ <fed:ClaimTypesOffered>
285
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/wcPersonPrimaryAffiliation"
286
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
287
+ <auth:DisplayName>wcPersonPrimaryAffiliation</auth:DisplayName>
288
+ </auth:ClaimType>
289
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true"
290
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
291
+ <auth:DisplayName>E-Mail Address</auth:DisplayName>
292
+ <auth:Description>The e-mail address of the user</auth:Description>
293
+ </auth:ClaimType>
294
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true"
295
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
296
+ <auth:DisplayName>Given Name</auth:DisplayName>
297
+ <auth:Description>The given name of the user</auth:Description>
298
+ </auth:ClaimType>
299
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"
300
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
301
+ <auth:DisplayName>Name</auth:DisplayName>
302
+ <auth:Description>The unique name of the user</auth:Description>
303
+ </auth:ClaimType>
304
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"
305
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
306
+ <auth:DisplayName>UPN</auth:DisplayName>
307
+ <auth:Description>The user principal name (UPN) of the user</auth:Description>
308
+ </auth:ClaimType>
309
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"
310
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
311
+ <auth:DisplayName>Common Name</auth:DisplayName>
312
+ <auth:Description>The common name of the user</auth:Description>
313
+ </auth:ClaimType>
314
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"
315
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
316
+ <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
317
+ <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0
318
+ </auth:Description>
319
+ </auth:ClaimType>
320
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"
321
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
322
+ <auth:DisplayName>Group</auth:DisplayName>
323
+ <auth:Description>A group that the user is a member of</auth:Description>
324
+ </auth:ClaimType>
325
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"
326
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
327
+ <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
328
+ <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
329
+ </auth:ClaimType>
330
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"
331
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
332
+ <auth:DisplayName>Role</auth:DisplayName>
333
+ <auth:Description>A role that the user has</auth:Description>
334
+ </auth:ClaimType>
335
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true"
336
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
337
+ <auth:DisplayName>Surname</auth:DisplayName>
338
+ <auth:Description>The surname of the user</auth:Description>
339
+ </auth:ClaimType>
340
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"
341
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
342
+ <auth:DisplayName>PPID</auth:DisplayName>
343
+ <auth:Description>The private identifier of the user</auth:Description>
344
+ </auth:ClaimType>
345
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true"
346
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
347
+ <auth:DisplayName>Name ID</auth:DisplayName>
348
+ <auth:Description>The SAML name identifier of the user</auth:Description>
