search

IdentityPython / pyFF

SAML metadata aggregator
https://pyff.io/
Other
50 stars 37 forks source link

pyFF does not process entity attributes in md:EntitiesDescriptor/md:Extensions #285

Open alexstuart opened 3 days ago

alexstuart commented 3 days ago

Entity attribute metadata can be published in two places according to sstc-metadata-attr-cs-01, in md:EntityDescriptor/md:Extensions or in md:EntitiesDescriptor/md:Extensions. Section 2.3 says

If this element is used within the element of an element, then only elements are to be used; elements MUST NOT be included. The enclosed attributes are bound to each within the enclosing element.

Code Version

Latest available through pip, 2.1.2

Expected Behavior

The specification seems to allow two possible behaviours for a metadata processor. It can pass md:EntitiesDescriptor/md:EntityAttributes to an output aggregate without modification, or it can take the attributes in the input aggregate and apply them to each of the entities.

If the metadata processor ingests more than one aggregate, it cannot pass through the EntityAttributes element to the output aggregate, because this would imply that the attributes would be applied to each of the output entities from all the input aggregates.

Therefore, I'd expect that pyFF to add the entity attributes to each of the entities as it ingests the aggregate.

Current Behavior

The entity attribute element from the input metadata is removed and not passed to the entities

Steps to Reproduce

Use this input file:

- load:
  - ./minimal.xml
- select
- publish:
     output: ./minimal-out.xml

I can't seem to upload an XML file in the issue, so this is the minimal.xml input:

