1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
--- 79fa04da5ee74043b09a4d02f8c5f9df9b8cb59a

+++ cd03e84822f982588b6d784737b65c887d98dd16

@@ -1,110 +1,192 @@

 <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
                   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                   xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
-                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                  xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
                   entityID="https://idp.rsmith.org.uk/idp/shibboleth"
                   >
-	 <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+	 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
 	 	 <Extensions>
-	 	 	 <shibmd:Scope regexp="false">cardiff.ac.uk</shibmd:Scope>
+	 	 	 <shibmd:Scope regexp="false">rsmith.org.uk</shibmd:Scope>
 	 	 </Extensions>
-	 	 <md:KeyDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                   use="signing"
-	 	                   >
-	 	 	 <ds:KeyInfo>
-	 	 	 	 <ds:X509Data>
-	 	 	 	 	 <ds:X509Certificate>MIIDHDCCAgSgAwIBAgIUe8wsOBcOivZ/X/QVj8+2Uw+jnbAwDQYJKoZIhvcNAQEF BQAwFzEVMBMGA1UEAxMMaWRwLmNmLmFjLnVrMB4XDTE0MDgxNDEzMTMxNVoXDTM0 MDgxNDEzMTMxNVowFzEVMBMGA1UEAxMMaWRwLmNmLmFjLnVrMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqXJD7Pmm0di7+qRkZYSDcc3JLPzVQkylFiV bvpNphN9Rt9cRVv/qvN1nZVMYCanwzDJSz6idD4jip33u1up1szRTn5vfQLT5ta5 +PBzZad2lIao4CGH4PzSbUTUxivhldMQShlonsxmtpdFinHOKMjt8WYXB7iF0qDm PQnJJC7tjHku/yc+d1Zh2VgzTG/OQ0fGvvkp5dFywjAAUH/ot/kheCqw4g0F/LHj PlKUMvGFZc7PnmYgVa7Xz9YI0ZJjdc8uCHsvEZfCpoDnTpigUUvqwuuvwdSR7aew SLcJi74+DXEZh/aa23HLVWrxk4xfMojpKVC+SwweohEeg4Wr3QIDAQABo2AwXjA9 BgNVHREENjA0ggxpZHAuY2YuYWMudWuGJGh0dHBzOi8vaWRwLmNhcmRpZmYuYWMu dWsvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUGzP0X/B4uf8Nz8c3KPWxG4gG8dQwDQYJ KoZIhvcNAQEFBQADggEBAGfqyC6ItIgEs3LtHUApmqvKDpFT90Uw03q4G5mwYT/Z 8V2ml+ppXGJJbz2tdQcyJOXr+Ik2UmFauYvtedsAuc+q2j1i4LMrveo03XP1NrHY BMwMbvsjPqRbHk8398M4XA92712iB448+8kwI8zwu5Nlbayu9JF84eSEsufQHaA3 2tEqUYZYw+5SIhUPPL+rJbOTh/sPYy0niY2RVX22MsBGHIH+c93gpSYoCdQI5XBu fj8uW6fP20q8JEagC8olauNbiOgoRFaxjTOjudZKT449m6DrOdbcvPgV0s0vxTlR tSTvwfp+LJO2OrKN2zIzV+mrAeKIWaatx542gFAATg8=</ds:X509Certificate>
-	 	 	 	 </ds:X509Data>
-	 	 	 </ds:KeyInfo>
-	 	 </md:KeyDescriptor>
-	 	 <md:KeyDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                   use="signing"
-	 	                   >
-	 	 	 <ds:KeyInfo>
-	 	 	 	 <ds:X509Data>