349
+ </auth:ClaimType>
350
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"
351
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
352
+ <auth:DisplayName>Authentication time stamp</auth:DisplayName>
353
+ <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
354
+ </auth:ClaimType>
355
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true"
356
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
357
+ <auth:DisplayName>Authentication method</auth:DisplayName>
358
+ <auth:Description>The method used to authenticate the user</auth:Description>
359
+ </auth:ClaimType>
360
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true"
361
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
362
+ <auth:DisplayName>Deny only group SID</auth:DisplayName>
363
+ <auth:Description>The deny-only group SID of the user</auth:Description>
364
+ </auth:ClaimType>
365
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true"
366
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
367
+ <auth:DisplayName>Deny only primary SID</auth:DisplayName>
368
+ <auth:Description>The deny-only primary SID of the user</auth:Description>
369
+ </auth:ClaimType>
370
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid"
371
+ Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
372
+ <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
373
+ <auth:Description>The deny-only primary group SID of the user</auth:Description>
374
+ </auth:ClaimType>
375
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true"
376
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
377
+ <auth:DisplayName>Group SID</auth:DisplayName>
378
+ <auth:Description>The group SID of the user</auth:Description>
379
+ </auth:ClaimType>
380
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true"
381
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
382
+ <auth:DisplayName>Primary group SID</auth:DisplayName>
383
+ <auth:Description>The primary group SID of the user</auth:Description>
384
+ </auth:ClaimType>
385
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true"
386
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
387
+ <auth:DisplayName>Primary SID</auth:DisplayName>
388
+ <auth:Description>The primary SID of the user</auth:Description>
389
+ </auth:ClaimType>
390
+ <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true"
391
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
392
+ <auth:DisplayName>Windows account name</auth:DisplayName>
393
+ <auth:Description>The domain account name of the user in the form of
394
+ &lt;domain&gt;\&lt;user&gt;</auth:Description>
395
+ </auth:ClaimType>
396
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/WCpersonID" Optional="true"
397
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
398
+ <auth:DisplayName>WCPersonID</auth:DisplayName>
399
+ </auth:ClaimType>
400
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ipPhone" Optional="true"
401
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
402
+ <auth:DisplayName>EmailTest</auth:DisplayName>
403
+ </auth:ClaimType>
404
+ <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Department" Optional="true"
405
+ xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
406
+ <auth:DisplayName>Department</auth:DisplayName>
407
+ </auth:ClaimType>
408
+ </fed:ClaimTypesOffered>
409
+ <fed:SecurityTokenServiceEndpoint>
410
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
411
+ <Address>https://adfs.school.edu/adfs/services/trust/2005/certificatemixed</Address>
