hiera and satosa config

humhub-sto3-prod-1.sunet.se/overlay/etc/hiera/data/local.yaml

@@ -0,0 +1,166 @@
+---
+satosa_config:
+   saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml"
+   saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml"
+   generated_attributes: "/etc/satosa/plugins/generated_attributes.yaml"
+   internal_attributes: "/etc/satosa/internal_attributes.yaml"
+generated_attributes:
+   module: satosa.micro_services.attribute_generation.AddSyntheticAttributes
+   plugin: AddSyntheticAttributes
+   name: AddSyntheticAttributes
+   config:
+      synthetic_attributes:
+         default:
+            default:
+               schachomeorganization: "{{edupersonprincipalname.scope}}"
+internal_attributes:
+   attributes:
+      displayname:
+         saml: [displayName]
+         adfs: [displayName]
+      commonname:
+         saml: [cn]
+         adfs: [displayName]
+      givenname:
+         saml: [givenName]
+         adfs: [givenName]
+      surname:
+        saml: [sn]
+        adfs: [sn]
+      mail:
+        saml: [mail]
+        adfs: [mail]
+      edupersonprincipalname:
+        saml: [eduPersonPrincipalName]
+        adfs: [eduPersonPrincipalName]
+      edupersonscopedaffiliation:
+        saml: [eduPersonScopedAffiliation]
+        adfs: [eduPersonScopedAffiliation]
+      noredupersonnin:
+        saml: [norEduPersonNIN]
+        adfs: [norEduPersonNIN]
+      edupersonentitlement:
+        saml: [eduPersonEntitlement]
+        adfs: [eduPersonEntitlement]
+      schachomeorganization:
+        saml: [schacHomeOrganization]
+      schachomeorganizationtype:
+        saml: [schacHomeOrganizationType]
+      organizationname:
+        saml: [ou]
+      noreduorgacronym:
+        saml: [norEduOrgAcronym]
+      countryname:
+        saml: [c]
+      friendlycountryname:
+        saml: [co]
+      edupersontargetedid:
+        saml: [eduPersonTargetedID]
+   user_id_to_attr: edupersontargetedid
+satosa_proxy_conf:
+   BASE: https://humhub-idp-proxy.sunet.se
+   INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
+   BACKEND_MODULES:
+      - "plugins/saml2_backend.yaml"
+   FRONTEND_MODULES:
+      - "plugins/saml2_frontend.yaml"
+   MICRO_SERVICES:
+      - "plugins/generated_attributes.yaml"
+   LOGGING:
+     version: 1
+     formatters:
+        default:
+           format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s"
+     handlers:
+        console:
+           class: logging.StreamHandler
+           level: DEBUG
+           formatter: default
+           stream: ext://sys.stdout
+     loggers:
+        satosa:
+           level: DEBUG
+           handlers: [console]
+        saml2:
+           level: DEBUG
+           handlers: [console]
+saml2_backend:
+  config:
+    sp_config:
