Merge branch 'develop'

ckan/config/dbca.ini

@@ -85,7 +85,8 @@ ckanext.saml2auth.idp_metadata.location = local
 
 # Path to a local file accessible on the server the service runs on
 # Ignore this config if the idp metadata location is set to: remote
-ckanext.saml2auth.idp_metadata.local_path = /srv/app/saml/dbca_idp.xml
+# Will be set via a environment variable CKANEXT__SAML2AUTH__IDP_METADATA__LOCAL_PATH
+# ckanext.saml2auth.idp_metadata.local_path = /srv/app/saml/dbca_staging_idp.xml
 
 # Corresponding SAML user field for firstname
 ckanext.saml2auth.user_firstname = givenName
@@ -108,7 +109,8 @@ ckanext.saml2auth.enable_ckan_internal_login = True
 
 # Entity ID (also know as Issuer)
 # Define the entity ID. Default is urn:mace:umu.se:saml:ckan:sp
-ckanext.saml2auth.entity_id = urn:mace:umu.se:saml:ckan_dbca_prod:sp
+# Will be set via a environment variable CKANEXT__SAML2AUTH__ENTITY_ID
+#ckanext.saml2auth.entity_id = urn:mace:umu.se:saml:ckan_dbca_staging:sp
 
 # A list of string values that will be used to set the <NameIDFormat> element of the metadata of an entity.
 # Default: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