-	 	 	 	 	 <ds:X509Certificate>MIIEpDCCA4ygAwIBAgIQOAB7zJmYDdlOs5pElATXjjANBgkqhkiG9w0BAQUFADA2 MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg U1NMIENBMB4XDTExMDkxMjAwMDAwMFoXDTE0MDkxMTIzNTk1OVowgYIxCzAJBgNV BAYTAkdCMQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHQ2FyZGlmZjEbMBkGA1UE ChMSQ2FyZGlmZiBVbml2ZXJzaXR5MR0wGwYDVQQLExRJbmZvcm1hdGlvbiBTZXJ2 aWNlczEVMBMGA1UEAxMMaWRwLmNmLmFjLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA2SV/o63uSLmPFh0y6isL9BrgViJ23SovxgwDzlQhshhiZ6nO FxnnbrbVdwTAh63xgMSu5qDay6VSZF62sWVZQwLG9Cdi+eInp4F+eoAQhMztDutV m4PVf5dwLjUG6flDQnFkVBgDqhn3oclVl/tiFR1U+lMMDR2+gW6i2AGUmNGstd5R 5AwjGHoguqBHeJ47VcD8UBIaGr4v+bmfsTyZBu9Z39OY7yZ0/XxUoI18kiX4NjwG jf0YfMfbF1eUkF08Y6/lAt6lw5Es9QpUgcdylUzfWfYLduc8BiKMEahl78JzSe4Y RIhksJvqioGgRQ12gePXM6jiL49kFcXq/8xdZwIDAQABo4IBXzCCAVswHwYDVR0j BBgwFoAUDL2TaAzz3qujSWsrN1dH6pDjue0wHQYDVR0OBBYEFKrcERbDCnu2zOsc LdMKrxqmKHVNMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgId MDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVS RU5BU1NMQ0EuY3JsMG0GCCsGAQUFBwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDov L2NydC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGG Gmh0dHA6Ly9vY3NwLnRjcy50ZXJlbmEub3JnMBcGA1UdEQQQMA6CDGlkcC5jZi5h Yy51azANBgkqhkiG9w0BAQUFAAOCAQEAhrYmmoW5OdIh78MzIBUjJGkTNJ2BWrB5 0IKjlP9Khup4Q6c86qEDWX/Go8t8bC6ab0YphnBulP/yUxcV4iopNZl3YwSyrYHX dRJL68o3dsjlW5qIDq+Priug7/5C9PuxfdHGrRL3keBH/2rrOFf39hHuWBZmEMHj HVqadsAqvJqwP4RUYi3BZ8fvi3QXBdvJlIriKn+2xUdZ3AF/6BMyi63lSWgLe8Lf 7n1IeJ61VKfNV2Tq9fFN+VZL1BBdOjoAW2UvoGGB5uvF+prMF9uUSs1zyIMlk5NI BCZEbXB6ZmEupEmDR9Gztw2fvdSgXht3AjxW1+hV4ShOdi/LpYbkZg==</ds:X509Certificate>
-	 	 	 	 </ds:X509Data>
-	 	 	 </ds:KeyInfo>
-	 	 </md:KeyDescriptor>
-	 	 <md:ArtifactResolutionService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                               Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-	 	                               Location="https://idp.rsmith.org.uk:8443/idp/profile/SAML1/SOAP/ArtifactResolution"
-	 	                               index="1"
-	 	                               />
-	 	 <md:ArtifactResolutionService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                               Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-	 	                               Location="https://idp.rsmith.org.uk:8443/idp/profile/SAML2/SOAP/ArtifactResolution"
-	 	                               index="2"
-	 	                               />
-	 	 <md:SingleLogoutService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-	 	                         Location="https://idp.rsmith.org.uk/idp/profile/SAML2/Redirect/SLO"