+      organization: {display_name: SUNET Forum, name: SUNET Forum, url: 'https://sunet.se'}
+      contact_person:
+        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
+        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
+      key_file: backend.key
+      cert_file: backend.crt
+      encryption_keypairs: 
+        - { key_file: backend.key, cert_file: backend.crt }
+      allow_unknown_attributes: true
+      metadata:
+        mdq:
+         - url: https://mds.swamid.se
+           cert: "/etc/satosa/md-signer2.crt"
+      entityid: https://humhub-idp-proxy.sunet.se/sp
+      service:
+        sp:
+          allow_unsolicited: true
+          endpoints:
+            assertion_consumer_service:
+              - [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+              - [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
+            discovery_response:
+              - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
+          want_response_signed: false
+          want_assertions_signed: false
+          want_assertions_or_response_signed: true
+      xmlsec_binary: /usr/bin/xmlsec1
+      attribute_map_dir: attributemaps
+    disco_srv: https://service.seamlessaccess.org/ds
+    publish_metadata: <base_url>/<name>/metadata
+    state_id: <name>
+    attribute_profile: saml
+    hash_type: transient
+  module: satosa.backends.saml2.SAMLBackend
+  name: Saml2SP
+  plugin: BackendModulePlugin
+saml2_frontend:
+  config:
+    custom_attribute_release:
+      default:
+        default:
+          exclude: ["eduPersonTargetedID","eduPersonAffiliation"]
+    idp_config:
+      organization: {display_name: SWAMID, name: SWAMID, url: 'https://sunet.se'}
+      contact_person:
+        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
+        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
+      key_file: frontend.key
+      cert_file: frontend.crt
+      metadata:
+        local: [metadata/humhub.xml]
+      entityid: https://humhub-idp-proxy.sunet.se/idp
+      accepted_time_diff: 300
+      service:
+        idp:
+          endpoints:
+            single_sign_on_service: []
+          name: SWAMID
+          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
+          policy:
+            default:
+              attribute_restrictions: null
+              fail_on_missing_requested: false
+              lifetime: {minutes: 15}
+              name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+          want_authn_requests_signed: false
+      xmlsec_binary: /usr/bin/xmlsec1
+      state_id: <name>
+    publish_metadata: <base_url>/<name>/metadata
+    base: <base_url>
+    endpoints:
+      single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post,
+        'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect}
