From ccebf3f951b54fd958c2200c13f5979d25e1b38d Mon Sep 17 00:00:00 2001
From: Ryan Rumbaugh <rrumbaugh@nebraska.edu>
Date: Sun, 5 Jan 2025 11:00:12 -0600
Subject: [PATCH 1/2] Onboard new NeSIS Webfocus Test SP
---
nefed.xml | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 93 insertions(+)
diff --git a/nefed.xml b/nefed.xml
index a715708..c5290c2 100644
--- a/nefed.xml
+++ b/nefed.xml
@@ -36567,4 +36567,97 @@ PRD49iI+tL/VkGo=
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://itssapbwda.nebraska.edu:1443/sap/saml2/sp/acs/005" index="2"/>
</SPSSODescriptor>
</EntityDescriptor>
+ <EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="https___nefocustst.nebraska.edu_ibi_apps_sp" entityID="https://nefocustst.nebraska.edu/ibi_apps/sp">
+ <Extensions>
+ <mdrpi:RegistrationInfo registrationAuthority="https://nebraska.edu/iam/trueyou" />
+ <mdattr:EntityAttributes>
+ <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml:AttributeValue>
+ https://nebraska.edu/category/registered-by-trueyou</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute Name="http://shibboleth.net/ns/attributes/releaseAllValues" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml:AttributeValue>unNUID</saml:AttributeValue>
+ </saml:Attribute>
+ </mdattr:EntityAttributes>
+ <mdui:UIInfo>
+ <mdui:DisplayName xml:lang="en">WebFOCUS Test</mdui:DisplayName>
+ <mdui:Description xml:lang="en">WebFOCUS Test</mdui:Description>
+ <mdui:InformationURL xml:lang="en">https://its.nebraska.edu</mdui:InformationURL>
+ <mdui:PrivacyStatementURL xml:lang="en">https://its.nebraska.edu/policies-processes/idm-privacy-policy</mdui:PrivacyStatementURL>
+ <mdui:Logo height="85" width="141" xml:lang="en">https://campuscontent.nebraska.edu/common/wflogon/img/IB_WebFOCUS_Test.png</mdui:Logo>
+ </mdui:UIInfo>
+ </Extensions>
+ <SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDYTCCAkmgAwIBAgIESk3Z9TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxETAPBgNVBAcTCE5ldyBZb3JrMQwwCgYDVQQKEwNJQkkxETAPBgNVBAsMCGliaV9hcHBz
+ MREwDwYDVQQDEwhXZWJGT0NVUzAeFw0xNDA2MTExOTA2MzFaFw00MTEwMjcxOTA2MzFaMGExCzAJ
+ BgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsxDDAKBgNVBAoTA0lCSTER
+ MA8GA1UECwwIaWJpX2FwcHMxETAPBgNVBAMTCFdlYkZPQ1VTMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEAhLkB2M6jdSEu0gscXYVlw/BxIzpVBiKH2xlP+ttCHCcuS1R3jMRq4nobx6oJ
+ WrEGtntbbNx3lHZr4wVZYuk39cFUFy/UQzegfuOJekxnkDejX4uCRfQEikLQbUUHuQ6qE1eboHCt
+ sgeyE6hTvvawEecLWvKOOfGLY1QMbjPqjnkXr52ip1YLB9Sl1Aehwwh+FGhykepnTVApClD515RC
+ wgo1RFybQF/BzIogSLCKSudg3IeTuLdYh8z684F4b7MV4HayL4D7Cl43lQLjH34L4eJSsYP13tmK
+ FGPdr9oqSc28oe4glJeHI/Nu1gkx0vj0TLcVkyGFEHV9X/VsPXFSCwIDAQABoyEwHzAdBgNVHQ4E
+ FgQUUoHzEm4B/Gnh0xy/dwHh4DtWvuEwDQYJKoZIhvcNAQELBQADggEBAIMumM3yhM4YJ68FaUiP
+ cQU1PG82/GuAa1kPJiWiBo87L8EJJ2MycxbKNTCQT/C/7YdAkcWQKbjgpIxHPqq8zjegBEyh3dnE
+ pG/1Gtsk4ASUKL8mPo6iaiLTKV68D1nZWDfCRb3Mx34gEK7TlkOqxM/4QcUxMYPNYDCwb1KAdnjh
+ AIERaHDGCj+ud/sIzRRyidpc6JC7jG2lx6A+/gGNNQrNHCKvgszjxbmqsP093mBGn7oVJ9gMcrZx
+ 26fNd3Dwt38ePZFXuXdOyViEx1PcAiRjf2eKAgvj5Oju0END95f7EGZWZCAnBJK6zGfvGyoxiERS
+ FoiFj2WgZ6GGWSqduOg=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDYTCCAkmgAwIBAgIESk3Z9TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxETAPBgNVBAcTCE5ldyBZb3JrMQwwCgYDVQQKEwNJQkkxETAPBgNVBAsMCGliaV9hcHBz