-	 	                         />
-	 	 <md:SingleLogoutService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-	 	                         Location="https://idp.rsmith.org.uk/idp/profile/SAML2/POST/SLO"
-	 	                         />
-	 	 <md:SingleLogoutService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
-	 	                         Location="https://idp.rsmith.org.uk/idp/profile/SAML2/POST-SimpleSign/SLO"
-	 	                         />
-	 	 <md:SingleLogoutService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-	 	                         Location="https://idp.rsmith.org.uk:8443/idp/profile/SAML2/SOAP/SLO"
-	 	                         />
+	 	 <KeyDescriptor use="signing">
+	 	 	 <ds:KeyInfo>
+	 	 	 	 <ds:X509Data>
+	 	 	 	 	 <ds:X509Certificate>
+MIIDLzCCAhegAwIBAgIUK9DEIGDv4Ff0Wi8/uvBeGd5eyBswDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaWRwLnJzbWl0aC5vcmcudWswHhcNMTUwODI0MTQ1MTEy
+WhcNMzUwODI0MTQ1MTEyWjAcMRowGAYDVQQDDBFpZHAucnNtaXRoLm9yZy51azCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7VQekyk7mtK2+Q3bBT1yor
+LI0EaCfn/iv/+WiLUb46AlbeJ63js5lxnpN13PkA499rmchz1BoZ3TCgY4PORnVq
+c1tm4FMvEE8J9PGwtzLNjXZRRKcVGH9m+uZD2rKpxCDr7RvVdECXn+Ef4IZuBjfX
+cf7Av31JhwBFg8klqEYtSrNVkPuLzsZANB7TL7wwvmcXmwg/sAewFuKqn9tzGiRZ
+Ft6TZckeHiZlFyxu67DZPkI2d+itSRczMiKOLLj1Su+5VkeWXA8DQtB7wNhQH53o
+tvbLnoAHcgtxAyNLd/edsaUr12cDSwHutnXN0tvUyGZ2NJTWDl9l2+eOZS9oMkUC
+AwEAAaNpMGcwHQYDVR0OBBYEFCMGVfANgpH28R39mgFLHtIqv68ZMEYGA1UdEQQ/
+MD2CEWlkcC5yc21pdGgub3JnLnVrhihodHRwczovL2lkcC5yc21pdGgub3JnLnVr
+L2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQAOHbNUtEcdeh4abEI9
+Ow8UorELXPMs8SMEh8uNfWyT5qe3qQ3KvRKt3T7qTAWwxkD3spnnfKAVCm/5BIPQ
+9BOjlsD/M11CoE3AgGvLTrComFyCUWp9ONtgyN+vG0vWOStfwaNyNAepL/MVyccD
+6ERiSKKcUrAh5n/+PkA4uLnZTbfxF8RVaQfEHe19JOJyUEF6q2xVyeGMi0UiWvdU
+ycMpGziHHivS+fp17vBSEm8bxtThUybNf9o3P+xvBcEaoStNsfzjxKBo56OFAqyV
+p10apvU7O4BFOqWg+8deIyCGZoAHpTm22MeyoLo9LlCvXNdzYRwURxGq36jRnuCL
+He9a
+                        </ds:X509Certificate>
+	 	 	 	 </ds:X509Data>
+	 	 	 </ds:KeyInfo>
+	 	 </KeyDescriptor>
+	 	 <KeyDescriptor use="signing">
+	 	 	 <ds:KeyInfo>
+	 	 	 	 <ds:X509Data>
+	 	 	 	 	 <ds:X509Certificate>
+MIIDLzCCAhegAwIBAgIUYnvfoMBUueVONNjmaouAYnntwdUwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaWRwLnJzbWl0aC5vcmcudWswHhcNMTUwODI0MTQ1MTA4
+WhcNMzUwODI0MTQ1MTA4WjAcMRowGAYDVQQDDBFpZHAucnNtaXRoLm9yZy51azCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIGrUlYHovXJOZ98APwykmXr
+J32JsQOzZGyc5CQ/ybyjdNwlmLDtxNcuqvXxaLPVQOKwx3v4lojTbwXTEUrqTev4
+t/dUULCosCs2yAxM/qvVos2Eejc2HPpcRCK1RkEiM2Orfy2xtC72SG0/WYeG8XdJ
+l8npWiUxWjRHAUhvKxqUQ65Yf7r4kN/kQd+IUAF85d3daIBBCt4Het2k8BDh9Oq3
+bmMfn4QtPVJa006mLAFYu668atPcqQkw/M8vm8epMSWSeVJBJIznGKR+7Slhz7Za
+qFtkBzp99Bf/IUF89TSuVC1TtVzTPBHu6Kq7Q0S1xtiz5TuWnzzDJJ5j4SzaXicC
+AwEAAaNpMGcwHQYDVR0OBBYEFJdJhR6iLvVIYxNPBGvcGEMP0yg+MEYGA1UdEQQ/
+MD2CEWlkcC5yc21pdGgub3JnLnVrhihodHRwczovL2lkcC5yc21pdGgub3JnLnVr
+L2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQBlY8o7Xxvx1X2A9hVq
+a6pubECXMGoKwEKaKPRCg0/MjHxMfNp+W1qry1U4dksY+zkZDYSUyi734evLerzZ
+ldUBGWBa+0uRQfDZZs6+TUHqwe0C76p4q7gOF20Jpo8EJ6BID52su3IlR2S3GjLH
+AY36CZ3REpahIC3KBvRq53o9ZI7jLX5IcYAbccptqwOI7PlZDekt0HHRu61KpVZk
+lZBzsSHZrm4KkpmiOece1xC400Zq8/GLJ2F1kZaih0ugsN5qA2zKqqTJaAhyXwf3
+LwRivthQNpAmJNymJsAPIh1vJ4DK2NxzIbtDEVOawuPgtb8ACjcpBbeVMmKrBRpE
+RVjJ
+                        </ds:X509Certificate>
+	 	 	 	 </ds:X509Data>
+	 	 	 </ds:KeyInfo>
+	 	 </KeyDescriptor>
+	 	 <KeyDescriptor use="encryption">
+	 	 	 <ds:KeyInfo>
+	 	 	 	 <ds:X509Data>
+	 	 	 	 	 <ds:X509Certificate>
+MIIDLzCCAhegAwIBAgIUZzaEwAwF83jA7Z8vp4qVNNq1yD8wDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaWRwLnJzbWl0aC5vcmcudWswHhcNMTUwODI0MTQ1MTA5
+WhcNMzUwODI0MTQ1MTA5WjAcMRowGAYDVQQDDBFpZHAucnNtaXRoLm9yZy51azCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIggh2f64Q4fwbdSkvzdh07w
+zeJnTgO2WmzFBJK+P1K8WloxxS4OkeX6cCPgPChmRUBUF1CXNXFyPI0iO4SreJUo
+09CDo5Jm6n3NKqzxBzDrzDBS3Y2QO5qir55BkDli73+PLDMt58w78sqzFa8vyK9r
+3j2ZfibIzVDfXuQCvvqeb0l8ltRHauV1anHwAm2yQVSj0ZQd77G6lPtt9dzS/M/i
+U5SRnYwGJuGcVK+XPafIhbKLyou89W0IpZqN6/QZAc3GuF+k5e25+ux17Qn9m75b
+CT9OEbFRGUds06VADsSwSYD/NugyeOaHsIx2lQg+aaBMC/VAf/NUVXYKNw9CuvEC
+AwEAAaNpMGcwHQYDVR0OBBYEFFmsU9OW5eFpKoVKccjaBY3i8R9rMEYGA1UdEQQ/
+MD2CEWlkcC5yc21pdGgub3JnLnVrhihodHRwczovL2lkcC5yc21pdGgub3JnLnVr
+L2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQB1ail1hpHiTjeZAfW4
+m3KGnnLZEUAV9CKIHrVYjRpQdJeUyHUm86ceKglML3S5EjSeQZrupCTQUzdU/z94
+xOUGLxq/USPbwW4jFYIrDNta8qA8QsOwovFF94MP9Vk6bkt0LnzcdRvKN5WvB0KT
+CasTgxcJaADA4UMkXXt0cnEYQhLRVa20SciTBieGAqfh1zT5M6y6zZP7kt2B2y2i
+nu1p6UpFPXstwY7PlJUlHi2RRMF2WwbWxrgMuOwnFJqvxqFvbfCLsFC9CPNs5o3X
+dAQ40T5IMDyhZ95T7NVp1jRGcFYAPNwrBTlYOq85hGwlae+5Ma1dzFqU79resaAs
+QpNX
+                        </ds:X509Certificate>
+	 	 	 	 </ds:X509Data>
+	 	 	 </ds:KeyInfo>
+	 	 </KeyDescriptor>
+	 	 <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+	 	                            Location="https://idp.rsmith.org.uk:8443/idp/profile/SAML1/SOAP/ArtifactResolution"
