SUNET/net-ops
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hiera and satosa config

Browse source
This commit is contained in:
Mikael Andersson 2025-04-09 09:13:09 +02:00
parent 79bf5f2b33
commit 91e22d0eb0
Signed by: mikand
GPG key ID: 184EEE05D37D72DF
5 changed files with 274 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

166
humhub-sto3-prod-1.sunet.se/overlay/etc/hiera/data/local.yaml Normal file
View file

@ -0,0 +1,166 @@
---
satosa_config:
saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml"
saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml"
generated_attributes: "/etc/satosa/plugins/generated_attributes.yaml"
internal_attributes: "/etc/satosa/internal_attributes.yaml"
generated_attributes:
module: satosa.micro_services.attribute_generation.AddSyntheticAttributes
plugin: AddSyntheticAttributes
name: AddSyntheticAttributes
config:
synthetic_attributes:
default:
default:
schachomeorganization: "{{edupersonprincipalname.scope}}"
internal_attributes:
attributes:
displayname:
saml: [displayName]
adfs: [displayName]
commonname:
saml: [cn]
adfs: [displayName]
givenname:
saml: [givenName]
adfs: [givenName]
surname:
saml: [sn]
adfs: [sn]
mail:
saml: [mail]
adfs: [mail]
edupersonprincipalname:
saml: [eduPersonPrincipalName]
adfs: [eduPersonPrincipalName]
edupersonscopedaffiliation:
saml: [eduPersonScopedAffiliation]
adfs: [eduPersonScopedAffiliation]
noredupersonnin:
saml: [norEduPersonNIN]
adfs: [norEduPersonNIN]
edupersonentitlement:
saml: [eduPersonEntitlement]
adfs: [eduPersonEntitlement]
schachomeorganization:
saml: [schacHomeOrganization]
schachomeorganizationtype:
saml: [schacHomeOrganizationType]
organizationname:
saml: [ou]
noreduorgacronym:
saml: [norEduOrgAcronym]
countryname:
saml: [c]
friendlycountryname:
saml: [co]
edupersontargetedid:
saml: [eduPersonTargetedID]
user_id_to_attr: edupersontargetedid
satosa_proxy_conf:
BASE: https://humhub-idp-proxy.sunet.se
INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
BACKEND_MODULES:
- "plugins/saml2_backend.yaml"
FRONTEND_MODULES:
- "plugins/saml2_frontend.yaml"
MICRO_SERVICES:
- "plugins/generated_attributes.yaml"
LOGGING:
version: 1
formatters:
default:
format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
level: DEBUG
formatter: default
stream: ext://sys.stdout
loggers:
satosa:
level: DEBUG
handlers: [console]
saml2:
level: DEBUG
handlers: [console]
saml2_backend:
config:
sp_config:
organization: {display_name: SUNET Forum, name: SUNET Forum, url: 'https://sunet.se'}
contact_person:
- {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
- {contact_type: support, email_address: noc@sunet.se, given_name: Support}
key_file: backend.key
cert_file: backend.crt
encryption_keypairs:
- { key_file: backend.key, cert_file: backend.crt }
allow_unknown_attributes: true
metadata:
mdq:
- url: https://mds.swamid.se
cert: "/etc/satosa/md-signer2.crt"
entityid: https://humhub-idp-proxy.sunet.se/sp
service:
sp:
allow_unsolicited: true
endpoints:
assertion_consumer_service:
- [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
- [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
discovery_response:
- [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
want_response_signed: false
want_assertions_signed: false
want_assertions_or_response_signed: true
xmlsec_binary: /usr/bin/xmlsec1
attribute_map_dir: attributemaps
disco_srv: https://service.seamlessaccess.org/ds
publish_metadata: <base_url>/<name>/metadata
state_id: <name>
attribute_profile: saml
hash_type: transient
module: satosa.backends.saml2.SAMLBackend
name: Saml2SP
plugin: BackendModulePlugin
saml2_frontend:
config:
custom_attribute_release:
default:
default:
exclude: ["eduPersonTargetedID","eduPersonAffiliation"]
idp_config:
organization: {display_name: SWAMID, name: SWAMID, url: 'https://sunet.se'}
contact_person:
- {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
- {contact_type: support, email_address: noc@sunet.se, given_name: Support}
key_file: frontend.key
cert_file: frontend.crt
metadata:
local: [metadata/humhub.xml]
entityid: https://humhub-idp-proxy.sunet.se/idp
accepted_time_diff: 300
service:
idp:
endpoints:
single_sign_on_service: []
name: SWAMID
name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
policy:
default:
attribute_restrictions: null
fail_on_missing_requested: false
lifetime: {minutes: 15}
name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
want_authn_requests_signed: false
xmlsec_binary: /usr/bin/xmlsec1
state_id: <name>
publish_metadata: <base_url>/<name>/metadata
base: <base_url>
endpoints:
single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post,
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect}
attribute_profile: saml
module: satosa.frontends.saml2.SAMLFrontend
plugin: FrontendModulePlugin
name: Saml2IDP