412
+ <Metadata>
413
+ <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
414
+ xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
415
+ <wsx:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns="">
416
+ <wsx:MetadataReference>
417
+ <Address xmlns="http://www.w3.org/2005/08/addressing">
418
+ https://adfs.school.edu/adfs/services/trust/mex
419
+ </Address>
420
+ </wsx:MetadataReference>
421
+ </wsx:MetadataSection>
422
+ </Metadata>
423
+ </Metadata>
424
+ </EndpointReference>
425
+ </fed:SecurityTokenServiceEndpoint>
426
+ <fed:PassiveRequestorEndpoint>
427
+ <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
428
+ <Address>https://adfs.school.edu/adfs/ls/</Address>
429
+ </EndpointReference>
430
+ </fed:PassiveRequestorEndpoint>
431
+ </RoleDescriptor>
432
+ <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
433
+ <KeyDescriptor use="encryption">
434
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
435
+ <X509Data>
436
+ <X509Certificate>
437
+ MIIIPjCCByagAwIBAgIQSuydx3B5u+D+4zuB0vuvNjANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTE2MDMxMDAwMDAwMFoXDTE4MDMxMDIzNTk1OVowggFKMRQwEgYDVQQFEws1NTA3ODctMDE0MDETMBEGCysGAQQBgjc8AgEDEwJVUzETMBEGCysGAQQBgjc8AgECEwJVVDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwU4NDEwNTELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR0wGwYDVQQJExQxODQwIFNvdXRoIDEzMDAgRWFzdDEcMBoGA1UEChMTV2VzdG1pbnN0ZXIgQ29sbGVnZTEdMBsGA1UECxMUSW5mb3JtYXRpb24gU2VydmljZXMxIzAhBgNVBAsTGkNPTU9ETyBFViBNdWx0aS1Eb21haW4gU1NMMSUwIwYDVQQDExxhZGZzMy53ZXN0bWluc3RlcmNvbGxlZ2UuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jANmgB/7PqaKs4gkIBf0gFFHmWl2P86vuMaPZDssgNBX8Z28Rhnop3G8+vCAyFwZz3Yri8fCqMy6MsLrQVlpNgllbmIyOCKVU/VKLsfLWoKNNK0JZCNTh39bTIilPN2iHG1lDIRTnmFMxh755myobtwYYfzkceQAkCMp8m1XBwO5J5+w+KjrBELzjcEhgCqQ56IpA8tznxfASQWsAL9M9HJOFEhwNLH3gAVFqeokLFgZBPEwynSGvANf5sda3Z76xd3IX0BmZJsLHL7Kc2L2y2sjaZEALetVBkeVVbdtbP/Y8JV8FkNFWYbiN40+U8+YPzkleExW6K1/jimcb7BQwIDAQABo4ID0zCCA88wHwYDVR0jBBgwFoAUOdr/yigUiqh0Ewi55A6p0vp+nWkwHQYDVR0OBBYEFA4/WFc3Go58R8dL0Z8doRcMHcrFMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEFATArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYcGCCsGAQUFBwEBBHsweTBRBggrBgEFBQcwAoZFaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wgaMGA1UdEQSBmzCBmIIcYWRmczMud2VzdG1pbnN0ZXJjb2xsZWdlLmVkdYIdYWRmcy5hLndlc3RtaW5zdGVyY29sbGVnZS5lZHWCG2FkZnMud2VzdG1pbnN0ZXJjb2xsZWdlLmVkdYIeYWRmczMuYS53ZXN0bWluc3RlcmNvbGxlZ2UuZWR1ghxzc28uYS53ZXN0bWluc3RlcmNvbGxlZ2UuZWR1MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVNhk9/wAAAEAwBGMEQCIGDdhbeIAZ2lQUgDVBHCZ8chDaM3O2ElmQi3yjZXDaFFAiBsTJnGxKvhqEhV/P4l7KL0vsyrXp+zU3hCD+vzRb/yLwB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABU2GT3ZcAAAQDAEcwRQIgeNG71Z2GlVHCA7n1+L1NzGK01FmGU143+p4TmXIzWqICIQCHOWR1qKmTRo2DazpWwniqALk29dcRsXtRkZ72PXsbjAB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABU2GT3/kAAAQDAEgwRgIhAJQfhmwItTCW/YtLRrvzxmw0dXDU5IyPuEiyP2YS/GH3AiEAqUpxMhBvQpoGz0mLcfjT4Gqz+DRd+uFK+STcb1H6FWYwDQYJKoZIhvcNAQELBQADggEBADVzQQaPU5zDKQfp7n6tJm0QLhxFYg+Po+JVEOJDWsVEore0BRSBsFhpKagk5LnuskvdplzIffgNZkyZsEhnE1WFRRB2NPVOPxdPW3+LBQU9SGN4C79jO7qUPqNJiuEGQrL3xVAcDku/eZoVTZbV1BpAZUeQ+rXUhp/gaUqVvbZdIOnFr5x2UMAl5XgO0QB7Oy0TPhNbjw+QYxxx7glABaG8fCrbXFedNopZUztHHZhAfVjBDUSYtxF7PpWtKFgl/EmCdZPMXQjRP36DgI8VQBXCd1PBXla5tfMBRX/5SOuB3QUg2zRnb8cU/X02CctD7u0rstXUZpwWc4Fx9t+Tom0=
438
+ </X509Certificate>
439
+ </X509Data>
440
+ </KeyInfo>
441
+ </KeyDescriptor>
442