+	 	                            index="1"
+	 	                            />
+	 	 <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+	 	                            Location="https://idp.rsmith.org.uk:8443/idp/profile/SAML2/SOAP/ArtifactResolution"
+	 	                            index="2"
+	 	                            />
 	 	 <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-	 	 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
 	 	 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-	 	 <md:SingleSignOnService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-	 	                         Location="https://idp.rsmith.org.uk/idp/profile/Shibboleth/SSO"
-	 	                         />
-	 	 <md:SingleSignOnService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-	 	                         Location="https://idp.rsmith.org.uk/idp/profile/SAML2/POST/SSO"
-	 	                         />
-	 	 <md:SingleSignOnService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
-	 	                         Location="https://idp.rsmith.org.uk/idp/profile/SAML2/POST-SimpleSign/SSO"
-	 	                         />
-	 	 <md:SingleSignOnService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	 	                         Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-	 	                         Location="https://idp.rsmith.org.uk/idp/profile/SAML2/Redirect/SSO"
-	 	                         />
+	 	 <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+	 	                      Location="https://idp.rsmith.org.uk/idp/profile/Shibboleth/SSO"
+	 	                      />
+	 	 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+	 	                      Location="https://idp.rsmith.org.uk/idp/profile/SAML2/POST/SSO"
+	 	                      />
+	 	 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
+	 	                      Location="https://idp.rsmith.org.uk/idp/profile/SAML2/POST-SimpleSign/SSO"
+	 	                      />
+	 	 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+	 	                      Location="https://idp.rsmith.org.uk/idp/profile/SAML2/Redirect/SSO"
+	 	                      />
 	 </IDPSSODescriptor>
-	 <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+	 <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
 	 	 <Extensions>
-	 	 	 <shibmd:Scope regexp="false">cardiff.ac.uk</shibmd:Scope>
+	 	 	 <shibmd:Scope regexp="false">rsmith.org.uk</shibmd:Scope>
 	 	 </Extensions>
-	 	 <KeyDescriptor>