<?xml version='1.0' encoding='UTF-8'?>
<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:Extensions>
                <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
                        <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                                <saml:AttributeValue>http://roooooofeds.org/category/research-and-scholarship</saml:AttributeValue>
                        </saml:Attribute>
                </mdattr:EntityAttributes>
</md:Extensions>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://test.ukfederation.org.uk/entity">
    <Extensions>
        <mdrpi:RegistrationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" registrationAuthority="http://ukfederation.org.uk" registrationInstant="2012-07-13T11:19:55Z">
            <mdrpi:RegistrationPolicy xml:lang="en">http://ukfederation.org.uk/doc/mdrps-20130902</mdrpi:RegistrationPolicy>
        </mdrpi:RegistrationInfo>
    </Extensions>
    <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
        <KeyDescriptor>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
                        BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
                        DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
                        zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
                        NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
                        xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
                        zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
                        mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
                        tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
                        A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
                        iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
                        gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
                        FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
                        gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
                        ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
                        sIV9aK2TFEhoJD6KkXUNqg==
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </KeyDescriptor>
        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.ukfederation.org.uk/Shibboleth.sso/Artifact/SOAP" index="1"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SLO/SOAP"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SLO/Redirect"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SLO/POST"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SLO/Artifact"/>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SAML2/POST" index="1"/>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SAML2/Artifact" index="3"/>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SAML2/ECP" index="4"/>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SAML/POST" index="5"/>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://test.ukfederation.org.uk/Shibboleth.sso/SAML/Artifact" index="6"/>
    </SPSSODescriptor>
    <Organization>
        <OrganizationName xml:lang="en">Jisc Services Limited</OrganizationName>
        <OrganizationDisplayName xml:lang="en">Jisc Services Limited</OrganizationDisplayName>
        <OrganizationURL xml:lang="en">http://www.ukfederation.org.uk/</OrganizationURL>
    </Organization>
    <ContactPerson contactType="support">
        <GivenName>Service Desk</GivenName>
        <EmailAddress>mailto:service@ukfederation.org.uk</EmailAddress>
    </ContactPerson>
    <ContactPerson contactType="technical">
        <GivenName>Service Desk</GivenName>
        <EmailAddress>mailto:service@ukfederation.org.uk</EmailAddress>
    </ContactPerson>
</EntityDescriptor>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://test-idp.ukfederation.org.uk/idp/shibboleth">
    <Extensions>
        <mdrpi:RegistrationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" registrationAuthority="http://ukfederation.org.uk" registrationInstant="2014-03-19T09:47:18Z">
            <mdrpi:RegistrationPolicy xml:lang="en">http://ukfederation.org.uk/doc/mdrps-20130902</mdrpi:RegistrationPolicy>
        </mdrpi:RegistrationInfo>
        <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
            <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
            </saml:Attribute>
        </mdattr:EntityAttributes>
    </Extensions>