+ <KeyDescriptor use="signing">
443
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
444
+ <X509Data>
445
+ <X509Certificate>
446
+ MIIGOTCCBSGgAwIBAgIQCu0GBzzHvf66G6j78RkrmDANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQxODAwMDAwMFoXDTE2MDQyMjEyMDAwMFowggEKMRowGAYDVQQPDBFHb3Zlcm5tZW50IEVudGl0eTETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRVdGFoMRgwFgYDVQQFEw9Gb3VuZGVkIGluIDE4NzUxHTAbBgNVBAkTFDE4NDAgU291dGggMTMwMCBFYXN0MQ4wDAYDVQQREwU4NDEwNTELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MRwwGgYDVQQKExNXZXN0bWluc3RlciBDb2xsZWdlMSQwIgYDVQQDExthZGZzLndlc3RtaW5zdGVyY29sbGVnZS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcUjykvufGQArPsV/q66K9AF4xf2gqYkCGAk+5xn1HKEDAcMLIBooqUBuEsZ7FRXP/6vJzVVjH+xDWJo90vwG/eK/G4aH4i5gsKHuNpuSbHeS0CEDSjgdAGtjU1pTmiLKPScHeg9/5953DTv9n+X3To6MEg5m5vgf0a+Nb/9TYuO4myLzzJ5DOI0L/v2fV8xTmBkOlnA5OSbtayuKhFQmRdOK3UJRwBjSIen8fHeb68HNvIukv9lRUMY45Ikh+v7jIMwwivNRHHPOtiNtv7Kh1vK7BEKpuyqFeLZ9ituk/6J+zyUfoOaF5Qx+UWWT9fdk3wlEAzKrCix+oH1o0F41JAgMBAAGjggIsMIICKDAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQU6LPjvC/b+sgydiPNh8e+elO38swwYwYDVR0RBFwwWoIbYWRmcy53ZXN0bWluc3RlcmNvbGxlZ2UuZWR1gh1hZGZzLmEud2VzdG1pbnN0ZXJjb2xsZWdlLmVkdYIcc3NvLmEud2VzdG1pbnN0ZXJjb2xsZWdlLmVkdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMS5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMS5jcmwwQgYDVR0gBDswOTA3BglghkgBhv1sAgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCBiAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAq3udeuWv9NRganxggZafBWk2nQHZBdC6hL3GxkYYQIb6gidmugOfU4DMsgtFN1Lvk6hw9yHvTeTbmIz84Y3UAeBh4hzomh14pCBXZsah0sc2Jn1dvol2oDYKtECMAxlzgqp7wH3nbETSzvkB9sieloQ0dXUglZaC8+9j+707Y18MYP3LVVBweXyYLfC76gAaHu9D/Y7iHfuu8oj9W8+5vNprrZcyPd7hBXbXsUIp+rdNsy8UpwadDY+L7v0fp0+2v1hBop6wAJnvYvMe5hJLNIE10fjfTw6kZ34LMTgpcJJqXT85oK7Iyu+dQPDN99j9SfMTQBf50yrur1dCtVgfaw==
447
+ </X509Certificate>
448
+ </X509Data>
449
+ </KeyInfo>
450
+ </KeyDescriptor>
451
+ <KeyDescriptor use="signing">
452
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
453
+ <X509Data>
454
+ <X509Certificate>
455
+ MIIIPjCCByagAwIBAgIQSuydx3B5u+D+4zuB0vuvNjANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTE2MDMxMDAwMDAwMFoXDTE4MDMxMDIzNTk1OVowggFKMRQwEgYDVQQFEws1NTA3ODctMDE0MDETMBEGCysGAQQBgjc8AgEDEwJVUzETMBEGCysGAQQBgjc8AgECEwJVVDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwU4NDEwNTELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR0wGwYDVQQJExQxODQwIFNvdXRoIDEzMDAgRWFzdDEcMBoGA1UEChMTV2VzdG1pbnN0ZXIgQ29sbGVnZTEdMBsGA1UECxMUSW5mb3JtYXRpb24gU2VydmljZXMxIzAhBgNVBAsTGkNPTU9ETyBFViBNdWx0aS1Eb21haW4gU1NMMSUwIwYDVQQDExxhZGZzMy53ZXN0bWluc3RlcmNvbGxlZ2UuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jANmgB/7PqaKs4gkIBf0gFFHmWl2P86vuMaPZDssgNBX8Z28Rhnop3G8+vCAyFwZz3Yri8fCqMy6MsLrQVlpNgllbmIyOCKVU/VKLsfLWoKNNK0JZCNTh39bTIilPN2iHG1lDIRTnmFMxh755myobtwYYfzkceQAkCMp8m1XBwO5J5+w+KjrBELzjcEhgCqQ56IpA8tznxfASQWsAL9M9HJOFEhwNLH3gAVFqeokLFgZBPEwynSGvANf5sda3Z76xd3IX0BmZJsLHL7Kc2L2y2sjaZEALetVBkeVVbdtbP/Y8JV8FkNFWYbiN40+U8+YPzkleExW6K1/jimcb7BQwIDAQABo4ID0zCCA88wHwYDVR0jBBgwFoAUOdr/yigUiqh0Ewi55A6p0vp+nWkwHQYDVR0OBBYEFA4/WFc3Go58R8dL0Z8doRcMHcrFMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEFATArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYcGCCsGAQUFBwEBBHsweTBRBggrBgEFBQcwAoZFaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wgaMGA1UdEQSBmzCBmIIcYWRmczMud2VzdG1pbnN0ZXJjb2xsZWdlLmVkdYIdYWRmcy5hLndlc3RtaW5zdGVyY29sbGVnZS5lZHWCG2FkZnMud2VzdG1pbnN0ZXJjb2xsZWdlLmVkdYIeYWRmczMuYS