1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.nikhef.nl/sso/saml2/idp/metadata.php" ID="pfxbbd7c989-a6b1-6b50-37e2-0939d7f1fe07"><ds:Signature>
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#pfxbbd7c989-a6b1-6b50-37e2-0939d7f1fe07"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>phrFnv5n0cZEqSN+rd5e9Yca8Wc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pfc7bXaP0ykIJ/+0GSHSrcO1UGmeTHgGCrdbVi8ognTjFrRV5l7I4uyQVILw04IZxUkdh3v9eXGY5d1Cq9FFAh80Hf2K7zB2vcHvc/46OiqgZ/ZVzMyD6OWZpq+5c7P9/Ib2rGX3d4dd/4ZJVYp504f5E3AC8o5kcxPHsJ3UN7wf4w9kSeuUAqRzuldmGkBNpFTxkTqe9AGOJrPcSYK4SXg2zVENxUPk24zL58feHJnhhthmgni3B/z+U0Wb0IkO68hwDtwbDzu9pMGYU5TlJilF+PiFE2ebILxu1Rw3fqV+1C9BqI9KgQC10EI8qCA2UtBQaLnuIyzfyVGk0mRG2A==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
  <md:Extensions>
    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">https://refeds.org/sirtfi</saml:AttributeValue>
      </saml:Attribute>
    </mdattr:EntityAttributes>
  </md:Extensions>
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:Extensions>
      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nikhef.nl</shibmd:Scope>
      <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <mdui:IPHint>192.16.185.0/24</mdui:IPHint>
        <mdui:IPHint>192.16.186.0/24</mdui:IPHint>
        <mdui:IPHint>192.16.199.0/24</mdui:IPHint>
        <mdui:IPHint>192.16.194.0/24</mdui:IPHint>
        <mdui:IPHint>192.16.195.0/24</mdui:IPHint>
        <mdui:IPHint>192.16.192.0/24</mdui:IPHint>
        <mdui:IPHint>145.102.132.0/22</mdui:IPHint>
        <mdui:IPHint>194.171.96.0/21</mdui:IPHint>
        <mdui:IPHint>2001:610:120::0/48</mdui:IPHint>
        <mdui:DomainHint>nikhef.nl</mdui:DomainHint>
        <mdui:GeolocationHint>geo:52.3562717,4.9512118</mdui:GeolocationHint>
      </mdui:DiscoHints>
    </md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDHjCCAgYCCQCcnhg77CcIvDANBgkqhkiG9w0BAQUFADBRMRIwEAYKCZImiZPyLGQBGRYCbmwxFjAUBgoJkiaJk/IsZAEZFgZuaWtoZWYxCzAJBgNVBAsTAkNUMRYwFAYDVQQDEw1zc28ubmlraGVmLm5sMB4XDTEyMTAyMzEyMzk0N1oXDTIyMTAyMTEyMzk0N1owUTESMBAGCgmSJomT8ixkARkWAm5sMRYwFAYKCZImiZPyLGQBGRYGbmlraGVmMQswCQYDVQQLEwJDVDEWMBQGA1UEAxMNc3NvLm5pa2hlZi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2/7Ijvd16yzYdUJkh9cQC3N7adnh5qTEfomVDBOFXAPIxv7Qb042Fy35lgZseAd1hbj2RbKHUpDrWj+q7u5u1/7BALa630O1xdRwIfb5twR5PuLxx1eGXs2Q6YQIeNIvdxVS0gMpXdDl7GMaZU+CMs82SSTz3KrX6wJvywzdv5ZflL7tOy4Ouo59NVFj2dGWEki86ekj7uDutjcp1SqolVLBhqECn4fTEHPju+fjz1h90MXez/LPQpMGXAJFSY97lm99b7PeKcFKlPfwZjYsEQ398eG48bgAeADIAqSI3ZOKz5392VWOxLcOx8lPnF5IjLF3rmOq9Lq+0NR8gsIdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAet+PrAdxBd4oQMfE2yxUzCG/oiD1YnsrKT2juwdCU/7INiMLrzYhibMWmV4fB/YbLd1HdH78qt6NIpYhr5NZtjLgiLa+4nl1TbAcnSRl9rNyHlIU4TLo6xpUbSqv7U44JsP/TJ2gRlMNnGGIhr6+4DnYlB/yPe2rkuZmNqBTI+0UzEGwkYYjtASL9HLga5YbVVyLCC85lYg7dDNzT+lPom0yWZlXXtERqBf1ahzw25Jvmfa3frtnh43YYGeY4Y7EUOots2nadkv8gBhd9m68NU2fdrNk+xd5/jbQpFm4cAdk1eNi2djTMQHr8es8sBvOfWJuhZ2IxLyVBXqBLKeQ8Q==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.nikhef.nl/sso/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.nikhef.nl/sso/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en">Nikhef - Dutch National Institute for Subatomic Physics</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">Nikhef</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">https://www.nikhef.nl/</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="technical">
    <md:GivenName>Helpdesk Nikhef CT</md:GivenName>
    <md:EmailAddress>helpdesk@nikhef.nl</md:EmailAddress>
  </md:ContactPerson>
  <md:ContactPerson xmlns:icmd="http://id.incommon.org/metadata" contactType="other" icmd:contactType="http://id.incommon.org/metadata/contactType/security">
     <md:GivenName>CSIRT</md:GivenName>
     <md:SurName>Nikhef</md:SurName>
     <md:EmailAddress>security@nikhef.nl</md:EmailAddress>
    <md:TelephoneNumber>+31205925090</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="administrative">
     <md:SurName>Nikhef</md:SurName>
     <md:EmailAddress>nikidm-admin@nikhef.nl</md:EmailAddress>
    <md:TelephoneNumber>+31205922000</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="support">
     <md:SurName>Nikhef</md:SurName>
     <md:EmailAddress>helpdesk@nikhef.nl</md:EmailAddress>
    <md:TelephoneNumber>+31205922200</md:TelephoneNumber>
  </md:ContactPerson>
</md:EntityDescriptor>