From dac87fadb1a8c22d35c63bded7754b6acd9581cc Mon Sep 17 00:00:00 2001
From: Ryan Rumbaugh <rrumbaugh@nebraska.edu>
Date: Fri, 1 Apr 2022 13:31:49 -0500
Subject: [PATCH] Attempt new SP MD

---
 nefed.xml | 64 +++++++++++++++++++++++++++++++------------------------
 1 file changed, 36 insertions(+), 28 deletions(-)

diff --git a/nefed.xml b/nefed.xml
index 9f25934..6982d25 100644
--- a/nefed.xml
+++ b/nefed.xml
@@ -15534,39 +15534,47 @@ KNGked4df0r1o5CozJ35FjKx1fiYucuvGXU+UZd5Yg6sF6MRhQqud32X3eOFJXS/ndm/jGit7B6A
             <EmailAddress>security@nebraska.edu</EmailAddress>
         </ContactPerson>
     </EntityDescriptor>
-    <EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://criticallabs.com/login/saml/response/84">
-        <Extensions>
-            <mdrpi:RegistrationInfo registrationAuthority="https://nebraska.edu/nefed" />
-            <mdattr:EntityAttributes>
-                <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-                    <saml:AttributeValue>https://nebraska.edu/category/registered-by-nefed</saml:AttributeValue>
-                </saml:Attribute>
-            </mdattr:EntityAttributes>
-            <mdui:UIInfo>
-                <mdui:DisplayName xml:lang="en">Critical Labs SAML</mdui:DisplayName>
-                <mdui:Description xml:lang="en">Critical Labs SAML</mdui:Description>
-                <mdui:InformationURL xml:lang="en">https://criticallabs.com/</mdui:InformationURL>
-                <mdui:PrivacyStatementURL xml:lang="en">https://criticallabs.com/</mdui:PrivacyStatementURL>
-                <mdui:Logo height="85" width="141" xml:lang="en">https://criticallabs.com/images/critical-labs.png</mdui:Logo>
-            </mdui:UIInfo>
-        </Extensions>
-        <SPSSODescriptor WantAssertionsSigned="true" AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-            <KeyDescriptor use="encryption">
-                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-                    <ds:x509Data>
-                        <ds:X509Certificate>MIIFmjCCA4ICCQCz3qKEdznIWjANBgkqhkiG9w0BAQ0FADCBjjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5lYnJhc2thMQ4wDAYDVQQHDAVPbWFoYTEWMBQGA1UECgwNQ3JpdGljYWwgTGFiczEbMBkGA1UEAwwSKi5jcml0aWNhbGxhYnMuY29tMScwJQYJKoZIhvcNAQkBFhhzdXBwb3J0QGNyaXRpY2FsbGFicy5jb20wHhcNMjIwMzI1MTYzMzA0WhcNMzIwMzIyMTYzMzA0WjCBjjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5lYnJhc2thMQ4wDAYDVQQHDAVPbWFoYTEWMBQGA1UECgwNQ3JpdGljYWwgTGFiczEbMBkGA1UEAwwSKi5jcml0aWNhbGxhYnMuY29tMScwJQYJKoZIhvcNAQkBFhhzdXBwb3J0QGNyaXRpY2FsbGFicy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDSjmd2sG5eSLddOoDYJFoChktgmMSa0WEaMC3mkrcpxVJfh0azZwlhp7j49+vy7Ef1Cm1I/uvT99e1zKq7LJhsnbk9PeCZ1SEG8HnX4bpS98Km7mimjvM76d0CSwrzqzzUBbIq/OIACm/DvyWd4QOHMluKktYRqUJEgJRR7D+CcUse1NcWONA4U5aCR6iC3vf1crkfQANrOpPi0iW2N/C4qXhvnTxPDMoZJGa8/6rr8k4zD49ID5JKygcrpIUPYb2kWDaVJypgPKpg+L6Vou+HFRXLyXNwAHCzYdkmFcKeNGaImnPKZQniqtjIOx1TlnyeKqHh/Q/CKHMk7clWczZJQWwQ2iEbadYx+ywqZZXLx+KeQZ26XRDGTCpZilMIjdy3o9Koww6NgoctWbXYNrZQIXJCBlordNCaTCBrPNWpt1q9tJwW3rf8erCCo/MQuApxin/kTyntPScbFGqfXdkf3Djk+pPSRUvL9nhwS1c3XnPeMHtMVx8iZQop5upqpPtSnkJEG4OBAGjvyUSoanxYvvGYzUhpjPbOcDSV2yNAurvb2TwEdBXV9krd+WA72+vDm0yh8mbjRUmsnYC8gGBUxY4RA1DstwRwm05V3SRnCpBlrtB98G/4guOdngDzT46pqWOMAdyERIEafovG50hmUiUG0th9uThJA0jwDsZxIwIDAQABMA0GCSqGSIb3DQEBDQUAA4ICAQBx3a+mLwc1HgQ5kN1GBagJaXDBX7VjHDrWn6oYe7KPhbtGloKfcQjoVkVrAppoL8TgWXSEcuNwT57mOmDwmvnKOdtX35p0oZBWq3eCsQhbj5hO8T77U+xqXW2zTBitD3XKlvpyeA5qGMYG94qeQn0tqGWqSRKDAyCNsA58qMVe0OEjQ19N6k6XfPGyZTuRwmIOFGUt3c1GqAp+3tU8L8YgbgL1IMzlnoqQr0Bo1Vn8vpEZhUBwRHRo24m+v3lvZH2/EzvBa2EBcrlMTprSD2LMmfynhP/t7fx6U1klO+kiUy+AfFKDVV/IGel5lEprfMo1Y9UpMTX5kZJNlzfXV8X2F0nl7H5KnQGw5MZoFbJrIfYrsw/1Ivfbt/3HX99XSBd/3hykIbDr4g6eOAGMLKrZ9PryfGHWJsClCCvELfVR09djMTa90ePnHD1SIz120bcqbnyslLCMab1oPzhFYu4zanvzHdFZ0nWwLv0cTCka8CdVmBOEdDkyYeQxhg5wu3wOq1xiwXaBvDs7CNW7dNSod7yGO9rISQW1bfbgw4u6IZwoCM9J9D6DXdPccRJxhKVc+U3kdE8+2uF1My4uFd/uDpD0F0i64Qfc2YJdQZIuMHPEr87p8BP21ftMiJePkz36uWiDXoIP+ODbzmisBC9Pst5X7fWkShFMs+8Z/amvqg==</ds:X509Certificate>
-                    </ds:x509Data>
-                </ds:KeyInfo>
-            </KeyDescriptor>
+    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://criticallabs.com/login/saml/response/84">
+        <script />
+        <SPSSODescriptor WantAssertionsSigned="true" AuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+            <Extensions>
+                <UIInfo>
+                    <mdui:DisplayName xml:lang="en">Critical Labs SAML</mdui:DisplayName>
+                    <mdui:Logo height="144" width="144" xml:lang="en">https://criticallabs.com/ms-icon-144x144.png</mdui:Logo>
+                </UIInfo>
+            </Extensions>
             <KeyDescriptor use="signing">
-                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                <ds:KeyInfo>
                     <ds:x509Data>
-                        <ds:X509Certificate>MIIFmjCCA4ICCQCz3qKEdznIWjANBgkqhkiG9w0BAQ0FADCBjjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5lYnJhc2thMQ4wDAYDVQQHDAVPbWFoYTEWMBQGA1UECgwNQ3JpdGljYWwgTGFiczEbMBkGA1UEAwwSKi5jcml0aWNhbGxhYnMuY29tMScwJQYJKoZIhvcNAQkBFhhzdXBwb3J0QGNyaXRpY2FsbGFicy5jb20wHhcNMjIwMzI1MTYzMzA0WhcNMzIwMzIyMTYzMzA0WjCBjjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5lYnJhc2thMQ4wDAYDVQQHDAVPbWFoYTEWMBQGA1UECgwNQ3JpdGljYWwgTGFiczEbMBkGA1UEAwwSKi5jcml0aWNhbGxhYnMuY29tMScwJQYJKoZIhvcNAQkBFhhzdXBwb3J0QGNyaXRpY2FsbGFicy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDSjmd2sG5eSLddOoDYJFoChktgmMSa0WEaMC3mkrcpxVJfh0azZwlhp7j49+vy7Ef1Cm1I/uvT99e1zKq7LJhsnbk9PeCZ1SEG8HnX4bpS98Km7mimjvM76d0CSwrzqzzUBbIq/OIACm/DvyWd4QOHMluKktYRqUJEgJRR7D+CcUse1NcWONA4U5aCR6iC3vf1crkfQANrOpPi0iW2N/C4qXhvnTxPDMoZJGa8/6rr8k4zD49ID5JKygcrpIUPYb2kWDaVJypgPKpg+L6Vou+HFRXLyXNwAHCzYdkmFcKeNGaImnPKZQniqtjIOx1TlnyeKqHh/Q/CKHMk7clWczZJQWwQ2iEbadYx+ywqZZXLx+KeQZ26XRDGTCpZilMIjdy3o9Koww6NgoctWbXYNrZQIXJCBlordNCaTCBrPNWpt1q9tJwW3rf8erCCo/MQuApxin/kTyntPScbFGqfXdkf3Djk+pPSRUvL9nhwS1c3XnPeMHtMVx8iZQop5upqpPtSnkJEG4OBAGjvyUSoanxYvvGYzUhpjPbOcDSV2yNAurvb2TwEdBXV9krd+WA72+vDm0yh8mbjRUmsnYC8gGBUxY4RA1DstwRwm05V3SRnCpBlrtB98G/4guOdngDzT46pqWOMAdyERIEafovG50hmUiUG0th9uThJA0jwDsZxIwIDAQABMA0GCSqGSIb3DQEBDQUAA4ICAQBx3a+mLwc1HgQ5kN1GBagJaXDBX7VjHDrWn6oYe7KPhbtGloKfcQjoVkVrAppoL8TgWXSEcuNwT57mOmDwmvnKOdtX35p0oZBWq3eCsQhbj5hO8T77U+xqXW2zTBitD3XKlvpyeA5qGMYG94qeQn0tqGWqSRKDAyCNsA58qMVe0OEjQ19N6k6XfPGyZTuRwmIOFGUt3c1GqAp+3tU8L8YgbgL1IMzlnoqQr0Bo1Vn8vpEZhUBwRHRo24m+v3lvZH2/EzvBa2EBcrlMTprSD2LMmfynhP/t7fx6U1klO+kiUy+AfFKDVV/IGel5lEprfMo1Y9UpMTX5kZJNlzfXV8X2F0nl7H5KnQGw5MZoFbJrIfYrsw/1Ivfbt/3HX99XSBd/3hykIbDr4g6eOAGMLKrZ9PryfGHWJsClCCvELfVR09djMTa90ePnHD1SIz120bcqbnyslLCMab1oPzhFYu4zanvzHdFZ0nWwLv0cTCka8CdVmBOEdDkyYeQxhg5wu3wOq1xiwXaBvDs7CNW7dNSod7yGO9rISQW1bfbgw4u6IZwoCM9J9D6DXdPccRJxhKVc+U3kdE8+2uF1My4uFd/uDpD0F0i64Qfc2YJdQZIuMHPEr87p8BP21ftMiJePkz36uWiDXoIP+ODbzmisBC9Pst5X7fWkShFMs+8Z/amvqg==</ds:X509Certificate>
+                        <ds:X509Certificate>MIIFmjCCA4ICCQDix7Uzt/9K6zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5lYnJhc2thMQ4wDAYDVQQHDAVPbWFoYTEWMBQGA1UECgwNQ3JpdGljYWwgTGFiczEbMBkGA1UEAwwSKi5jcml0aWNhbGxhYnMuY29tMScwJQYJKoZIhvcNAQkBFhhzdXBwb3J0QGNyaXRpY2FsbGFicy5jb20wHhcNMjIwNDAxMTcwODA5WhcNMzIwMzI5MTcwODA5WjCBjjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5lYnJhc2thMQ4wDAYDVQQHDAVPbWFoYTEWMBQGA1UECgwNQ3JpdGljYWwgTGFiczEbMBkGA1UEAwwSKi5jcml0aWNhbGxhYnMuY29tMScwJQYJKoZIhvcNAQkBFhhzdXBwb3J0QGNyaXRpY2FsbGFicy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDSjmd2sG5eSLddOoDYJFoChktgmMSa0WEaMC3mkrcpxVJfh0azZwlhp7j49+vy7Ef1Cm1I/uvT99e1zKq7LJhsnbk9PeCZ1SEG8HnX4bpS98Km7mimjvM76d0CSwrzqzzUBbIq/OIACm/DvyWd4QOHMluKktYRqUJEgJRR7D+CcUse1NcWONA4U5aCR6iC3vf1crkfQANrOpPi0iW2N/C4qXhvnTxPDMoZJGa8/6rr8k4zD49ID5JKygcrpIUPYb2kWDaVJypgPKpg+L6Vou+HFRXLyXNwAHCzYdkmFcKeNGaImnPKZQniqtjIOx1TlnyeKqHh/Q/CKHMk7clWczZJQWwQ2iEbadYx+ywqZZXLx+KeQZ26XRDGTCpZilMIjdy3o9Koww6NgoctWbXYNrZQIXJCBlordNCaTCBrPNWpt1q9tJwW3rf8erCCo/MQuApxin/kTyntPScbFGqfXdkf3Djk+pPSRUvL9nhwS1c3XnPeMHtMVx8iZQop5upqpPtSnkJEG4OBAGjvyUSoanxYvvGYzUhpjPbOcDSV2yNAurvb2TwEdBXV9krd+WA72+vDm0yh8mbjRUmsnYC8gGBUxY4RA1DstwRwm05V3SRnCpBlrtB98G/4guOdngDzT46pqWOMAdyERIEafovG50hmUiUG0th9uThJA0jwDsZxIwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCQ78BCW80E2GnXil07TEQ1AA5lXtk1Nyf/Lr3d06Co8dV8F1wyNsSfSbIgUwa0eRLtwrXLKdA2DxV5FgKn5/JruAjLOKIo1bn1DFnMx0e+C2lMwvlRpo8Cxy1dciwyUwsuC52LqfG1FQVkipNiVJ8Nl1aXCillb6a+HJg8t7q26n+E3D/S3mprl2JKJmyB+CfW+eoSbNpHpt4A3GEc1y3bLawaJfAZtV6xSh3RW7s2Qya1UgzIVg4qACSNKS7AiFhgQY1MYKtAiiGgQG4y3PKHmF0DaKpD2EA+bWPKQ/HU+TxlWnqCU9csCeFK9LZtPHxSuz4fA65Fu8kAfvXvhKPEA0Mt6x5k+utMRE9fj2TBL2sMzUGsoRxhGESHZK5ediUnTZ8YC5czeqRgHj8bq5AmUa2m9GA6tpuSwwAVVE98Q+g+eHyAU1iOFpTsfBHVg93mgD41Eu9HepMcoSfUUmU6jkgrFKBAtpNGz/cQIGjYqKo34+5Wvpmakqd+PPsSzPNtPKwzGFC4l9knkw5QejId6qETkRkbc0PGPmLmGQlN46wdiSo3ofwaM3vusw6H+cI9woO9TRj7roSTi+mA6QXdfym1i6SKVvPmAoXOrtgh5nziEo3A1uQ0CFm8Q3qJiHi41LWECM3zpM2FEO2g3aj9WxPHOoX7effFvl60HcHc/A==</ds:X509Certificate>
                     </ds:x509Data>
                 </ds:KeyInfo>
             </KeyDescriptor>
-            <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
-            <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://criticallabs.com/login/saml/response/84" />
+            <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress</NameIDFormat>
+            <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://criticallabs.com/login/saml/response/84">
+                <AttributeConsumingService index="0" />
+                <AttributeConsumingService>
+                    <ServiceName xml:lang="en">Critical Labs</ServiceName>
+                </AttributeConsumingService>
+                <AttributeConsumingService>
+                    <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="SAML_PERMISSIONS" FriendlyName="SAML_PERMISSIONS" />
+                </AttributeConsumingService>
+                <AttributeConsumingService>
+                    <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="FULL_ACCESS" FriendlyName="FULL_ACCESS" />
+                </AttributeConsumingService>
+                <AttributeConsumingService>
+                    <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="CAN_SHARE" FriendlyName="CAN_SHARE" />
+                </AttributeConsumingService>
+                <AttributeConsumingService>
+                    <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="MANAGE_EQUIPMENT" FriendlyName="MANAGE_EQUIPMENT" />
+                </AttributeConsumingService>
+                <AttributeConsumingService>
+                    <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="MANAGE_TEMPLATES" FriendlyName="MANAGE_TEMPLATES" />
+                </AttributeConsumingService>
+                <AttributeConsumingService>
+                    <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="MANAGE_LIBRARIES" FriendlyName="MANAGE_LIBRARIES" />
+                </AttributeConsumingService>
+            </AssertionConsumerService>
             <SingleLogoutService>
                 <Binding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</Binding>
                 <Location>https://criticallabs.com/logout</Location>
-- 
GitLab