-	 	 	 <ds:KeyInfo>
-	 	 	 	 <ds:X509Data>
-	 	 	 	 	 <ds:X509Certificate>
-MIIEpDCCA4ygAwIBAgIQOAB7zJmYDdlOs5pElATXjjANBgkqhkiG9w0BAQUFADA2
-MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg
-U1NMIENBMB4XDTExMDkxMjAwMDAwMFoXDTE0MDkxMTIzNTk1OVowgYIxCzAJBgNV
-BAYTAkdCMQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHQ2FyZGlmZjEbMBkGA1UE
-ChMSQ2FyZGlmZiBVbml2ZXJzaXR5MR0wGwYDVQQLExRJbmZvcm1hdGlvbiBTZXJ2
-aWNlczEVMBMGA1UEAxMMaWRwLmNmLmFjLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA2SV/o63uSLmPFh0y6isL9BrgViJ23SovxgwDzlQhshhiZ6nO
-FxnnbrbVdwTAh63xgMSu5qDay6VSZF62sWVZQwLG9Cdi+eInp4F+eoAQhMztDutV
-m4PVf5dwLjUG6flDQnFkVBgDqhn3oclVl/tiFR1U+lMMDR2+gW6i2AGUmNGstd5R
-5AwjGHoguqBHeJ47VcD8UBIaGr4v+bmfsTyZBu9Z39OY7yZ0/XxUoI18kiX4NjwG
-jf0YfMfbF1eUkF08Y6/lAt6lw5Es9QpUgcdylUzfWfYLduc8BiKMEahl78JzSe4Y
-RIhksJvqioGgRQ12gePXM6jiL49kFcXq/8xdZwIDAQABo4IBXzCCAVswHwYDVR0j
-BBgwFoAUDL2TaAzz3qujSWsrN1dH6pDjue0wHQYDVR0OBBYEFKrcERbDCnu2zOsc
-LdMKrxqmKHVNMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgId
-MDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVS
-RU5BU1NMQ0EuY3JsMG0GCCsGAQUFBwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDov
-L2NydC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGG
-Gmh0dHA6Ly9vY3NwLnRjcy50ZXJlbmEub3JnMBcGA1UdEQQQMA6CDGlkcC5jZi5h
-Yy51azANBgkqhkiG9w0BAQUFAAOCAQEAhrYmmoW5OdIh78MzIBUjJGkTNJ2BWrB5
-0IKjlP9Khup4Q6c86qEDWX/Go8t8bC6ab0YphnBulP/yUxcV4iopNZl3YwSyrYHX
-dRJL68o3dsjlW5qIDq+Priug7/5C9PuxfdHGrRL3keBH/2rrOFf39hHuWBZmEMHj
-HVqadsAqvJqwP4RUYi3BZ8fvi3QXBdvJlIriKn+2xUdZ3AF/6BMyi63lSWgLe8Lf
-7n1IeJ61VKfNV2Tq9fFN+VZL1BBdOjoAW2UvoGGB5uvF+prMF9uUSs1zyIMlk5NI
-BCZEbXB6ZmEupEmDR9Gztw2fvdSgXht3AjxW1+hV4ShOdi/LpYbkZg==
+	 	 <KeyDescriptor use="signing">
+	 	 	 <ds:KeyInfo>
+	 	 	 	 <ds:X509Data>
+	 	 	 	 	 <ds:X509Certificate>
+MIIDLzCCAhegAwIBAgIUK9DEIGDv4Ff0Wi8/uvBeGd5eyBswDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaWRwLnJzbWl0aC5vcmcudWswHhcNMTUwODI0MTQ1MTEy
+WhcNMzUwODI0MTQ1MTEyWjAcMRowGAYDVQQDDBFpZHAucnNtaXRoLm9yZy51azCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7VQekyk7mtK2+Q3bBT1yor
+LI0EaCfn/iv/+WiLUb46AlbeJ63js5lxnpN13PkA499rmchz1BoZ3TCgY4PORnVq
+c1tm4FMvEE8J9PGwtzLNjXZRRKcVGH9m+uZD2rKpxCDr7RvVdECXn+Ef4IZuBjfX
+cf7Av31JhwBFg8klqEYtSrNVkPuLzsZANB7TL7wwvmcXmwg/sAewFuKqn9tzGiRZ
+Ft6TZckeHiZlFyxu67DZPkI2d+itSRczMiKOLLj1Su+5VkeWXA8DQtB7wNhQH53o
+tvbLnoAHcgtxAyNLd/edsaUr12cDSwHutnXN0tvUyGZ2NJTWDl9l2+eOZS9oMkUC
+AwEAAaNpMGcwHQYDVR0OBBYEFCMGVfANgpH28R39mgFLHtIqv68ZMEYGA1UdEQQ/