    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
        <Extensions>
            <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">test.ukfederation.org.uk</shibmd:Scope>
            <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
                <mdui:DisplayName xml:lang="en">UK federation test IdP</mdui:DisplayName>
                <mdui:Description xml:lang="en">A test IdP for use by UK federation members for testing their SPs</mdui:Description>
                <mdui:Logo height="89" width="117">https://test-idp.ukfederation.org.uk/idp/images/ukfedlogo.jpg</mdui:Logo>
            </mdui:UIInfo>
        </Extensions>
        <KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        MIIDXDCCAkSgAwIBAgIVAKMdq76ICtGOUPeE1oS5vZ2/J8pjMA0GCSqGSIb3DQEB
                        CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
                        MTYwNjAyMTYyNzU4WhcNMzYwNjAyMTYyNzU4WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
                        cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
                        CgKCAQEAp6PVhKcs4wDoMuVSWn73E2L+WgZipw4rAIluvgvdu97zpbjjerbL1OWL
                        Px3BNz6tP+IU8ivXDY8sDDTeGOquxW5E3JZKOvTkPTd+V0dFpX1ogb342w/UMgwd
                        n4wMjLtZQvdJbWhtdxRFdd4YTv2ooeFWmr2Nc1qrBS9As1HdZnD0CvP0R1gxjAij
                        Vu6/Kg4rJcVjOGka3dGKqdCwUfFm0KuEp8GrHkyTdQ1qDwa181FdlNA5qW6djLlj
                        xGuLI9gKOzt1EgCi4RKsRgHEn3RMRx29TMusOAwQTMz/w0PX7B4LnoYxO/Z+njwX
                        GVtc/Vpr9paIBgXn3Dv16DmfmpDt5QIDAQABo38wfTAdBgNVHQ4EFgQUea1/62BW
                        cTima/4+VczPTQQPZjQwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
                        Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
                        cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQA0JLH2MA22gwQMdsK1mI+g
                        Jr2CYIEts7ry3oi6SyD8tTFCmypTKzvKz2s0bOpHvYyTbEDVs9ffCrJUVdvVwHF0
                        sX4YsnJuOKQLr5Sl3YZPvPg7AsOMW+Tn+JL5l2Xnvfz77Ki3FiS4rQH32REFGccl
                        Gs7fJunyxZzB3Jvv9Cly5vfdKGJfyCviDSMWX5W1slUkg1fWUsppZy9Ifiygb+Au
                        IaP69qz6dqVwZJldG3Wn/x5WpI1x7Meax2Wa9bIbqWXCeNfhrhAnL//dbKPfA0EB
                        AlxhhLIxWxf/Um12z22EJyuH3EYWyTlVaGlOcHzg2r1Mn/1LNXpBMVhOPZouksPx
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        MIIDWzCCAkOgAwIBAgIUOMCC6dkddEwkgPACu9HJ3SaiMjkwDQYJKoZIhvcNAQEL
                        BQAwJzElMCMGA1UEAwwcdGVzdC1pZHAudWtmZWRlcmF0aW9uLm9yZy51azAeFw0x
                        NjA2MDIxNjI3NTZaFw0zNjA2MDIxNjI3NTZaMCcxJTAjBgNVBAMMHHRlc3QtaWRw
                        LnVrZmVkZXJhdGlvbi5vcmcudWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
                        AoIBAQCYrePj+6qI0agRWDNXr2N0pvxdBA9fzXUiNkFPv1syUcY40LGtYUvyEyrn
                        VZ9OkvLswTYArvOGwHGGseKy1lDxt/O37hcXTTd6bAg6nIqdD08Y044pMpXfms2n
                        BwUHq/sGUUyIVV+xP00lfyFxwQNRI9D0L4W8OSx0vMoPM4hp+gsZrzTklUgjhRU/
                        5n5XGSseS9tb60wz4URx306HxuEkZpF7pWhJRAgfeyone9vYMAotXBfxrvssuyYw
                        rabGvfWRIJiXXmLjm2hllAF2Tj25xlzjAwDhLbvKjZZa5afx3EYMYSf53uOGYJG/
                        zGebYZpvKZB+bLjNwaA41LzeskMdAgMBAAGjfzB9MB0GA1UdDgQWBBQUUMcdr4uu
                        bY7bn88mdk67e20UDzBcBgNVHREEVTBTghx0ZXN0LWlkcC51a2ZlZGVyYXRpb24u
                        b3JnLnVrhjNodHRwczovL3Rlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWsvaWRw
                        L3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAJMjdRtSlf9IYMIUqvGQxn/v
                        u8CixcHcimK2WBp/Dv4lAphOTzmF+zF7cB2CMalAcgJnoP4BJNq/7bwDOHDFbpbN
                        cKh4FWRzURChBbZ2Xa1C2vrm0+oPQl8WsChxQgqUPDTleg2k3/PEi2dDymJlu8Cg
                        0kqWwQ1G0tal6B0lDf+3PKdwdp5LAnB8TUFCTrfuI5DiHOce8r5+AjfkhJsSYu39
                        NpJGsdn/IzQE4RsAFbz1UEb1sz9+vtTFMvC2mr82TcYWC3PDqyHpvqCHAwQqAzQW
                        thDEbFnZ8ckGnGLfkn+Lqt8/A3D85vsoQvvYZ+6UOKzBnl2SeVyGcFykoSoZcGA=
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor use="encryption">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        MIIDXDCCAkSgAwIBAgIVAN/3uTodbwagOO8HxJ/wK9pD9F6DMA0GCSqGSIb3DQEB
                        CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
                        MTYwNjAyMTYyNzU3WhcNMzYwNjAyMTYyNzU3WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
                        cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