ckan/saml/dbca_prod_idp.xml

@@ -0,0 +1,180 @@
+<?xml version="1.0" encoding="utf-8"?>
+<EntityDescriptor ID="_34ebf523-bdc4-498a-ad26-4a68991ba894" entityID="https://sts.windows.net/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/"
+    xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <SignedInfo>
+            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
+            <Reference URI="#_34ebf523-bdc4-498a-ad26-4a68991ba894">
+                <Transforms>
+                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                </Transforms>
+                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+                <DigestValue>D1tzApXI6ZLVLrRRkXpJinrjjIM9Dw7R6Z4PX9uMeMM=</DigestValue>
+            </Reference>
+        </SignedInfo>
+        <SignatureValue>CDbBXKGtCiOqoa8VZ+lqfz1YKp3AminyFoiF3XqJMwwL4qyyK6YETOcuN7I7TA8dZnavscq+TjlrlP5F22F23ttB4OsbsU9Im6b1pZa3mUwqhjl60LfDEiA/DLt+nDMrW9vKQrJ4kC3JApKXI7fDkehzK+hlqamhAyM7fzQ4qUs4j5A2XtfRxhNY7D7at1fZhPyn4ltApzsWQ9+scDGfM2bk6PXXPL5wYQUxtzt4HoDgvk27QUs2XeGMm+FYFbHtwNOcWnvisVR4MZSJrmAScpboUUfZQVO2Z8cKX+vKzLXs48YpueChRQfspMDNJtHNSwWciOcDNGb9sWfmFG7Kgw==</SignatureValue>
+        <KeyInfo>
+            <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                <ds:X509Certificate>MIIC8DCCAdigAwIBAgIQffsi+MjD7YxARMC68v57XjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3MTkwNDE4MzJaFw0yNzA3MTkwNDE4MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjs5zxB/ZHe0lYbgpnenhx2ybF3y+5Hawq/W/peh30i8cGxODJrTNwMnDU3kn5rHGiIjfjoIZhCClPFNxqGj3SamIt/0R468ZH+PgR1SiZN2Qph/8H8sKErf8kir+30cIW7hUNsCAehePTZ3dwtNFDXKf8qUn464FKyRRM62wOZrIh3azgv+Q0gBtSifZdOmbnFv6bkMehFLAMicZ5HIcmgsp0oOsLdiYohUlFKTbz50PYw7R0xbnTaZ/HfKSRf1qsQ+KcNqyNsZqL9VXh5S2mLWWhT8ijJ5IimvHag+edlNPNOwMDCkC2vnWYiz3gcZAbJHJzPrBJ6a7n0hPDDJhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBlgBlnV4RG9gkUe1JdLslRWgVL9ecfA9cY4N4uf52GiI8zvb0Br4TESfns8r0QXYvZD3XcYOm5sTyk0d2bEPmhAenV8xhXE7hv0aLnJA12LhTgMryA8BTKnk79hpfE3h3KTZHfWfnfch4kL7l0gH6BFCC4aRi+Ka9agI8d6UFh3XriuJgjaZb5ElYErf0rWrEOV1U1ULIOct1m4I26mO8aUhkvqmTokEcRGChSXdwUmU3TGiJugUfHmAlw5sq6Ui9d9nrTbpZX+WjkCGnhK7JD/wrYydaFaC4tlK8+YMwW2yhO6j3MYQcXxR6khVeFnMT9y8h73J6IglQk1U9f5fyc</ds:X509Certificate>
+            </ds:X509Data>
+        </KeyInfo>
+    </Signature>
+    <RoleDescriptor xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
+        <KeyDescriptor use="signing">
+            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                <X509Data>
+                    <X509Certificate>MIIC8DCCAdigAwIBAgIQffsi+MjD7YxARMC68v57XjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3MTkwNDE4MzJaFw0yNzA3MTkwNDE4MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjs5zxB/ZHe0lYbgpnenhx2ybF3y+5Hawq/W/peh30i8cGxODJrTNwMnDU3kn5rHGiIjfjoIZhCClPFNxqGj3SamIt/0R468ZH+PgR1SiZN2Qph/8H8sKErf8kir+30cIW7hUNsCAehePTZ3dwtNFDXKf8qUn464FKyRRM62wOZrIh3azgv+Q0gBtSifZdOmbnFv6bkMehFLAMicZ5HIcmgsp0oOsLdiYohUlFKTbz50PYw7R0xbnTaZ/HfKSRf1qsQ+KcNqyNsZqL9VXh5S2mLWWhT8ijJ5IimvHag+edlNPNOwMDCkC2vnWYiz3gcZAbJHJzPrBJ6a7n0hPDDJhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBlgBlnV4RG9gkUe1JdLslRWgVL9ecfA9cY4N4uf52GiI8zvb0Br4TESfns8r0QXYvZD3XcYOm5sTyk0d2bEPmhAenV8xhXE7hv0aLnJA12LhTgMryA8BTKnk79hpfE3h3KTZHfWfnfch4kL7l0gH6BFCC4aRi+Ka9agI8d6UFh3XriuJgjaZb5ElYErf0rWrEOV1U1ULIOct1m4I26mO8aUhkvqmTokEcRGChSXdwUmU3TGiJugUfHmAlw5sq6Ui9d9nrTbpZX+WjkCGnhK7JD/wrYydaFaC4tlK8+YMwW2yhO6j3MYQcXxR6khVeFnMT9y8h73J6IglQk1U9f5fyc</X509Certificate>
+                </X509Data>
+            </KeyInfo>
+        </KeyDescriptor>
+        <fed:ClaimTypesOffered>
+            <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Name</auth:DisplayName>
+                <auth:Description>The mutable display name of the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Subject</auth:DisplayName>
+                <auth:Description>An immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Given Name</auth:DisplayName>
+                <auth:Description>First name of the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Surname</auth:DisplayName>
+                <auth:Description>Last name of the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/displayname"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Display Name</auth:DisplayName>
+                <auth:Description>Display name of the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/nickname"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Nick Name</auth:DisplayName>
+                <auth:Description>Nick name of the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Authentication Instant</auth:DisplayName>
+                <auth:Description>The time (UTC) when the user is authenticated to Windows Azure Active Directory.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Authentication Method</auth:DisplayName>
+                <auth:Description>The method that Windows Azure Active Directory uses to authenticate users.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/objectidentifier"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>ObjectIdentifier</auth:DisplayName>
+                <auth:Description>Primary identifier for the user in the directory. Immutable, globally unique, non-reusable.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/tenantid"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>TenantId</auth:DisplayName>
+                <auth:Description>Identifier for the user's tenant.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/identityprovider"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>IdentityProvider</auth:DisplayName>
+                <auth:Description>Identity provider for the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Email</auth:DisplayName>