+    attribute_profile: saml
+  module: satosa.frontends.saml2.SAMLFrontend
+  plugin: FrontendModulePlugin
+  name: Saml2IDP

humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/backend.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFEzCCAvugAwIBAgIUEY/k5aGq4fj0a8J9RM7NxyZLiHwwDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOc2F0b3NhX2JhY2tlbmQwHhcNMjEwMjI2MTE0NTEwWhcN
+MzEwMjI0MTE0NTEwWjAZMRcwFQYDVQQDDA5zYXRvc2FfYmFja2VuZDCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBALnOG8u5LTVAG/O0WJ6PBMfoD1S43f/F
+ttLGu/x5tUvekkg/PJlWaihWCzuAqW+DRA/DTI+Izj8Z7SBOQmTAX0ISxdAsP4MQ
+zpEe/YOsw/AEZ009Uk5DDT1TJXrdIfanUJT2j9X4lSmCvPVLfQq0XAAHLFNSPgrF
+VtfF4yyNteEEfD+usxgNnVZiIp/FKRCcNPhvoAf0p0VWlGg9gX6yA1FlHqcMgMur
+QyEtlW2i+q5yykHhPiMjgR5h/YuYxCEXVRHEi7dPV33doownosQ5SVmkaXqoEexC
+YNr295l1iLRR3mu7RfAHOttJ3mqLBQTD8wdaZ8gYVSYBkkA4MRZvHZ0k+Dh+7gxe
+RPgyS+c8tPYGZFBWVG2kk6Q6lhSV1v8OgHGDbtX9wBP1OGojT0EiWON+V6zzK9JQ
+BbRb4tjdT0EVcUisikiMCpDm6nxs545hfKIjovQUoG/+lQ2f5h1txNOA9kWhUEnd
+4R0h460RzHMb2rNEi/efClBMajww2M17OIKodyOBxEUD1ImefedZU/c593yz2GSv
+Sp8tlvtUVmPCvPeqfxD+XgDg4bqruUExGTaGYWnDu/wewgmYNL9Kop3Mh4XFCZfU
+AugYAuVaqas7CdLy2s86rCjhhfXY1VOM6grHqLI8hDvHFISysgnAKmBpp5oG7HMM
+72d3Z6A+WVidAgMBAAGjUzBRMB0GA1UdDgQWBBS/9V9nlQNv6oh+DyTOc9OxyZJN
+ojAfBgNVHSMEGDAWgBS/9V9nlQNv6oh+DyTOc9OxyZJNojAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBfI4K0l89erk0RARjY3lyfrNWmrhVRXSLQ
+wuYsmsPHuW8tpFcb5gB85cDw8/uUb91oXEq84NiJ163krHPUaoBk4bf6Q23mPc7E
+IeR+1e5ZfJH4+rDqKu3lxuLmlw7ybdVoSe3lUKbpXXQHekpB3iQCzg/WpyIUALZL
+6bMuFKjBISaEUxGM5wOnWTV4G0J62zI8jwL2c1Qowe0OXoFFtRhS6kaw7304NAUi
+DzHu+wD8tSHYOvLgsAA3zIcbFHvT4Fu7NeDoq3yeWXNdjAiQYfX3ZZqk4RKsmtqk
+GjFCJ/tWOsa461z94eyXre3pBjJCcuSJtqbYRgRS0UHZNFzhFDvr124NIEJxQebI
+XFfXEuSQUDJT+z90V3vFyJjMbgRRWZz+FEpxf0qF5AE9Z/v8KtJ58ceHNqWVq7Bq
+bIx4jApsM4Ztmj8+NlTltA6o65wkxtRTej0g457BdldHZM64nKT2yBFO/TTjR5eJ
+jQ1RYJCW+mJP9I6x8BYJ3iw68WeqalTAOvXJnIABtPM3kLE9qN0uTMwvC+UNlklb
+vnjcs9f0FPWkkB8h83cWTjcvbRUjEoMSV3fK/Els/Cq333NK8ZGVUcrVj7UlCRO/
+xG08Y2bY1nmvUX1Ij9GUSjGoWN40mtv+Ylygh7s9RJckF/knjLLWPwH9QJxbVJRE
+Z4bbO2ahcQ==
+-----END CERTIFICATE-----

humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/frontend.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFFTCCAv2gAwIBAgIUWMp38b0CDPn/bWDTYKbz71OlNH4wDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMB4XDTIxMDIyNjExNDUxMFoX
+DTMxMDIyNDExNDUxMFowGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqnJqdfVhB9TRKlZ4hzqfXySAfmBU
+vSVMnnkVRiVSUTgSBAw1O6JCqyJjZKGbMUDWvB6bK2Ojc9gZ5mzuDiZl7OeQBIo8
+h97YI3jSkNgD8ePJv4q6QDL+DU8ALAwIwdoDF4m+B57urEcPnzDyakfa0Ql8h7qp
+P/ZkYJ1fv+iQGZ31AXUAz1K9ukpGmReSj0aa1r7BONuPJ0jFM9x30Dhvd2on+igv
+D3IsLpU6VNVzC+DYRP4cjLjG3LbgwuyPjPtYmbqxe4xf/9+yRBOQu7bOqgNRDAXZ
+hQYjB9qjn5VdVF3XeaL7538aImKuaehpKQM7MYz1JO/XNjPvB2Juc1DrrvqMqgTt