30
humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/backend.crt Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFEzCCAvugAwIBAgIUEY/k5aGq4fj0a8J9RM7NxyZLiHwwDQYJKoZIhvcNAQEL
BQAwGTEXMBUGA1UEAwwOc2F0b3NhX2JhY2tlbmQwHhcNMjEwMjI2MTE0NTEwWhcN
MzEwMjI0MTE0NTEwWjAZMRcwFQYDVQQDDA5zYXRvc2FfYmFja2VuZDCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBALnOG8u5LTVAG/O0WJ6PBMfoD1S43f/F
ttLGu/x5tUvekkg/PJlWaihWCzuAqW+DRA/DTI+Izj8Z7SBOQmTAX0ISxdAsP4MQ
zpEe/YOsw/AEZ009Uk5DDT1TJXrdIfanUJT2j9X4lSmCvPVLfQq0XAAHLFNSPgrF
VtfF4yyNteEEfD+usxgNnVZiIp/FKRCcNPhvoAf0p0VWlGg9gX6yA1FlHqcMgMur
QyEtlW2i+q5yykHhPiMjgR5h/YuYxCEXVRHEi7dPV33doownosQ5SVmkaXqoEexC
YNr295l1iLRR3mu7RfAHOttJ3mqLBQTD8wdaZ8gYVSYBkkA4MRZvHZ0k+Dh+7gxe
RPgyS+c8tPYGZFBWVG2kk6Q6lhSV1v8OgHGDbtX9wBP1OGojT0EiWON+V6zzK9JQ
BbRb4tjdT0EVcUisikiMCpDm6nxs545hfKIjovQUoG/+lQ2f5h1txNOA9kWhUEnd
4R0h460RzHMb2rNEi/efClBMajww2M17OIKodyOBxEUD1ImefedZU/c593yz2GSv
Sp8tlvtUVmPCvPeqfxD+XgDg4bqruUExGTaGYWnDu/wewgmYNL9Kop3Mh4XFCZfU
AugYAuVaqas7CdLy2s86rCjhhfXY1VOM6grHqLI8hDvHFISysgnAKmBpp5oG7HMM
72d3Z6A+WVidAgMBAAGjUzBRMB0GA1UdDgQWBBS/9V9nlQNv6oh+DyTOc9OxyZJN
ojAfBgNVHSMEGDAWgBS/9V9nlQNv6oh+DyTOc9OxyZJNojAPBgNVHRMBAf8EBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBfI4K0l89erk0RARjY3lyfrNWmrhVRXSLQ
wuYsmsPHuW8tpFcb5gB85cDw8/uUb91oXEq84NiJ163krHPUaoBk4bf6Q23mPc7E
IeR+1e5ZfJH4+rDqKu3lxuLmlw7ybdVoSe3lUKbpXXQHekpB3iQCzg/WpyIUALZL
6bMuFKjBISaEUxGM5wOnWTV4G0J62zI8jwL2c1Qowe0OXoFFtRhS6kaw7304NAUi
DzHu+wD8tSHYOvLgsAA3zIcbFHvT4Fu7NeDoq3yeWXNdjAiQYfX3ZZqk4RKsmtqk
GjFCJ/tWOsa461z94eyXre3pBjJCcuSJtqbYRgRS0UHZNFzhFDvr124NIEJxQebI
XFfXEuSQUDJT+z90V3vFyJjMbgRRWZz+FEpxf0qF5AE9Z/v8KtJ58ceHNqWVq7Bq
bIx4jApsM4Ztmj8+NlTltA6o65wkxtRTej0g457BdldHZM64nKT2yBFO/TTjR5eJ
jQ1RYJCW+mJP9I6x8BYJ3iw68WeqalTAOvXJnIABtPM3kLE9qN0uTMwvC+UNlklb
vnjcs9f0FPWkkB8h83cWTjcvbRUjEoMSV3fK/Els/Cq333NK8ZGVUcrVj7UlCRO/
xG08Y2bY1nmvUX1Ij9GUSjGoWN40mtv+Ylygh7s9RJckF/knjLLWPwH9QJxbVJRE
Z4bbO2ahcQ==
-----END CERTIFICATE-----