53ZXN0bWluc3RlcmNvbGxlZ2UuZWR1ghxzc28uYS53ZXN0bWluc3RlcmNvbGxlZ2UuZWR1MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVNhk9/wAAAEAwBGMEQCIGDdhbeIAZ2lQUgDVBHCZ8chDaM3O2ElmQi3yjZXDaFFAiBsTJnGxKvhqEhV/P4l7KL0vsyrXp+zU3hCD+vzRb/yLwB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABU2GT3ZcAAAQDAEcwRQIgeNG71Z2GlVHCA7n1+L1NzGK01FmGU143+p4TmXIzWqICIQCHOWR1qKmTRo2DazpWwniqALk29dcRsXtRkZ72PXsbjAB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABU2GT3/kAAAQDAEgwRgIhAJQfhmwItTCW/YtLRrvzxmw0dXDU5IyPuEiyP2YS/GH3AiEAqUpxMhBvQpoGz0mLcfjT4Gqz+DRd+uFK+STcb1H6FWYwDQYJKoZIhvcNAQELBQADggEBADVzQQaPU5zDKQfp7n6tJm0QLhxFYg+Po+JVEOJDWsVEore0BRSBsFhpKagk5LnuskvdplzIffgNZkyZsEhnE1WFRRB2NPVOPxdPW3+LBQU9SGN4C79jO7qUPqNJiuEGQrL3xVAcDku/eZoVTZbV1BpAZUeQ+rXUhp/gaUqVvbZdIOnFr5x2UMAl5XgO0QB7Oy0TPhNbjw+QYxxx7glABaG8fCrbXFedNopZUztHHZhAfVjBDUSYtxF7PpWtKFgl/EmCdZPMXQjRP36DgI8VQBXCd1PBXla5tfMBRX/5SOuB3QUg2zRnb8cU/X02CctD7u0rstXUZpwWc4Fx9t+Tom0=
456
+ </X509Certificate>
457
+ </X509Data>
458
+ </KeyInfo>
459
+ </KeyDescriptor>
460
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
461
+ Location="https://adfs.school.edu/adfs/ls/"/>
462
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
463
+ Location="https://adfs.school.edu/adfs/ls/"/>
464
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
465
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
466
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
467
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
468
+ Location="https://adfs.school.edu/adfs/ls/" index="0" isDefault="true"/>
469
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
470
+ Location="https://adfs.school.edu/adfs/ls/" index="1"/>
471
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
472
+ Location="https://adfs.school.edu/adfs/ls/" index="2"/>
473
+ </SPSSODescriptor>
474
+ <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
475
+ <KeyDescriptor use="encryption">
476
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
477
+ <X509Data>
478
+ <X509Certificate>
479
+ MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
480
+ VQQGEwJVUzENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
481
+ GTAXBgNVBAoTEEluc3RydWN0dXJlLCBJbmMxEzARBgNVBAsTCk9wZXJhdGlvbnMx
482
+ IDAeBgNVBAMTF0NhbnZhcyBTQU1MIENlcnRpZmljYXRlMSIwIAYJKoZIhvcNAQkB
483
+ FhNvcHNAaW5zdHJ1Y3R1cmUuY29tMB4XDTEzMDQyMjE3NDQ0M1oXDTE1MDQyMjE3
484
+ NDQ0M1owgasxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5T
485
+ YWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5zdHJ1Y3R1cmUsIEluYzETMBEGA1UE
486
+ CxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2FudmFzIFNBTUwgQ2VydGlmaWNhdGUx
487
+ IjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVjdHVyZS5jb20wggEiMA0GCSqGSIb3
488
+ DQEBAQUAA4IBDwAwggEKAoIBAQDHRYRp/slsoqD7iPFo+8UFjqd+LgSQ062x09CG
489
+ m5uW9smY/x2ig8hxfd05Dtk42wrA9frRh6QiEhtoy8qL/4g/LOmYq5USDdzLXsPF
490
+ /nqTVPkTOhGcuSpfJbxucRsMfGL6IvrGqLNxpyfroyV1dv9/fim+d6bs7js5k1i5
491
+ EkKksgVlnnpUpOx5pswWVcZICeIJwTMe1C0KHcpUMycZxMHueJ+Y7tWHtWW+R75T
492
+ QWdWjL+TevEL57B3cW19+9Sud2Y63DcwP6V0aDrwArxQwmp73uUb5ol6gSSvD+Ol
493
+ CIsf6S/5gqMdgqxJJsWqzBOTeDsVr8m2Dx3VX7Plho7pk06FAgMBAAGjggEUMIIB
494
+ EDAdBgNVHQ4EFgQUQy1zIfZP/NZKPYLGugNSjjBnTYgwgeAGA1UdIwSB2DCB1YAU
495
+ Qy1zIfZP/NZKPYLGugNSjjBnTYihgbGkga4wgasxCzAJBgNVBAYTAlVTMQ0wCwYD
496
+ VQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5z
497
+ dHJ1Y3R1cmUsIEluYzETMBEGA1UECxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2Fu
498