+dl09C5aqNhfrOP7yMXE51UaL2pzpj6M0KresnU2roDtYFBcbgVGdx9oLYN52XER/
+Oli+iUzdAA9D6INxNQ1WxbJp/EVPyHAP7slsZ0YqYBgEeqewHYTGoUZmIbTu1g35
+xBNpYK5STFd9ggTQ406Q3jt1L+/ux4xTdzRzZM5l7ULkR4+W2vGtUqsmi08/dlwi
+HdT6NLIwn7/HNTTW0TWYm7dN6zFaONb9NN+9NaQz/te8d/D0DbWAjy0i5hcjbFrO
+S0BneIGNjmGN4I2L+Kt8br9tJd+Q4FRFMijSf6FmVDUcXv4S7jFBG702O6n8gtGT
+s2+45MZgX5WjG5UCAwEAAaNTMFEwHQYDVR0OBBYEFDUZkkPRzp1Uj6vf+5D2SqaO
+ew7JMB8GA1UdIwQYMBaAFDUZkkPRzp1Uj6vf+5D2SqaOew7JMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFPNNwxdgnIRlzooLnedCaiMyNh8tr2d
+0sne9gUXIgNYjvz45uKqcmirAERSXoxMOP3QUGlRF7GO25RvRZkmrlw1lxEKpVnr
+iSqrSJ2rwzY48GvL0jLlCtyt3O3pUA6PgbRIC450WWFyrtTj7aYSiXoLLVtQ5xIr
+xpGE3X401g92teW4S6Sy5t/YTgWB2/qmp+wuT4ZlWMUoCNYsc8eeEwhDW00NJ2p3
+LdCE9zyUfVTBB1h+MaZIQcDpzTZ0Jg8bajktxKlmzdjRqeSA/GoYCxSyfQOdkx/V
+BskT6p4fgwpH0ifERLZtxe00bhRRQxbwiQCxI5xA5e39mxAd3dzE5g7doUCo9m5+
+OHhT9YO6c0WBc6g1MK2g0T+aePh4RGnXYvlDErLTLncaAVJ8PRB9pu0isVIo9XDA
+bF2aAfk3Y7cNf+sGqY3TtrIioz7YfFK+oapTesdSAgXsJWn/inpvOqhev+28XVd3
+2ZWs3ZfErTG/jk6Ai90ANFbypc5I3DQNdF+wJLG09y7tgJO9ydUbfrbqQOfeAPxz
+91W7+y83bJML44x9Zqe8RQIA2oWXRcoG0PLDdRRnwlzeE3g0zHUs/jYiPAdK3ZuC
+/a8wSLxfSWcvNy2PVIi3FkTOi6qNQmDOfLAJSks7YTZP4fyNV7sV1gmDMncDF8WX
+AeibHFpjHT1g
+-----END CERTIFICATE-----

humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/md-signer2.crt

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFyzCCA7OgAwIBAgIJAI9LJsUJXDMVMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEO
+MAwGA1UECgwFU1VORVQxDzANBgNVBAsMBlNXQU1JRDEkMCIGA1UEAwwbU1dBTUlE
+IG1ldGFkYXRhIHNpZ25lciB2Mi4wMB4XDTE2MTIwNjA5MjgyMFoXDTM2MTIwNjA5
+MjgyMFowfDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UE
+BwwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEPMA0GA1UECwwGU1dBTUlEMSQw
+IgYDVQQDDBtTV0FNSUQgbWV0YWRhdGEgc2lnbmVyIHYyLjAwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDQVw72PnIo9QIeV439kQnPcxZh/LddKw86eIU+
+nMfl4TpjSIyqTu4KJSnXbJyqXg+jQj3RzE9BUblpGrR7okmQwOh2nh+5A6SmyTOR
+p7VEVT/Zw0GNnQi9gAW7J8Cy+Gnok4LeILI5u43hPylNKAnvs1+bo0ZlbHM6U5jm
+6MlO+lrYA9dZzoPQqoCQbr3OweAaq5g8H54HuZacpYa3Q2GnUa4v+xywjntPdSQU
+RTAbWWyJl3cHctX5+8UnX8nGCaxoBZqNp9PcEopyYJX8O1nrLumBMqu9Uh6GW1nx
+OHfKDLvUoykG3Dm704ENVs88KaJXB1qQNsjdlm14UI9XCZbHfnFVnQ53ehsGFMha
+Bf/Abd6v2wnhBLH/RxEUlw347qSeokw+SdDTSdW8jOEBiSqP/8BUzpCcbGlgAsVO
+NKUS0K7IB2Bb79YYhyMvmJl24BGtkX+VM/mv47dxOtfzNFCMtUcJ2Dluv0xJG8xI
+ot7umx/kbMBLuq7WdWELZJrgpt2bb9sXtYBpuxtGCW5g7+U7MNN1aKCiCSfq09YH
+qu2DsU7HHAxEcGFXBiepBliCwZ24WLQh53bA3rihaln7SjdapT9VuSTpCvytb9RX
+rq39mVuHMXvWYOG20XTV0+8U2vnsjAwsy28xPAcrLWRWoZbRJ+RoGp6L3GACq+t+
+HPIukwIDAQABo1AwTjAdBgNVHQ4EFgQUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwHwYD
+VR0jBBgwFoAUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwDAYDVR0TBAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAHviIAfS8viUN8Qk//U1p6Z1VK5718NeS7uqabug/SwhL