+                <auth:Description>Email address of the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Groups</auth:DisplayName>
+                <auth:Description>Groups of the user.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/accesstoken"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>External Access Token</auth:DisplayName>
+                <auth:Description>Access token issued by external identity provider.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>External Access Token Expiration</auth:DisplayName>
+                <auth:Description>UTC expiration time of access token issued by external identity provider.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/openid2_id"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>External OpenID 2.0 Identifier</auth:DisplayName>
+                <auth:Description>OpenID 2.0 identifier issued by external identity provider.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/claims/groups.link"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>GroupsOverageClaim</auth:DisplayName>
+                <auth:Description>Issued when number of user's group claims exceeds return limit.</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>Role Claim</auth:DisplayName>
+                <auth:Description>Roles that the user or Service Principal is attached to</auth:Description>
+            </auth:ClaimType>
+            <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/wids"
+                xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+                <auth:DisplayName>RoleTemplate Id Claim</auth:DisplayName>
+                <auth:Description>Role template id of the Built-in Directory Roles that the user is a member of</auth:Description>
+            </auth:ClaimType>
+        </fed:ClaimTypesOffered>
+        <fed:SecurityTokenServiceEndpoint>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://login.microsoftonline.com/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/wsfed</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:SecurityTokenServiceEndpoint>
+        <fed:PassiveRequestorEndpoint>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://login.microsoftonline.com/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/wsfed</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:PassiveRequestorEndpoint>
+    </RoleDescriptor>
+    <RoleDescriptor xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
+        <KeyDescriptor use="signing">
+            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                <X509Data>
+                    <X509Certificate>MIIC8DCCAdigAwIBAgIQffsi+MjD7YxARMC68v57XjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3MTkwNDE4MzJaFw0yNzA3MTkwNDE4MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjs5zxB/ZHe0lYbgpnenhx2ybF3y+5Hawq/W/peh30i8cGxODJrTNwMnDU3kn5rHGiIjfjoIZhCClPFNxqGj3SamIt/0R468ZH+PgR1SiZN2Qph/8H8sKErf8kir+30cIW7hUNsCAehePTZ3dwtNFDXKf8qUn464FKyRRM62wOZrIh3azgv+Q0gBtSifZdOmbnFv6bkMehFLAMicZ5HIcmgsp0oOsLdiYohUlFKTbz50PYw7R0xbnTaZ/HfKSRf1qsQ+KcNqyNsZqL9VXh5S2mLWWhT8ijJ5IimvHag+edlNPNOwMDCkC2vnWYiz3gcZAbJHJzPrBJ6a7n0hPDDJhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBlgBlnV4RG9gkUe1JdLslRWgVL9ecfA9cY4N4uf52GiI8zvb0Br4TESfns8r0QXYvZD3XcYOm5sTyk0d2bEPmhAenV8xhXE7hv0aLnJA12LhTgMryA8BTKnk79hpfE3h3KTZHfWfnfch4kL7l0gH6BFCC4aRi+Ka9agI8d6UFh3XriuJgjaZb5ElYErf0rWrEOV1U1ULIOct1m4I26mO8aUhkvqmTokEcRGChSXdwUmU3TGiJugUfHmAlw5sq6Ui9d9nrTbpZX+WjkCGnhK7JD/wrYydaFaC4tlK8+YMwW2yhO6j3MYQcXxR6khVeFnMT9y8h73J6IglQk1U9f5fyc</X509Certificate>
+                </X509Data>
+            </KeyInfo>
+        </KeyDescriptor>
+        <fed:TargetScopes>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://sts.windows.net/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:TargetScopes>
+        <fed:ApplicationServiceEndpoint>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://login.microsoftonline.com/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/wsfed</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:ApplicationServiceEndpoint>
+        <fed:PassiveRequestorEndpoint>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://login.microsoftonline.com/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/wsfed</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:PassiveRequestorEndpoint>
+    </RoleDescriptor>
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <KeyDescriptor use="signing">
+            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                <X509Data>
+                    <X509Certificate>MIIC8DCCAdigAwIBAgIQffsi+MjD7YxARMC68v57XjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3MTkwNDE4MzJaFw0yNzA3MTkwNDE4MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjs5zxB/ZHe0lYbgpnenhx2ybF3y+5Hawq/W/peh30i8cGxODJrTNwMnDU3kn5rHGiIjfjoIZhCClPFNxqGj3SamIt/0R468ZH+PgR1SiZN2Qph/8H8sKErf8kir+30cIW7hUNsCAehePTZ3dwtNFDXKf8qUn464FKyRRM62wOZrIh3azgv+Q0gBtSifZdOmbnFv6bkMehFLAMicZ5HIcmgsp0oOsLdiYohUlFKTbz50PYw7R0xbnTaZ/HfKSRf1qsQ+KcNqyNsZqL9VXh5S2mLWWhT8ijJ5IimvHag+edlNPNOwMDCkC2vnWYiz3gcZAbJHJzPrBJ6a7n0hPDDJhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBlgBlnV4RG9gkUe1JdLslRWgVL9ecfA9cY4N4uf52GiI8zvb0Br4TESfns8r0QXYvZD3XcYOm5sTyk0d2bEPmhAenV8xhXE7hv0aLnJA12LhTgMryA8BTKnk79hpfE3h3KTZHfWfnfch4kL7l0gH6BFCC4aRi+Ka9agI8d6UFh3XriuJgjaZb5ElYErf0rWrEOV1U1ULIOct1m4I26mO8aUhkvqmTokEcRGChSXdwUmU3TGiJugUfHmAlw5sq6Ui9d9nrTbpZX+WjkCGnhK7JD/wrYydaFaC4tlK8+YMwW2yhO6j3MYQcXxR6khVeFnMT9y8h73J6IglQk1U9f5fyc</X509Certificate>
+                </X509Data>
+            </KeyInfo>
+        </KeyDescriptor>
+        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/saml2" />
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/saml2" />
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/7b934664-cdcf-4e28-a3ee-1a5bcca0a1b6/saml2" />
+    </IDPSSODescriptor>
+</EntityDescriptor>