+MD2CEWlkcC5yc21pdGgub3JnLnVrhihodHRwczovL2lkcC5yc21pdGgub3JnLnVr
+L2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQAOHbNUtEcdeh4abEI9
+Ow8UorELXPMs8SMEh8uNfWyT5qe3qQ3KvRKt3T7qTAWwxkD3spnnfKAVCm/5BIPQ
+9BOjlsD/M11CoE3AgGvLTrComFyCUWp9ONtgyN+vG0vWOStfwaNyNAepL/MVyccD
+6ERiSKKcUrAh5n/+PkA4uLnZTbfxF8RVaQfEHe19JOJyUEF6q2xVyeGMi0UiWvdU
+ycMpGziHHivS+fp17vBSEm8bxtThUybNf9o3P+xvBcEaoStNsfzjxKBo56OFAqyV
+p10apvU7O4BFOqWg+8deIyCGZoAHpTm22MeyoLo9LlCvXNdzYRwURxGq36jRnuCL
+He9a
+                        </ds:X509Certificate>
+	 	 	 	 </ds:X509Data>
+	 	 	 </ds:KeyInfo>
+	 	 </KeyDescriptor>
+	 	 <KeyDescriptor use="signing">
+	 	 	 <ds:KeyInfo>
+	 	 	 	 <ds:X509Data>
+	 	 	 	 	 <ds:X509Certificate>
+MIIDLzCCAhegAwIBAgIUYnvfoMBUueVONNjmaouAYnntwdUwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaWRwLnJzbWl0aC5vcmcudWswHhcNMTUwODI0MTQ1MTA4
+WhcNMzUwODI0MTQ1MTA4WjAcMRowGAYDVQQDDBFpZHAucnNtaXRoLm9yZy51azCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIGrUlYHovXJOZ98APwykmXr
+J32JsQOzZGyc5CQ/ybyjdNwlmLDtxNcuqvXxaLPVQOKwx3v4lojTbwXTEUrqTev4
+t/dUULCosCs2yAxM/qvVos2Eejc2HPpcRCK1RkEiM2Orfy2xtC72SG0/WYeG8XdJ
+l8npWiUxWjRHAUhvKxqUQ65Yf7r4kN/kQd+IUAF85d3daIBBCt4Het2k8BDh9Oq3
+bmMfn4QtPVJa006mLAFYu668atPcqQkw/M8vm8epMSWSeVJBJIznGKR+7Slhz7Za
+qFtkBzp99Bf/IUF89TSuVC1TtVzTPBHu6Kq7Q0S1xtiz5TuWnzzDJJ5j4SzaXicC
+AwEAAaNpMGcwHQYDVR0OBBYEFJdJhR6iLvVIYxNPBGvcGEMP0yg+MEYGA1UdEQQ/
+MD2CEWlkcC5yc21pdGgub3JnLnVrhihodHRwczovL2lkcC5yc21pdGgub3JnLnVr
+L2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQBlY8o7Xxvx1X2A9hVq
+a6pubECXMGoKwEKaKPRCg0/MjHxMfNp+W1qry1U4dksY+zkZDYSUyi734evLerzZ
+ldUBGWBa+0uRQfDZZs6+TUHqwe0C76p4q7gOF20Jpo8EJ6BID52su3IlR2S3GjLH
+AY36CZ3REpahIC3KBvRq53o9ZI7jLX5IcYAbccptqwOI7PlZDekt0HHRu61KpVZk
+lZBzsSHZrm4KkpmiOece1xC400Zq8/GLJ2F1kZaih0ugsN5qA2zKqqTJaAhyXwf3
+LwRivthQNpAmJNymJsAPIh1vJ4DK2NxzIbtDEVOawuPgtb8ACjcpBbeVMmKrBRpE
+RVjJ
+                        </ds:X509Certificate>
+	 	 	 	 </ds:X509Data>
+	 	 	 </ds:KeyInfo>
+	 	 </KeyDescriptor>
+	 	 <KeyDescriptor use="encryption">
+	 	 	 <ds:KeyInfo>
+	 	 	 	 <ds:X509Data>
+	 	 	 	 	 <ds:X509Certificate>
+MIIDLzCCAhegAwIBAgIUZzaEwAwF83jA7Z8vp4qVNNq1yD8wDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaWRwLnJzbWl0aC5vcmcudWswHhcNMTUwODI0MTQ1MTA5
+WhcNMzUwODI0MTQ1MTA5WjAcMRowGAYDVQQDDBFpZHAucnNtaXRoLm9yZy51azCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIggh2f64Q4fwbdSkvzdh07w
+zeJnTgO2WmzFBJK+P1K8WloxxS4OkeX6cCPgPChmRUBUF1CXNXFyPI0iO4SreJUo
+09CDo5Jm6n3NKqzxBzDrzDBS3Y2QO5qir55BkDli73+PLDMt58w78sqzFa8vyK9r