                        CgKCAQEAl5mKiHP7qGWRM2IkPvh5RuVJaOJkBRFhDdX1FInSYtyPRDxQ6Fl9g5Pt
                        3C65HA9YVMjhijph50DZJRAroyU17WdaSfTUrqK7LqdVk7rVHRekJIH+J3hh/UVq
                        2Q0N1tlyBOblR6DA4na3kNYwTZh+jYrp6cbNqyqcvtFLCezDOkNnLbXxSK6vqqJN
                        dRTLUoN6PmRlj5DBZNpOkSGdI32WIhNczUHkBZzHVRlvfF4uQKH+0ASYWpI+WJGs
                        Mrdg1eSkQkKLYo/6LmLj/L4kiJzWEC1V1pod1r54wgMsfFRPeoLC1kYU3Q8OFgX8
                        WdUodwaRtFrpmURBEQgMK1uDLGJhkwIDAQABo38wfTAdBgNVHQ4EFgQUdsJMwfkG
                        pPHTByrcDXj2+cm+G2AwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
                        Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
                        cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQBOVDjHi2Mrj3nDb/pTZ9Lz
                        /OizJNEZ+uklJbX//W9Jr1VE2NND96R/D2T/lvR/rKbXh0HJl7VYLRHkPJPQ6X+T
                        7TzZW9MKhX6nLzhXdtOZb4AEQn0mpOtZSfpY9eUc13xRw1jGl6y09WVnO/IP/0HX
                        U7uWTDt0jgAC4VR3hpFOevxU3nXu5XLtgBcnASeoeJbNfAr+MhrHCt4nAYFmf/+S
                        MLg/0bPQDCVJ0j4yvSCCFkrWeFEkzqQ2QF/VFSA47VfRDALiMzTpFFgTxyj1p4T7
                        Ycbh0vb/OVKx+DN9cvlWlzf2e2JXGg8/gP7hpwVV6ndskANQ67NUOZ5jXWsK5GnD
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </KeyDescriptor>
        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://test-idp.ukfederation.org.uk:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test-idp.ukfederation.org.uk:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test-idp.ukfederation.org.uk/idp/profile/SAML2/Redirect/SLO"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test-idp.ukfederation.org.uk/idp/profile/SAML2/POST/SLO"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://test-idp.ukfederation.org.uk/idp/profile/SAML2/POST-SimpleSign/SLO"/>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test-idp.ukfederation.org.uk:8443/idp/profile/SAML2/SOAP/SLO"/>
        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://test-idp.ukfederation.org.uk/idp/profile/Shibboleth/SSO"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test-idp.ukfederation.org.uk/idp/profile/SAML2/POST/SSO"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://test-idp.ukfederation.org.uk/idp/profile/SAML2/POST-SimpleSign/SSO"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test-idp.ukfederation.org.uk/idp/profile/SAML2/Redirect/SSO"/>
        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test-idp.ukfederation.org.uk/idp/profile/SAML2/SOAP/ECP"/>
    </IDPSSODescriptor>
    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
        <Extensions>
            <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">test.ukfederation.org.uk</shibmd:Scope>
        </Extensions>
        <KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        MIIDXDCCAkSgAwIBAgIVAKMdq76ICtGOUPeE1oS5vZ2/J8pjMA0GCSqGSIb3DQEB
                        CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
                        MTYwNjAyMTYyNzU4WhcNMzYwNjAyMTYyNzU4WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
                        cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
                        CgKCAQEAp6PVhKcs4wDoMuVSWn73E2L+WgZipw4rAIluvgvdu97zpbjjerbL1OWL
                        Px3BNz6tP+IU8ivXDY8sDDTeGOquxW5E3JZKOvTkPTd+V0dFpX1ogb342w/UMgwd
                        n4wMjLtZQvdJbWhtdxRFdd4YTv2ooeFWmr2Nc1qrBS9As1HdZnD0CvP0R1gxjAij
                        Vu6/Kg4rJcVjOGka3dGKqdCwUfFm0KuEp8GrHkyTdQ1qDwa181FdlNA5qW6djLlj
                        xGuLI9gKOzt1EgCi4RKsRgHEn3RMRx29TMusOAwQTMz/w0PX7B4LnoYxO/Z+njwX
                        GVtc/Vpr9paIBgXn3Dv16DmfmpDt5QIDAQABo38wfTAdBgNVHQ4EFgQUea1/62BW
                        cTima/4+VczPTQQPZjQwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
                        Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
                        cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQA0JLH2MA22gwQMdsK1mI+g
                        Jr2CYIEts7ry3oi6SyD8tTFCmypTKzvKz2s0bOpHvYyTbEDVs9ffCrJUVdvVwHF0
                        sX4YsnJuOKQLr5Sl3YZPvPg7AsOMW+Tn+JL5l2Xnvfz77Ki3FiS4rQH32REFGccl
                        Gs7fJunyxZzB3Jvv9Cly5vfdKGJfyCviDSMWX5W1slUkg1fWUsppZy9Ifiygb+Au
                        IaP69qz6dqVwZJldG3Wn/x5WpI1x7Meax2Wa9bIbqWXCeNfhrhAnL//dbKPfA0EB
                        AlxhhLIxWxf/Um12z22EJyuH3EYWyTlVaGlOcHzg2r1Mn/1LNXpBMVhOPZouksPx