30
humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/frontend.crt Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFFTCCAv2gAwIBAgIUWMp38b0CDPn/bWDTYKbz71OlNH4wDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMB4XDTIxMDIyNjExNDUxMFoX
DTMxMDIyNDExNDUxMFowGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqnJqdfVhB9TRKlZ4hzqfXySAfmBU
vSVMnnkVRiVSUTgSBAw1O6JCqyJjZKGbMUDWvB6bK2Ojc9gZ5mzuDiZl7OeQBIo8
h97YI3jSkNgD8ePJv4q6QDL+DU8ALAwIwdoDF4m+B57urEcPnzDyakfa0Ql8h7qp
P/ZkYJ1fv+iQGZ31AXUAz1K9ukpGmReSj0aa1r7BONuPJ0jFM9x30Dhvd2on+igv
D3IsLpU6VNVzC+DYRP4cjLjG3LbgwuyPjPtYmbqxe4xf/9+yRBOQu7bOqgNRDAXZ
hQYjB9qjn5VdVF3XeaL7538aImKuaehpKQM7MYz1JO/XNjPvB2Juc1DrrvqMqgTt
dl09C5aqNhfrOP7yMXE51UaL2pzpj6M0KresnU2roDtYFBcbgVGdx9oLYN52XER/
Oli+iUzdAA9D6INxNQ1WxbJp/EVPyHAP7slsZ0YqYBgEeqewHYTGoUZmIbTu1g35
xBNpYK5STFd9ggTQ406Q3jt1L+/ux4xTdzRzZM5l7ULkR4+W2vGtUqsmi08/dlwi
HdT6NLIwn7/HNTTW0TWYm7dN6zFaONb9NN+9NaQz/te8d/D0DbWAjy0i5hcjbFrO
S0BneIGNjmGN4I2L+Kt8br9tJd+Q4FRFMijSf6FmVDUcXv4S7jFBG702O6n8gtGT
s2+45MZgX5WjG5UCAwEAAaNTMFEwHQYDVR0OBBYEFDUZkkPRzp1Uj6vf+5D2SqaO
ew7JMB8GA1UdIwQYMBaAFDUZkkPRzp1Uj6vf+5D2SqaOew7JMA8GA1UdEwEB/wQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFPNNwxdgnIRlzooLnedCaiMyNh8tr2d
0sne9gUXIgNYjvz45uKqcmirAERSXoxMOP3QUGlRF7GO25RvRZkmrlw1lxEKpVnr
iSqrSJ2rwzY48GvL0jLlCtyt3O3pUA6PgbRIC450WWFyrtTj7aYSiXoLLVtQ5xIr
xpGE3X401g92teW4S6Sy5t/YTgWB2/qmp+wuT4ZlWMUoCNYsc8eeEwhDW00NJ2p3
LdCE9zyUfVTBB1h+MaZIQcDpzTZ0Jg8bajktxKlmzdjRqeSA/GoYCxSyfQOdkx/V
BskT6p4fgwpH0ifERLZtxe00bhRRQxbwiQCxI5xA5e39mxAd3dzE5g7doUCo9m5+
OHhT9YO6c0WBc6g1MK2g0T+aePh4RGnXYvlDErLTLncaAVJ8PRB9pu0isVIo9XDA
bF2aAfk3Y7cNf+sGqY3TtrIioz7YfFK+oapTesdSAgXsJWn/inpvOqhev+28XVd3
2ZWs3ZfErTG/jk6Ai90ANFbypc5I3DQNdF+wJLG09y7tgJO9ydUbfrbqQOfeAPxz
91W7+y83bJML44x9Zqe8RQIA2oWXRcoG0PLDdRRnwlzeE3g0zHUs/jYiPAdK3ZuC
/a8wSLxfSWcvNy2PVIi3FkTOi6qNQmDOfLAJSks7YTZP4fyNV7sV1gmDMncDF8WX
AeibHFpjHT1g
-----END CERTIFICATE-----