+ dmFzIFNBTUwgQ2VydGlmaWNhdGUxIjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVj
499
+ dHVyZS5jb22CCQCE7rMTjetHCjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
500
+ A4IBAQC1dgkv3cT4KRMR42mIKgJRp4Jf7swUrtoAFOdOr1R6fjI/9bFNSVNgauiQ
501
+ flN6q8QA5B2sbDihiSqAylm9F34hpI3C3PvzSWzuIk+Z2FPHcA05CZtwrUWj1M0c
502
+ eBXxXragtR7ZYtIbEb0srzBfwoFYvWnLU7tM8t6wM6+1rxvOuQFVCCSXyptsGoBl
503
+ D9qyzAbyYDgJZYpbTjaA9bqhpkn/9CLN3JhNHLyBVr03fp3hQqNwZ2do9bFZBnW0
504
+ c5Dx9pbKTvC3TAUb2cwUD69yTYS1oq7//yIC2ha2ouzkV/VpB1fcF5YEj2pc6uaj
505
+ lOTDX4Eg7OBEkTzU8cX04b15bJfE
506
+ </X509Certificate>
507
+ </X509Data>
508
+ </KeyInfo>
509
+ </KeyDescriptor>
510
+ <KeyDescriptor use="signing">
511
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
512
+ <X509Data>
513
+ <X509Certificate>
514
+ MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
515
+ VQQGEwJVUzENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
516
+ GTAXBgNVBAoTEEluc3RydWN0dXJlLCBJbmMxEzARBgNVBAsTCk9wZXJhdGlvbnMx
517
+ IDAeBgNVBAMTF0NhbnZhcyBTQU1MIENlcnRpZmljYXRlMSIwIAYJKoZIhvcNAQkB
518
+ FhNvcHNAaW5zdHJ1Y3R1cmUuY29tMB4XDTEzMDQyMjE3NDQ0M1oXDTE1MDQyMjE3
519
+ NDQ0M1owgasxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5T
520
+ YWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5zdHJ1Y3R1cmUsIEluYzETMBEGA1UE
521
+ CxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2FudmFzIFNBTUwgQ2VydGlmaWNhdGUx
522
+ IjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVjdHVyZS5jb20wggEiMA0GCSqGSIb3
523
+ DQEBAQUAA4IBDwAwggEKAoIBAQDHRYRp/slsoqD7iPFo+8UFjqd+LgSQ062x09CG
524
+ m5uW9smY/x2ig8hxfd05Dtk42wrA9frRh6QiEhtoy8qL/4g/LOmYq5USDdzLXsPF
525
+ /nqTVPkTOhGcuSpfJbxucRsMfGL6IvrGqLNxpyfroyV1dv9/fim+d6bs7js5k1i5
526
+ EkKksgVlnnpUpOx5pswWVcZICeIJwTMe1C0KHcpUMycZxMHueJ+Y7tWHtWW+R75T
527
+ QWdWjL+TevEL57B3cW19+9Sud2Y63DcwP6V0aDrwArxQwmp73uUb5ol6gSSvD+Ol
528
+ CIsf6S/5gqMdgqxJJsWqzBOTeDsVr8m2Dx3VX7Plho7pk06FAgMBAAGjggEUMIIB
529
+ EDAdBgNVHQ4EFgQUQy1zIfZP/NZKPYLGugNSjjBnTYgwgeAGA1UdIwSB2DCB1YAU
530
+ Qy1zIfZP/NZKPYLGugNSjjBnTYihgbGkga4wgasxCzAJBgNVBAYTAlVTMQ0wCwYD
531
+ VQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5z
532
+ dHJ1Y3R1cmUsIEluYzETMBEGA1UECxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2Fu
533
+ dmFzIFNBTUwgQ2VydGlmaWNhdGUxIjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVj
534
+ dHVyZS5jb22CCQCE7rMTjetHCjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
535
+ A4IBAQC1dgkv3cT4KRMR42mIKgJRp4Jf7swUrtoAFOdOr1R6fjI/9bFNSVNgauiQ
536
+ flN6q8QA5B2sbDihiSqAylm9F34hpI3C3PvzSWzuIk+Z2FPHcA05CZtwrUWj1M0c
537
+ eBXxXragtR7ZYtIbEb0srzBfwoFYvWnLU7tM8t6wM6+1rxvOuQFVCCSXyptsGoBl
538
+ D9qyzAbyYDgJZYpbTjaA9bqhpkn/9CLN3JhNHLyBVr03fp3hQqNwZ2do9bFZBnW0
539
+ c5Dx9pbKTvC3TAUb2cwUD69yTYS1oq7//yIC2ha2ouzkV/VpB1fcF5YEj2pc6uaj
540
+ lOTDX4Eg7OBEkTzU8cX04b15bJfE
541
+ </X509Certificate>
542
+ </X509Data>
543
+ </KeyInfo>
544
+ </KeyDescriptor>
545
+ <KeyDescriptor use="signing">
546
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
547
+ <X509Data>
548
+ <X509Certificate>
549
+ MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
550
+ VQQGEwJVUzENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
551
+ GTAXBgNVBAoTEEluc3RydWN0dXJlLCBJbmMxEzARBgNVBAsTCk9wZXJhdGlvbnMx
552
+ IDAeBgNVBAMTF0NhbnZhcyBTQU1MIENlcnRpZmljYXRlMSIwIAYJKoZIhvcNAQkB
553
+ FhNvcHNAaW5zdHJ1Y3R1cmUuY29tMB4XDTEzMDQyMjE3NDQ0M1oXDTE1MDQyMjE3
554
+ NDQ0M1owgasxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5T
555
+ YWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5zdHJ1Y3R1cmUsIEluYzETMBEGA1UE