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        MIIDWzCCAkOgAwIBAgIUOMCC6dkddEwkgPACu9HJ3SaiMjkwDQYJKoZIhvcNAQEL
                        BQAwJzElMCMGA1UEAwwcdGVzdC1pZHAudWtmZWRlcmF0aW9uLm9yZy51azAeFw0x
                        NjA2MDIxNjI3NTZaFw0zNjA2MDIxNjI3NTZaMCcxJTAjBgNVBAMMHHRlc3QtaWRw
                        LnVrZmVkZXJhdGlvbi5vcmcudWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
                        AoIBAQCYrePj+6qI0agRWDNXr2N0pvxdBA9fzXUiNkFPv1syUcY40LGtYUvyEyrn
                        VZ9OkvLswTYArvOGwHGGseKy1lDxt/O37hcXTTd6bAg6nIqdD08Y044pMpXfms2n
                        BwUHq/sGUUyIVV+xP00lfyFxwQNRI9D0L4W8OSx0vMoPM4hp+gsZrzTklUgjhRU/
                        5n5XGSseS9tb60wz4URx306HxuEkZpF7pWhJRAgfeyone9vYMAotXBfxrvssuyYw
                        rabGvfWRIJiXXmLjm2hllAF2Tj25xlzjAwDhLbvKjZZa5afx3EYMYSf53uOGYJG/
                        zGebYZpvKZB+bLjNwaA41LzeskMdAgMBAAGjfzB9MB0GA1UdDgQWBBQUUMcdr4uu
                        bY7bn88mdk67e20UDzBcBgNVHREEVTBTghx0ZXN0LWlkcC51a2ZlZGVyYXRpb24u
                        b3JnLnVrhjNodHRwczovL3Rlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWsvaWRw
                        L3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAJMjdRtSlf9IYMIUqvGQxn/v
                        u8CixcHcimK2WBp/Dv4lAphOTzmF+zF7cB2CMalAcgJnoP4BJNq/7bwDOHDFbpbN
                        cKh4FWRzURChBbZ2Xa1C2vrm0+oPQl8WsChxQgqUPDTleg2k3/PEi2dDymJlu8Cg
                        0kqWwQ1G0tal6B0lDf+3PKdwdp5LAnB8TUFCTrfuI5DiHOce8r5+AjfkhJsSYu39
                        NpJGsdn/IzQE4RsAFbz1UEb1sz9+vtTFMvC2mr82TcYWC3PDqyHpvqCHAwQqAzQW
                        thDEbFnZ8ckGnGLfkn+Lqt8/A3D85vsoQvvYZ+6UOKzBnl2SeVyGcFykoSoZcGA=
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor use="encryption">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        MIIDXDCCAkSgAwIBAgIVAN/3uTodbwagOO8HxJ/wK9pD9F6DMA0GCSqGSIb3DQEB
                        CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
                        MTYwNjAyMTYyNzU3WhcNMzYwNjAyMTYyNzU3WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
                        cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
                        CgKCAQEAl5mKiHP7qGWRM2IkPvh5RuVJaOJkBRFhDdX1FInSYtyPRDxQ6Fl9g5Pt
                        3C65HA9YVMjhijph50DZJRAroyU17WdaSfTUrqK7LqdVk7rVHRekJIH+J3hh/UVq
                        2Q0N1tlyBOblR6DA4na3kNYwTZh+jYrp6cbNqyqcvtFLCezDOkNnLbXxSK6vqqJN
                        dRTLUoN6PmRlj5DBZNpOkSGdI32WIhNczUHkBZzHVRlvfF4uQKH+0ASYWpI+WJGs
                        Mrdg1eSkQkKLYo/6LmLj/L4kiJzWEC1V1pod1r54wgMsfFRPeoLC1kYU3Q8OFgX8
                        WdUodwaRtFrpmURBEQgMK1uDLGJhkwIDAQABo38wfTAdBgNVHQ4EFgQUdsJMwfkG
                        pPHTByrcDXj2+cm+G2AwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
                        Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
                        cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQBOVDjHi2Mrj3nDb/pTZ9Lz
                        /OizJNEZ+uklJbX//W9Jr1VE2NND96R/D2T/lvR/rKbXh0HJl7VYLRHkPJPQ6X+T
                        7TzZW9MKhX6nLzhXdtOZb4AEQn0mpOtZSfpY9eUc13xRw1jGl6y09WVnO/IP/0HX
                        U7uWTDt0jgAC4VR3hpFOevxU3nXu5XLtgBcnASeoeJbNfAr+MhrHCt4nAYFmf/+S
                        MLg/0bPQDCVJ0j4yvSCCFkrWeFEkzqQ2QF/VFSA47VfRDALiMzTpFFgTxyj1p4T7
                        Ycbh0vb/OVKx+DN9cvlWlzf2e2JXGg8/gP7hpwVV6ndskANQ67NUOZ5jXWsK5GnD
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </KeyDescriptor>
        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://test-idp.ukfederation.org.uk:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
        <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test-idp.ukfederation.org.uk:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
    </AttributeAuthorityDescriptor>
    <Organization>
        <OrganizationName xml:lang="en">Jisc Services Limited</OrganizationName>
        <OrganizationDisplayName xml:lang="en">UK federation test IdP</OrganizationDisplayName>
        <OrganizationURL xml:lang="en">http://ukfederation.org.uk/</OrganizationURL>
    </Organization>
    <ContactPerson contactType="support">
        <GivenName>Service Desk</GivenName>
        <EmailAddress>mailto:service@ukfederation.org.uk</EmailAddress>
    </ContactPerson>
    <ContactPerson contactType="technical">
        <GivenName>Service Desk</GivenName>
        <EmailAddress>mailto:service@ukfederation.org.uk</EmailAddress>
    </ContactPerson>
</EntityDescriptor>
</md:EntitiesDescriptor>