33
humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/md-signer2.crt Normal file
View file

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFyzCCA7OgAwIBAgIJAI9LJsUJXDMVMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEO
MAwGA1UECgwFU1VORVQxDzANBgNVBAsMBlNXQU1JRDEkMCIGA1UEAwwbU1dBTUlE
IG1ldGFkYXRhIHNpZ25lciB2Mi4wMB4XDTE2MTIwNjA5MjgyMFoXDTM2MTIwNjA5
MjgyMFowfDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UE
BwwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEPMA0GA1UECwwGU1dBTUlEMSQw
IgYDVQQDDBtTV0FNSUQgbWV0YWRhdGEgc2lnbmVyIHYyLjAwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDQVw72PnIo9QIeV439kQnPcxZh/LddKw86eIU+
nMfl4TpjSIyqTu4KJSnXbJyqXg+jQj3RzE9BUblpGrR7okmQwOh2nh+5A6SmyTOR
p7VEVT/Zw0GNnQi9gAW7J8Cy+Gnok4LeILI5u43hPylNKAnvs1+bo0ZlbHM6U5jm
6MlO+lrYA9dZzoPQqoCQbr3OweAaq5g8H54HuZacpYa3Q2GnUa4v+xywjntPdSQU
RTAbWWyJl3cHctX5+8UnX8nGCaxoBZqNp9PcEopyYJX8O1nrLumBMqu9Uh6GW1nx
OHfKDLvUoykG3Dm704ENVs88KaJXB1qQNsjdlm14UI9XCZbHfnFVnQ53ehsGFMha
Bf/Abd6v2wnhBLH/RxEUlw347qSeokw+SdDTSdW8jOEBiSqP/8BUzpCcbGlgAsVO
NKUS0K7IB2Bb79YYhyMvmJl24BGtkX+VM/mv47dxOtfzNFCMtUcJ2Dluv0xJG8xI
ot7umx/kbMBLuq7WdWELZJrgpt2bb9sXtYBpuxtGCW5g7+U7MNN1aKCiCSfq09YH
qu2DsU7HHAxEcGFXBiepBliCwZ24WLQh53bA3rihaln7SjdapT9VuSTpCvytb9RX
rq39mVuHMXvWYOG20XTV0+8U2vnsjAwsy28xPAcrLWRWoZbRJ+RoGp6L3GACq+t+
HPIukwIDAQABo1AwTjAdBgNVHQ4EFgQUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwHwYD
VR0jBBgwFoAUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEAHviIAfS8viUN8Qk//U1p6Z1VK5718NeS7uqabug/SwhL
Vxtg/0x9FPJYf05HXj4moAf2W1ZLnhr0pnEPGDbdHAgDC672fpaAV7DO95d7xubc
rofR7Of2fehYSUZbXBWFiQ+xB5QfRsUFgB/qgHUolgn+4RXniiBYlWe6QJVncHx+
FtxD+vh1l5rLNkJgJLw2Lt3pbemSxUvv0CJtnK4jt2y95GsWGu1uSsVLrs0PR1Lj
kuxL6zZH4Pp9yjRDOUhbVYAnQ017mdcjvHYtp7c4GIWgyaBkDoMtU6fAt70QpeGj
XhecXk7Llx+oYNdZn14ZdFPRGMyAESLrT4Zf9M7QS3ypnWn/Ux0SwKWbnPUeRVbO
VZZ+M0jmdYK6o+UU5xH3peRWSJIjjRaKjbVlW5GgHwGFmQc/LN+va2jjThRsQWWt
zEwObijedInQ6wfL/VzFAwlWWoDAzKK9qnK4Rf3ORKkvhKrUa//2OYnZD0kHtHiC
OL+iFRLtJ/DQP5iZAF+M1Hta7acLmQ8v7Mn1ZR9lyDWzFx57VOKKtJ6RAmBvxOdP
8cIgBNvLAEdXh2knOLqYU/CeaGkxTD7Y0SEKx6OxEEdafba//MBkVLt4bRoLXts6
6JY25FqFh3eJZjR6h4W1NW8KnBWuy+ITGfXxoJSsX78/pwAY+v32jRxMZGUi1J4=
-----END CERTIFICATE-----