556
+ CxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2FudmFzIFNBTUwgQ2VydGlmaWNhdGUx
557
+ IjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVjdHVyZS5jb20wggEiMA0GCSqGSIb3
558
+ DQEBAQUAA4IBDwAwggEKAoIBAQDHRYRp/slsoqD7iPFo+8UFjqd+LgSQ062x09CG
559
+ m5uW9smY/x2ig8hxfd05Dtk42wrA9frRh6QiEhtoy8qL/4g/LOmYq5USDdzLXsPF
560
+ /nqTVPkTOhGcuSpfJbxucRsMfGL6IvrGqLNxpyfroyV1dv9/fim+d6bs7js5k1i5
561
+ EkKksgVlnnpUpOx5pswWVcZICeIJwTMe1C0KHcpUMycZxMHueJ+Y7tWHtWW+R75T
562
+ QWdWjL+TevEL57B3cW19+9Sud2Y63DcwP6V0aDrwArxQwmp73uUb5ol6gSSvD+Ol
563
+ CIsf6S/5gqMdgqxJJsWqzBOTeDsVr8m2Dx3VX7Plho7pk06FAgMBAAGjggEUMIIB
564
+ EDAdBgNVHQ4EFgQUQy1zIfZP/NZKPYLGugNSjjBnTYgwgeAGA1UdIwSB2DCB1YAU
565
+ Qy1zIfZP/NZKPYLGugNSjjBnTYihgbGkga4wgasxCzAJBgNVBAYTAlVTMQ0wCwYD
566
+ VQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEZMBcGA1UEChMQSW5z
567
+ dHJ1Y3R1cmUsIEluYzETMBEGA1UECxMKT3BlcmF0aW9uczEgMB4GA1UEAxMXQ2Fu
568
+ dmFzIFNBTUwgQ2VydGlmaWNhdGUxIjAgBgkqhkiG9w0BCQEWE29wc0BpbnN0cnVj
569
+ dHVyZS5jb22CCQCE7rMTjetHCjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
570
+ A4IBAQC1dgkv3cT4KRMR42mIKgJRp4Jf7swUrtoAFOdOr1R6fjI/9bFNSVNgauiQ
571
+ flN6q8QA5B2sbDihiSqAylm9F34hpI3C3PvzSWzuIk+Z2FPHcA05CZtwrUWj1M0c
572
+ eBXxXragtR7ZYtIbEb0srzBfwoFYvWnLU7tM8t6wM6+1rxvOuQFVCCSXyptsGoBl
573
+ D9qyzAbyYDgJZYpbTjaA9bqhpkn/9CLN3JhNHLyBVr03fp3hQqNwZ2do9bFZBnW0
574
+ c5Dx9pbKTvC3TAUb2cwUD69yTYS1oq7//yIC2ha2ouzkV/VpB1fcF5YEj2pc6uaj
575
+ lOTDX4Eg7OBEkTzU8cX04b15bJfE
576
+ </X509Certificate>
577
+ </X509Data>
578
+ </KeyInfo>
579
+ </KeyDescriptor>
580
+ <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
581
+ Location="https://adfs.school.edu/adfs/services/trust/artifactresolution"
582
+ index="0"/>
583
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
584
+ Location="https://adfs.school.edu/adfs/ls/"/>
585
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
586
+ Location="https://adfs.school.edu/adfs/ls/"/>
587
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
588
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
589
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
590
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
591
+ Location="https://adfs.school.edu/adfs/ls/"/>
592
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
593
+ Location="https://adfs.school.edu/adfs/ls/"/>
594
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/wcPersonPrimaryAffiliation"
595
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="wcPersonPrimaryAffiliation"
596
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
597
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
598
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"
599
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
600
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
601
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"
602
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
603
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
604
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"
605
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
606
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
607
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"
608
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
609
+ <Attribute Name="http://schemas.xmlsoap.org/claims/CommonName"
610
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"
611
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
612
+ <Attribute Name="http://schemas.xmlsoap.org/claims/EmailAddress"
613
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"
614
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
615
+ <Attribute Name="http://schemas.xmlsoap.org/claims/Group"
616
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"
617
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
618
+ <Attribute Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
619
+ FriendlyName="AD FS 1.x UPN" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
620
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
621
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"
622
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
623
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
624
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"
625
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
626
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"
627
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"
628
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
629
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
630
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"
631
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
632
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"
633
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"
634
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
635
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"
636
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"
637
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
638
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid"
639
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"
640
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
641
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid"
642
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"
643
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
644
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid"
645
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"
646
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
647
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"
648
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"
649
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
650
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid"
651
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"
652
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
653
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"
654
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"
655
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
656
+ <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"
657
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"
658
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
659
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/WCpersonID"
660
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="WCPersonID"
661
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
662
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ipPhone"
663
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="EmailTest"
664
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
665
+ <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Department"
666
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Department"
667
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion"/>
668
+ </IDPSSODescriptor>
669
+ <ContactPerson contactType="support"/>
670
+ </EntityDescriptor>