+Vxtg/0x9FPJYf05HXj4moAf2W1ZLnhr0pnEPGDbdHAgDC672fpaAV7DO95d7xubc
+rofR7Of2fehYSUZbXBWFiQ+xB5QfRsUFgB/qgHUolgn+4RXniiBYlWe6QJVncHx+
+FtxD+vh1l5rLNkJgJLw2Lt3pbemSxUvv0CJtnK4jt2y95GsWGu1uSsVLrs0PR1Lj
+kuxL6zZH4Pp9yjRDOUhbVYAnQ017mdcjvHYtp7c4GIWgyaBkDoMtU6fAt70QpeGj
+XhecXk7Llx+oYNdZn14ZdFPRGMyAESLrT4Zf9M7QS3ypnWn/Ux0SwKWbnPUeRVbO
+VZZ+M0jmdYK6o+UU5xH3peRWSJIjjRaKjbVlW5GgHwGFmQc/LN+va2jjThRsQWWt
+zEwObijedInQ6wfL/VzFAwlWWoDAzKK9qnK4Rf3ORKkvhKrUa//2OYnZD0kHtHiC
+OL+iFRLtJ/DQP5iZAF+M1Hta7acLmQ8v7Mn1ZR9lyDWzFx57VOKKtJ6RAmBvxOdP
+8cIgBNvLAEdXh2knOLqYU/CeaGkxTD7Y0SEKx6OxEEdafba//MBkVLt4bRoLXts6
+6JY25FqFh3eJZjR6h4W1NW8KnBWuy+ITGfXxoJSsX78/pwAY+v32jRxMZGUi1J4=
+-----END CERTIFICATE-----

humhub-sto3-prod-1.sunet.se/overlay/etc/satosa/metadata/humhub.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://forum.sunet.se/saml-sso/metadata?authclient=saml">
+  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIEuzCCAyOgAwIBAgIUBdirRj6uD891qjPT3zCuedhT8CgwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTEOMAwGA1UECgwFU1VORVQxFzAVBgNVBAMMDmZvcnVtLnN1bmV0LnNlMSEwHwYJKoZIhvcNAQkBFhJrcmlzdG9mZXJAc3VuZXQuc2UwHhcNMjEwMjI2MDk0NjAyWhcNMzEwMjI2MDk0NjAyWjBtMQswCQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEXMBUGA1UEAwwOZm9ydW0uc3VuZXQuc2UxITAfBgkqhkiG9w0BCQEWEmtyaXN0b2ZlckBzdW5ldC5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALpDb08NbU9f9/q4RMgI5SRufF+XucnJqJ1x+oihovCfb/6/yWfD2eEoMU7bEKFA5Rwj4Ie3o9p3BHAj4gKLg9dRdiFEtNOlLk9QOxS4vTGDWvOtLWQ+Xt6t4sm14CZFEkETXte5FqNxHiAlV7UfzD1U/1ZBonRReKTFL5GRRnRmqoUsiOP7E4c8jOJvyryM+By9+YQNbJj3nCOBN0sbzsLsotBXWUwzx53N3Qkz8aqJzM9WXE8IR2DlpYri3vY1LWf0YVLn3XFpDjtFzlTXfXj3A737rSmp225AxAAM5YIso1mfiAYb5Zw+qFxHus9p/zU1StSlJBz5qg72IqE9pR0TA+u/6xF+P3gzEyGew6o2tCSkIFgL1p/CUXi+L4uCszhpEsB3QmSwOIeVh4do5VIYNYF6VbOsZAkLawDZL8UFSCMIZss058L58Ab+PFCGkVbAXbLiEaje0eHz3HDAyGRQ3qBFCjC93PFfms6E5ZY0zPUs8cvyNAWvEgIp+dz4CwIDAQABo1MwUTAdBgNVHQ4EFgQUZPe9tFY5krgiGDTnkLI7Gbmuma8wHwYDVR0jBBgwFoAUZPe9tFY5krgiGDTnkLI7Gbmuma8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAWTtpspradIYnJwjfxkn0IS8oMVnCDJFGpvIKtF5BeEEaqS+NtJnB+7xg8aT8CDU8rw5NSBKRxlbOMDJ9MR1xIzDr0cmvgmgoi58QVOWhZRQLDqRDrpTsvSdPizfHq8vuE4l2KPI9WCo8KJ01K0x7JLsoHpNf3hszK6F3hFI7HtmKbDPeUwVlEPOAA55OSU8qvzQ7QN2KsvweySxqpUifjWesNI+nnz+6xLPksqxBipumlrQLVZJ3r49VNiiB7cWkBehP/f3u3GBqziigMXNY+3ENeDFg53VWZ8l/8c9QkGVeAs8taMLdT7SFlgrdGlvVIKnb+u9NTmAKWhC6E6Yn/l6hdkLLVJDCFS92srLYd/NyjcF38iUdPnB2KhcurdNuLz+ELEnyTCuIQmwePK4B00nDAhhhmNKZeQvix8W4O64ltXv+DAJoqAXa9Dhxm1zRPMM3YEJeK8yf9DGVWXEyJ3EomzLY6KF/y56v+18B/+52/BR3F9p2sSW670Zb7mCX</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://forum.sunet.se/index.php?r=saml-sso%2Flogout&amp;authclient=saml"/>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://forum.sunet.se/user/auth/external?authclient=saml&amp;handleAcs=1" index="1"/>
+  </md:SPSSODescriptor>
+</md:EntityDescriptor>