15
humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/metadata/humhub.xml Normal file
View file

@ -0,0 +1,15 @@
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://forum.sunet.se/saml-sso/metadata?authclient=saml">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIEuzCCAyOgAwIBAgIUBdirRj6uD891qjPT3zCuedhT8CgwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTEOMAwGA1UECgwFU1VORVQxFzAVBgNVBAMMDmZvcnVtLnN1bmV0LnNlMSEwHwYJKoZIhvcNAQkBFhJrcmlzdG9mZXJAc3VuZXQuc2UwHhcNMjEwMjI2MDk0NjAyWhcNMzEwMjI2MDk0NjAyWjBtMQswCQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEXMBUGA1UEAwwOZm9ydW0uc3VuZXQuc2UxITAfBgkqhkiG9w0BCQEWEmtyaXN0b2ZlckBzdW5ldC5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALpDb08NbU9f9/q4RMgI5SRufF+XucnJqJ1x+oihovCfb/6/yWfD2eEoMU7bEKFA5Rwj4Ie3o9p3BHAj4gKLg9dRdiFEtNOlLk9QOxS4vTGDWvOtLWQ+Xt6t4sm14CZFEkETXte5FqNxHiAlV7UfzD1U/1ZBonRReKTFL5GRRnRmqoUsiOP7E4c8jOJvyryM+By9+YQNbJj3nCOBN0sbzsLsotBXWUwzx53N3Qkz8aqJzM9WXE8IR2DlpYri3vY1LWf0YVLn3XFpDjtFzlTXfXj3A737rSmp225AxAAM5YIso1mfiAYb5Zw+qFxHus9p/zU1StSlJBz5qg72IqE9pR0TA+u/6xF+P3gzEyGew6o2tCSkIFgL1p/CUXi+L4uCszhpEsB3QmSwOIeVh4do5VIYNYF6VbOsZAkLawDZL8UFSCMIZss058L58Ab+PFCGkVbAXbLiEaje0eHz3HDAyGRQ3qBFCjC93PFfms6E5ZY0zPUs8cvyNAWvEgIp+dz4CwIDAQABo1MwUTAdBgNVHQ4EFgQUZPe9tFY5krgiGDTnkLI7Gbmuma8wHwYDVR0jBBgwFoAUZPe9tFY5krgiGDTnkLI7Gbmuma8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAWTtpspradIYnJwjfxkn0IS8oMVnCDJFGpvIKtF5BeEEaqS+NtJnB+7xg8aT8CDU8rw5NSBKRxlbOMDJ9MR1xIzDr0cmvgmgoi58QVOWhZRQLDqRDrpTsvSdPizfHq8vuE4l2KPI9WCo8KJ01K0x7JLsoHpNf3hszK6F3hFI7HtmKbDPeUwVlEPOAA55OSU8qvzQ7QN2KsvweySxqpUifjWesNI+nnz+6xLPksqxBipumlrQLVZJ3r49VNiiB7cWkBehP/f3u3GBqziigMXNY+3ENeDFg53VWZ8l/8c9QkGVeAs8taMLdT7SFlgrdGlvVIKnb+u9NTmAKWhC6E6Yn/l6hdkLLVJDCFS92srLYd/NyjcF38iUdPnB2KhcurdNuLz+ELEnyTCuIQmwePK4B00nDAhhhmNKZeQvix8W4O64ltXv+DAJoqAXa9Dhxm1zRPMM3YEJeK8yf9DGVWXEyJ3EomzLY6KF/y56v+18B/+52/BR3F9p2sSW670Zb7mCX</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://forum.sunet.se/index.php?r=saml-sso%2Flogout&amp;authclient=saml"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://forum.sunet.se/user/auth/external?authclient=saml&amp;handleAcs=1" index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>