1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                     xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
                     xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
                     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                     entityID="https://sso.nikhef.nl/sso/saml2/idp/metadata.php"
                     ID="pfx84a658ec-3aac-3077-78ac-1482114f0399"
                     >
	 <ds:Signature>
	 	 <ds:SignedInfo>
	 	 	 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
	 	 	 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
	 	 	 <ds:Reference URI="#pfx84a658ec-3aac-3077-78ac-1482114f0399">
	 	 	 	 <ds:Transforms>
	 	 	 	 	 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
	 	 	 	 	 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
	 	 	 	 </ds:Transforms>
	 	 	 	 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
	 	 	 	 <ds:DigestValue>pyE8Lz7P/nbYSrDCt/b2cCZSuaY=</ds:DigestValue>
	 	 	 </ds:Reference>
	 	 </ds:SignedInfo>
	 	 <ds:SignatureValue>kFOyUjtwTxPLdvlLPMJDekROC3hMxDhGbFhcxH7viSdSNwU3OrHuqfjnxuvZmSEMW82+4W1yVRpXdBQmRTpsYprdfBBn6d9tnwAqzPVhbkNV1A8m6CwtLaFCIqNUsMcw3Fxkt/ZxEUD1pLtMy/M33J/56L6m+P3bJ/GGEduwXh7E3VqEGkcUP3I3zi1CSiPWwzIWcWIXcWxMKEvzlf0pkwvkiZnwLkH3fIiwuErUW5owhQbMS7/sZP2Ss2wKCvQ2IRWw1o0kBi921h0VisLbagcq0rDwWkd2GE2w0zCdjsOSWuxBuTcBu+yh/9HbWhmg8lHmOv2IPTJmeXOxD86ofQ==</ds:SignatureValue>
	 	 <ds:KeyInfo>
	 	 	 <ds:X509Data>
	 	 	 	 <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
	 	 	 </ds:X509Data>
	 	 </ds:KeyInfo>
	 </ds:Signature>
	 <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
	 	 <md:Extensions>
	 	 	 <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
	 	 	               regexp="false"
	 	 	               >nikhef.nl</shibmd:Scope>
	 	 	 <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
	 	 	 	 <mdui:IPHint>192.16.185.0/24</mdui:IPHint>
	 	 	 	 <mdui:IPHint>192.16.186.0/24</mdui:IPHint>
	 	 	 	 <mdui:IPHint>192.16.199.0/24</mdui:IPHint>
	 	 	 	 <mdui:IPHint>192.16.194.0/24</mdui:IPHint>
	 	 	 	 <mdui:IPHint>192.16.195.0/24</mdui:IPHint>
	 	 	 	 <mdui:IPHint>192.16.192.0/24</mdui:IPHint>
	 	 	 	 <mdui:IPHint>145.102.132.0/22</mdui:IPHint>
	 	 	 	 <mdui:IPHint>194.171.96.0/21</mdui:IPHint>
	 	 	 	 <mdui:IPHint>2001:610:120::0/48</mdui:IPHint>
	 	 	 	 <mdui:DomainHint>nikhef.nl</mdui:DomainHint>
	 	 	 	 <mdui:GeolocationHint>geo:52.3562717,4.9512118</mdui:GeolocationHint>
	 	 	 </mdui:DiscoHints>
	 	 </md:Extensions>
	 	 <md:KeyDescriptor use="signing">
	 	 	 <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
	 	 	 	 <ds:X509Data>
	 	 	 	 	 <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
	 	 	 	 </ds:X509Data>
	 	 	 </ds:KeyInfo>
	 	 </md:KeyDescriptor>
	 	 <md:KeyDescriptor use="encryption">
	 	 	 <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
	 	 	 	 <ds:X509Data>
	 	 	 	 	 <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
	 	 	 	 </ds:X509Data>
	 	 	 </ds:KeyInfo>
	 	 </md:KeyDescriptor>
	 	 <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
	 	                         Location="https://sso.nikhef.nl/sso/saml2/idp/SingleLogoutService.php"
	 	                         />
	 	 <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
	 	 <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
	 	                         Location="https://sso.nikhef.nl/sso/saml2/idp/SSOService.php"
	 	                         />
	 </md:IDPSSODescriptor>
	 <md:Organization>
	 	 <md:OrganizationName xml:lang="en">Nikhef - een samenwerkingsverband van Stichting voor Fundamenteel Onderzoek der Materie, Universiteit van Amsterdam, Vrije Universiteit Amsterdam, Universiteit Utrecht, en Radboud Universiteit Nijmegen</md:OrganizationName>
	 	 <md:OrganizationDisplayName xml:lang="en">Nikhef</md:OrganizationDisplayName>
	 	 <md:OrganizationURL xml:lang="en">https://www.nikhef.nl/</md:OrganizationURL>
	 </md:Organization>
	 <md:ContactPerson contactType="technical">
	 	 <md:GivenName>Helpdesk</md:GivenName>
	 	 <md:SurName>Nikhef CT</md:SurName>
	 	 <md:EmailAddress>helpdesk@nikhef.nl</md:EmailAddress>
	 </md:ContactPerson>
</md:EntityDescriptor>