1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
--- 9e9467ea8f0121ac6013ef79a43c90f95631aad2

+++ 1dc5c7013bcb61b4266be3e8c4dcde4335e505a6

@@ -1,92 +1,78 @@

-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-                     xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
-                     xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
-                     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-                     entityID="https://sso.nikhef.nl/sso/saml2/idp/metadata.php"
-                     ID="pfx84a658ec-3aac-3077-78ac-1482114f0399"
-                     >
-	 <ds:Signature>
-	 	 <ds:SignedInfo>
-	 	 	 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
-	 	 	 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
-	 	 	 <ds:Reference URI="#pfx84a658ec-3aac-3077-78ac-1482114f0399">
-	 	 	 	 <ds:Transforms>
-	 	 	 	 	 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
-	 	 	 	 	 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
-	 	 	 	 </ds:Transforms>
-	 	 	 	 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
-	 	 	 	 <ds:DigestValue>pyE8Lz7P/nbYSrDCt/b2cCZSuaY=</ds:DigestValue>
-	 	 	 </ds:Reference>
-	 	 </ds:SignedInfo>
-	 	 <ds:SignatureValue>kFOyUjtwTxPLdvlLPMJDekROC3hMxDhGbFhcxH7viSdSNwU3OrHuqfjnxuvZmSEMW82+4W1yVRpXdBQmRTpsYprdfBBn6d9tnwAqzPVhbkNV1A8m6CwtLaFCIqNUsMcw3Fxkt/ZxEUD1pLtMy/M33J/56L6m+P3bJ/GGEduwXh7E3VqEGkcUP3I3zi1CSiPWwzIWcWIXcWxMKEvzlf0pkwvkiZnwLkH3fIiwuErUW5owhQbMS7/sZP2Ss2wKCvQ2IRWw1o0kBi921h0VisLbagcq0rDwWkd2GE2w0zCdjsOSWuxBuTcBu+yh/9HbWhmg8lHmOv2IPTJmeXOxD86ofQ==</ds:SignatureValue>
-	 	 <ds:KeyInfo>
-	 	 	 <ds:X509Data>
-	 	 	 	 <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
-	 	 	 </ds:X509Data>
-	 	 </ds:KeyInfo>
-	 </ds:Signature>
-	 <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-	 	 <md:Extensions>
-	 	 	 <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
-	 	 	               regexp="false"
-	 	 	               >nikhef.nl</shibmd:Scope>
-	 	 	 <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
-	 	 	 	 <mdui:IPHint>192.16.185.0/24</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>192.16.186.0/24</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>192.16.199.0/24</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>192.16.194.0/24</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>192.16.195.0/24</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>192.16.192.0/24</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>145.102.132.0/22</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>194.171.96.0/21</mdui:IPHint>
-	 	 	 	 <mdui:IPHint>2001:610:120::0/48</mdui:IPHint>
-	 	 	 	 <mdui:DomainHint>nikhef.nl</mdui:DomainHint>
-	 	 	 	 <mdui:GeolocationHint>geo:52.3562717,4.9512118</mdui:GeolocationHint>
-	 	 	 </mdui:DiscoHints>
-	 	 </md:Extensions>
-	 	 <md:KeyDescriptor use="signing">
-	 	 	 <ds:KeyInfo>
-	 	 	 	 <ds:X509Data>
-	 	 	 	 	 <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
-	 	 	 	 </ds:X509Data>
-	 	 	 </ds:KeyInfo>
-	 	 </md:KeyDescriptor>
-	 	 <md:KeyDescriptor use="encryption">
-	 	 	 <ds:KeyInfo>
-	 	 	 	 <ds:X509Data>
-	 	 	 	 	 <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
-	 	 	 	 </ds:X509Data>
-	 	 	 </ds:KeyInfo>
-	 	 </md:KeyDescriptor>
-	 	 <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-	 	                         Location="https://sso.nikhef.nl/sso/saml2/idp/SingleLogoutService.php"
-	 	                         />
-	 	 <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
-	 	 <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-	 	                         Location="https://sso.nikhef.nl/sso/saml2/idp/SSOService.php"
-	 	                         />
-	 </md:IDPSSODescriptor>
-	 <md:Organization>
-	 	 <md:OrganizationName xml:lang="en">Nikhef - een samenwerkingsverband van Stichting voor Fundamenteel Onderzoek der Materie, Universiteit van Amsterdam, Vrije Universiteit Amsterdam, Universiteit Utrecht, en Radboud Universiteit Nijmegen</md:OrganizationName>
-	 	 <md:OrganizationDisplayName xml:lang="en">Nikhef</md:OrganizationDisplayName>
-	 	 <md:OrganizationURL xml:lang="en">https://www.nikhef.nl/</md:OrganizationURL>
-	 </md:Organization>
-	 <md:ContactPerson contactType="technical">
-	 	 <md:GivenName>Helpdesk</md:GivenName>