+ MREwDwYDVQQDEwhXZWJGT0NVUzAeFw0xNDA2MTExOTA2MzFaFw00MTEwMjcxOTA2MzFaMGExCzAJ
+ BgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsxDDAKBgNVBAoTA0lCSTER
+ MA8GA1UECwwIaWJpX2FwcHMxETAPBgNVBAMTCFdlYkZPQ1VTMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEAhLkB2M6jdSEu0gscXYVlw/BxIzpVBiKH2xlP+ttCHCcuS1R3jMRq4nobx6oJ
+ WrEGtntbbNx3lHZr4wVZYuk39cFUFy/UQzegfuOJekxnkDejX4uCRfQEikLQbUUHuQ6qE1eboHCt
+ sgeyE6hTvvawEecLWvKOOfGLY1QMbjPqjnkXr52ip1YLB9Sl1Aehwwh+FGhykepnTVApClD515RC
+ wgo1RFybQF/BzIogSLCKSudg3IeTuLdYh8z684F4b7MV4HayL4D7Cl43lQLjH34L4eJSsYP13tmK
+ FGPdr9oqSc28oe4glJeHI/Nu1gkx0vj0TLcVkyGFEHV9X/VsPXFSCwIDAQABoyEwHzAdBgNVHQ4E
+ FgQUUoHzEm4B/Gnh0xy/dwHh4DtWvuEwDQYJKoZIhvcNAQELBQADggEBAIMumM3yhM4YJ68FaUiP
+ cQU1PG82/GuAa1kPJiWiBo87L8EJJ2MycxbKNTCQT/C/7YdAkcWQKbjgpIxHPqq8zjegBEyh3dnE
+ pG/1Gtsk4ASUKL8mPo6iaiLTKV68D1nZWDfCRb3Mx34gEK7TlkOqxM/4QcUxMYPNYDCwb1KAdnjh
+ AIERaHDGCj+ud/sIzRRyidpc6JC7jG2lx6A+/gGNNQrNHCKvgszjxbmqsP093mBGn7oVJ9gMcrZx
+ 26fNd3Dwt38ePZFXuXdOyViEx1PcAiRjf2eKAgvj5Oju0END95f7EGZWZCAnBJK6zGfvGyoxiERS
+ FoiFj2WgZ6GGWSqduOg=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://nefocustst.nebraska.edu/ibi_apps/saml/SingleLogout/alias/defaultWFAlias" />
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://nefocustst.nebraska.edu/ibi_apps/saml/SingleLogout/alias/defaultWFAlias" />
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://nefocustst.nebraska.edu/ibi_apps/saml/SSO/alias/defaultWFAlias" index="0" isDefault="true" />
+ </SPSSODescriptor>
+ <Organization>
+ <OrganizationName xml:lang="en-US">WebFOCUS Test</OrganizationName>
+ <OrganizationDisplayName xml:lang="en-US">WebFOCUS Test</OrganizationDisplayName>
+ <OrganizationURL xml:lang="en-US">https://its.nebraska.edu</OrganizationURL>
+ </Organization>
+ <ContactPerson contactType="technical">
+ <GivenName>Geoff Putney</GivenName>
+ <EmailAddress>gputney@nebraska.edu</EmailAddress>
+ </ContactPerson>
+ <ContactPerson contactType="support">
+ <GivenName>Geoff Putney</GivenName>
+ <EmailAddress>gputney@nebraska.edu</EmailAddress>
+ </ContactPerson>
+ <ContactPerson contactType="administrative">
+ <GivenName>Frank Dolezal</GivenName>
+ <EmailAddress>fdolezal@nebraska.edu</EmailAddress>
+ </ContactPerson>
+ </EntityDescriptor>
</EntitiesDescriptor>
--
GitLab
From 9e6e4b6a01f3faf644b03b297106794f386c9de8 Mon Sep 17 00:00:00 2001
From: Ryan Rumbaugh <rrumbaugh@nebraska.edu>
Date: Mon, 6 Jan 2025 15:49:52 -0600
Subject: [PATCH 2/2] Use persistent nameid
---
nefed.xml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/nefed.xml b/nefed.xml
index c5290c2..1f7622c 100644
--- a/nefed.xml
+++ b/nefed.xml
@@ -36638,8 +36638,7 @@ PRD49iI+tL/VkGo=
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://nefocustst.nebraska.edu/ibi_apps/saml/SingleLogout/alias/defaultWFAlias" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://nefocustst.nebraska.edu/ibi_apps/saml/SingleLogout/alias/defaultWFAlias" />
- <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://nefocustst.nebraska.edu/ibi_apps/saml/SSO/alias/defaultWFAlias" index="0" isDefault="true" />
</SPSSODescriptor>
<Organization>
--
GitLab