+3j2ZfibIzVDfXuQCvvqeb0l8ltRHauV1anHwAm2yQVSj0ZQd77G6lPtt9dzS/M/i
+U5SRnYwGJuGcVK+XPafIhbKLyou89W0IpZqN6/QZAc3GuF+k5e25+ux17Qn9m75b
+CT9OEbFRGUds06VADsSwSYD/NugyeOaHsIx2lQg+aaBMC/VAf/NUVXYKNw9CuvEC
+AwEAAaNpMGcwHQYDVR0OBBYEFFmsU9OW5eFpKoVKccjaBY3i8R9rMEYGA1UdEQQ/
+MD2CEWlkcC5yc21pdGgub3JnLnVrhihodHRwczovL2lkcC5yc21pdGgub3JnLnVr
+L2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQB1ail1hpHiTjeZAfW4
+m3KGnnLZEUAV9CKIHrVYjRpQdJeUyHUm86ceKglML3S5EjSeQZrupCTQUzdU/z94
+xOUGLxq/USPbwW4jFYIrDNta8qA8QsOwovFF94MP9Vk6bkt0LnzcdRvKN5WvB0KT
+CasTgxcJaADA4UMkXXt0cnEYQhLRVa20SciTBieGAqfh1zT5M6y6zZP7kt2B2y2i
+nu1p6UpFPXstwY7PlJUlHi2RRMF2WwbWxrgMuOwnFJqvxqFvbfCLsFC9CPNs5o3X
+dAQ40T5IMDyhZ95T7NVp1jRGcFYAPNwrBTlYOq85hGwlae+5Ma1dzFqU79resaAs
+QpNX
                         </ds:X509Certificate>
 	 	 	 	 </ds:X509Data>
 	 	 	 </ds:KeyInfo>
@@ -115,34 +197,5 @@

 	 	 <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
 	 	                   Location="https://idp.rsmith.org.uk:8443/idp/profile/SAML2/SOAP/AttributeQuery"
 	 	                   />
-	 	 <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-	 	 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
-	 	 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 	 </AttributeAuthorityDescriptor>
-	 <md:Organization xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-	 	 <md:OrganizationName xml:lang="en">Rhys Smith</md:OrganizationName>
-	 	 <md:OrganizationDisplayName xml:lang="en">Rhys Smith</md:OrganizationDisplayName>
-	 	 <md:OrganizationURL xml:lang="en">http://www.rsmith.org.uk/</md:OrganizationURL>
-	 </md:Organization>
-	 <md:ContactPerson xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	                   contactType="support"
-	                   >
-	 	 <md:GivenName>Rhys</md:GivenName>
-	 	 <md:SurName>Smith</md:SurName>
-	 	 <md:EmailAddress>mailto:rhys@rsmith.org.uk</md:EmailAddress>
-	 </md:ContactPerson>
-	 <md:ContactPerson xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	                   contactType="technical"
-	                   >
-	 	 <md:GivenName>Rhys</md:GivenName>
-	 	 <md:SurName>Smith</md:SurName>
-	 	 <md:EmailAddress>mailto:rhys@rsmith.org.uk</md:EmailAddress>
-	 </md:ContactPerson>
-	 <md:ContactPerson xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	                   contactType="administrative"
-	                   >
-	 	 <md:GivenName>Rhys</md:GivenName>
-	 	 <md:SurName>Smith</md:SurName>
-	 	 <md:EmailAddress>mailto:rhys@rsmith.org.uk</md:EmailAddress>
-	 </md:ContactPerson>
 </EntityDescriptor>