-	 	 <md:SurName>Nikhef CT</md:SurName>
-	 	 <md:EmailAddress>helpdesk@nikhef.nl</md:EmailAddress>
-	 </md:ContactPerson>
-	 <md:ContactPerson contactType="administrative">
-	 	 <md:GivenName>Team</md:GivenName>
-	 	 <md:SurName>IdM Administrators</md:SurName>
-	 	 <md:EmailAddress>nikidm-admin@nikhef.nl</md:EmailAddress>
-	 </md:ContactPerson>
-	 <md:ContactPerson contactType="support">
-	 	 <md:SurName>Helpdesk Team</md:SurName>
-	 	 <md:EmailAddress>helpdesk@nikhef.nl</md:EmailAddress>
-	 </md:ContactPerson>
-	 <md:ContactPerson contactType="other">
-	 	 <md:SurName>Nikhef CSIRT Security Team</md:SurName>
-	 	 <md:EmailAddress>security@nikhef.nl</md:EmailAddress>
-	 </md:ContactPerson>
+<?xml version="1.0"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.nikhef.nl/sso/saml2/idp/metadata.php" ID="pfxbbd7c989-a6b1-6b50-37e2-0939d7f1fe07"><ds:Signature>
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfxbbd7c989-a6b1-6b50-37e2-0939d7f1fe07"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>phrFnv5n0cZEqSN+rd5e9Yca8Wc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pfc7bXaP0ykIJ/+0GSHSrcO1UGmeTHgGCrdbVi8ognTjFrRV5l7I4uyQVILw04IZxUkdh3v9eXGY5d1Cq9FFAh80Hf2K7zB2vcHvc/46OiqgZ/ZVzMyD6OWZpq+5c7P9/Ib2rGX3d4dd/4ZJVYp504f5E3AC8o5kcxPHsJ3UN7wf4w9kSeuUAqRzuldmGkBNpFTxkTqe9AGOJrPcSYK4SXg2zVENxUPk24zL58feHJnhhthmgni3B/z+U0Wb0IkO68hwDtwbDzu9pMGYU5TlJilF+PiFE2ebILxu1Rw3fqV+1C9BqI9KgQC10EI8qCA2UtBQaLnuIyzfyVGk0mRG2A==</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+  <md:Extensions>
+    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
+      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">https://refeds.org/sirtfi</saml:AttributeValue>
+      </saml:Attribute>
+    </mdattr:EntityAttributes>
+  </md:Extensions>
+  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:Extensions>
+      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nikhef.nl</shibmd:Scope>
+      <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
+        <mdui:IPHint>192.16.185.0/24</mdui:IPHint>
+        <mdui:IPHint>192.16.186.0/24</mdui:IPHint>
+        <mdui:IPHint>192.16.199.0/24</mdui:IPHint>
+        <mdui:IPHint>192.16.194.0/24</mdui:IPHint>
+        <mdui:IPHint>192.16.195.0/24</mdui:IPHint>
+        <mdui:IPHint>192.16.192.0/24</mdui:IPHint>
+        <mdui:IPHint>145.102.132.0/22</mdui:IPHint>
+        <mdui:IPHint>194.171.96.0/21</mdui:IPHint>
+        <mdui:IPHint>2001:610:120::0/48</mdui:IPHint>
+        <mdui:DomainHint>nikhef.nl</mdui:DomainHint>
+        <mdui:GeolocationHint>geo:52.3562717,4.9512118</mdui:GeolocationHint>
+      </mdui:DiscoHints>
+    </md:Extensions>
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:KeyDescriptor use="encryption">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.nikhef.nl/sso/saml2/idp/SingleLogoutService.php"/>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.nikhef.nl/sso/saml2/idp/SSOService.php"/>
+  </md:IDPSSODescriptor>
+  <md:Organization>
+    <md:OrganizationName xml:lang="en">Nikhef - Dutch National Institute for Subatomic Physics</md:OrganizationName>
+    <md:OrganizationDisplayName xml:lang="en">Nikhef</md:OrganizationDisplayName>
+    <md:OrganizationURL xml:lang="en">https://www.nikhef.nl/</md:OrganizationURL>
+  </md:Organization>
+  <md:ContactPerson contactType="technical">
+    <md:GivenName>Helpdesk Nikhef CT</md:GivenName>
+    <md:EmailAddress>helpdesk@nikhef.nl</md:EmailAddress>
+  </md:ContactPerson>
+  <md:ContactPerson xmlns:icmd="http://id.incommon.org/metadata" contactType="other" icmd:contactType="http://id.incommon.org/metadata/contactType/security">
+     <md:GivenName>CSIRT</md:GivenName>
+     <md:SurName>Nikhef</md:SurName>
+     <md:EmailAddress>security@nikhef.nl</md:EmailAddress>
+    <md:TelephoneNumber>+31205925090</md:TelephoneNumber>
+  </md:ContactPerson>
+  <md:ContactPerson contactType="administrative">
+     <md:SurName>Nikhef</md:SurName>
+     <md:EmailAddress>nikidm-admin@nikhef.nl</md:EmailAddress>
+    <md:TelephoneNumber>+31205922000</md:TelephoneNumber>
+  </md:ContactPerson>
+  <md:ContactPerson contactType="support">
+     <md:SurName>Nikhef</md:SurName>
+     <md:EmailAddress>helpdesk@nikhef.nl</md:EmailAddress>
+    <md:TelephoneNumber>+31205922200</md:TelephoneNumber>
+  </md:ContactPerson>
 </md:EntityDescriptor>
+