From d5a74b7984f6805990823e97b12830664ea17a10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johan=20Bj=C3=B6rklund?= <bjorklund@sunet.se>
Date: Mon, 13 Jan 2025 13:26:49 +0100
Subject: [PATCH] Add zammad-test to SSO

---
 .../overlay/etc/hiera/data/local.yaml         |  1 +
 .../etc/satosa/metadata/zammad-test.xml       | 83 +++++++++++++++++++
 2 files changed, 84 insertions(+)
 create mode 100644 test-sso-proxy1.cert.sunet.se/overlay/etc/satosa/metadata/zammad-test.xml

diff --git a/test-sso-proxy1.cert.sunet.se/overlay/etc/hiera/data/local.yaml b/test-sso-proxy1.cert.sunet.se/overlay/etc/hiera/data/local.yaml
index b9c4619..b8c3644 100644
--- a/test-sso-proxy1.cert.sunet.se/overlay/etc/hiera/data/local.yaml
+++ b/test-sso-proxy1.cert.sunet.se/overlay/etc/hiera/data/local.yaml
@@ -106,6 +106,7 @@ saml2_frontend:
           - metadata/monitor-dev.xml
           - metadata/graylog-dev.xml
           - metadata/rt-test.xml
+          - metadata/zammad-test.xml
       entityid: https://test-sso-proxy.cert.sunet.se/idp
       service:
         idp:
diff --git a/test-sso-proxy1.cert.sunet.se/overlay/etc/satosa/metadata/zammad-test.xml b/test-sso-proxy1.cert.sunet.se/overlay/etc/satosa/metadata/zammad-test.xml
new file mode 100644
index 0000000..7e9de04
--- /dev/null
+++ b/test-sso-proxy1.cert.sunet.se/overlay/etc/satosa/metadata/zammad-test.xml
@@ -0,0 +1,83 @@
+<!--
+This is example metadata only. Do *NOT* supply it as is without review,
+and do *NOT* provide it in real time to your partners.
+ -->
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_e8fc87146c5cf10d29ffb5862238ee31c67b99ef" entityID="https://zammad-test.cert.sunet.se">
+
+  <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+  </md:Extensions>
+
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:Extensions>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://zammad-test.cert.sunet.se/Shibboleth.sso/satosa"/>
+    </md:Extensions>
+    <md:KeyDescriptor>
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:KeyName>shib_cert</ds:KeyName>
+        <ds:X509Data>
+          <ds:X509SubjectName>CN=shib_cert</ds:X509SubjectName>
+          <ds:X509Certificate>MIIFCTCCAvGgAwIBAgIUWFHRYJF2URNntOQ50qHxxfz8S/kwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJc2hpYl9jZXJ0MB4XDTI1MDExMzEyMTg0OFoXDTM1MDEx
+MTEyMTg0OFowFDESMBAGA1UEAwwJc2hpYl9jZXJ0MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEApulTuqecQUG71kAku/xAWaMu3jzh1eWsH7lT1wrrHi+A
+WHWLcAY+fmLNX7FMYM0p9jiedD5ERu+eF9gl4t5WkTvcW647vZXIAcm02RavqRBY
+J1AtFfAlkhoe2S5dca5XrgRBalQKXjhZ37aTkwM+F5J5JOdpONMsedJvIk1NmVA/
+x8o0a+YCjcckSRbclVJsOjQCdeR2loT0nfdXXGMLQoYd8K65iQ7XXpzxGLWJnsDK
+NAne+4zGY/bZsJ2LcCeYwJZLZOu38AfNFezhhyxNXt1cxNsBS6AmQRGNJkMBtD9y
+PI1j/h463dIK4piuLOb6Fd+T5usLtZGp9HuDXijIMR4RZI3lAzPoMRXjsAy3D6u8
+DQocVC9fIF+p13hk2EilcniJ2DhE8ipy12jd4KKz8klgaQjf0oWRV83USSZhvsI1
+RoIUchww53DD+P0zzuWgWPaZvxWrSh0JCGGIU3cLtwvO4njcHPDJnNOjy5vMaT5g
+c9VY0Q/nuLbpRIyvlJTiwwYzcb00swtQ0o9Oxjsa9Sq6qD85SodtJhCXB4m4ZcwF
+SkjKsUOSbbR64vmtMhDCkOYMI7j/a5FN+Mube/6MYvtQ3mym46sJWns4b5tyx4hy
+AwmV2WgEnwgIQb1qAHP5nWtf8MK7fW1WT2g1kKPggXeKGqm3E3DWhmRyKSXPg1sC
+AwEAAaNTMFEwHQYDVR0OBBYEFDTyPSXhnVTGlDfFKj5HQT2M/jGiMB8GA1UdIwQY
+MBaAFDTyPSXhnVTGlDfFKj5HQT2M/jGiMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBAG3/ISJQl5LY7EVr04l+W8VJJceM9wQYlDmXCXXvH3UlBhOZ
+YAf1wjiYJ74GyCKseFC7O65CPBnDbiTa2mESVnPwWFb2/4yW/ifvzXfxb+fC48UG
+7/0r5VsvHndkUNGDNA7qb87Iq3/jRI8BBMM/sG9zsEB42Urydeb+YpFszMJUaC7O
+cmVkS8SxGdqIIGZWGVcGqJvbB8ZRCXnCDQR3OEEAAK0ZZ4rdDxUiqMHIe6PLUW35
+cK89p8K9T3G+eECgnYK565awA4ECFOucuohFpFP6YdiP5+ft1TwdE21PYK1HXlHe
+x02tFC8h4nqXObbnd/PqIV9nDXlpbfd1vbNlukGYmnGda4I6z+acNBHCJuTmedce
+DuyjRaDDYYxpD9vM8partsn+vkjeh2I1JqTVYhAKkEZlJ/R3ACIjDqgRRY2ZB56V
+K8ftwmSbV7+A5167J7uCSwnNG5DznxePcQglzyt7BQQD84wa/obyoJz0aq15m9JS
+zyITgUqMFmyytwBQrpNtfT8ZceaYmWp4AodqEOMwViDvyPQHRHRctcKdd/C9RdXq
+ayzq6D048rArpt/1O+c2UErtmElgILtXyOWM81rGWGHTtOKRI2dmx07Isn5VEoBN
+i/YEXO3v14kPINBGq6gfkK8m0S/p1Ss+wfVU9MMUmhlC5uIzXa7ig0DD3/X+
+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+    </md:KeyDescriptor>
+    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://zammad-test.cert.sunet.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://zammad-test.cert.sunet.se/Shibboleth.sso/SLO/SOAP"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://zammad-test.cert.sunet.se/Shibboleth.sso/SLO/Redirect"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://zammad-test.cert.sunet.se/Shibboleth.sso/SLO/POST"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://zammad-test.cert.sunet.se/Shibboleth.sso/SLO/Artifact"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://zammad-test.cert.sunet.se/Shibboleth.sso/SAML2/POST" index="1"/>
+  </md:SPSSODescriptor>
+
+</md:EntityDescriptor>
\ No newline at end of file