From 780bbb95b4320b9036f7730857c022765fe06885 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Mon, 11 Feb 2019 16:05:03 -0600
Subject: [PATCH] [nojira] update for new test IdP

---
 .../admin/ui/configuration/DevConfig.groovy   |   8 +
 .../src/test/docker/conf/application.yml      |   5 +
 .../src/test/docker/conf/idp-metadata.xml     | 239 ++++++++++++++----
 3 files changed, 198 insertions(+), 54 deletions(-)

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy
index a137526a4..3bc4bc02d 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy
@@ -79,6 +79,14 @@ class DevConfig {
                 emailAddress = 'anon@institution.edu'
                 roles.add(roleRepository.findByName('ROLE_ADMIN').get())
                 it
+            }, new User().with { // allow us to auto-login as an admin
+                username = 'shibui-admin1'
+                password = '{noop}anonymous'
+                firstName = 'shibui'
+                lastName = 'admin'
+                emailAddress = 'jj@unicon.net'
+                roles.add(roleRepository.findByName('ROLE_ADMIN').get())
+                it
             }]
             users.each {
                 adminUserRepository.save(it)
diff --git a/pac4j-module/src/test/docker/conf/application.yml b/pac4j-module/src/test/docker/conf/application.yml
index e24389d17..f8c4317ce 100644
--- a/pac4j-module/src/test/docker/conf/application.yml
+++ b/pac4j-module/src/test/docker/conf/application.yml
@@ -19,6 +19,11 @@ shibui:
     forceServiceProviderMetadataGeneration: true
     callbackUrl: "https://localhost:8443/callback"
     maximumAuthenticationLifetime: 3600000
+    saml2ProfileMapping:
+      username: urn:oid:0.9.2342.19200300.100.1.1
+      firstName: urn:oid:2.5.4.42
+      lastName: urn:oid:2.5.4.4
+      email: urn:oid:0.9.2342.19200300.100.1.3
 logging:
   level:
     org.pac4j: "TRACE"
diff --git a/pac4j-module/src/test/docker/conf/idp-metadata.xml b/pac4j-module/src/test/docker/conf/idp-metadata.xml
index 0c0924b54..6cb8c8117 100644
--- a/pac4j-module/src/test/docker/conf/idp-metadata.xml
+++ b/pac4j-module/src/test/docker/conf/idp-metadata.xml
@@ -1,82 +1,213 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idp.unicon.net/idp/shibboleth">
+<EntityDescriptor  xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://shibboleth.mpt.unicon.net/idp/shibboleth">
 
-    <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
 
         <Extensions>
-            <shibmd:Scope regexp="false">unicon.net</shibmd:Scope>
-            <mdui:UIInfo>
-                <mdui:DisplayName xml:lang="en">Unicon, Inc.</mdui:DisplayName>
-                <mdui:Description xml:lang="en">Login service for Unicon Employees</mdui:Description>
-                <mdui:Logo height="40" width="135" xml:lang="en">https://idp.unicon.net/logo_135_0.png</mdui:Logo>
-            </mdui:UIInfo>
+            <shibmd:Scope regexp="false">mpt.unicon.net</shibmd:Scope>
+            <!--
+                Fill in the details for your IdP here
+
+                        <mdui:UIInfo>
+                            <mdui:DisplayName xml:lang="en">A Name for the IdP at shibboleth.mpt.unicon.net</mdui:DisplayName>
+                            <mdui:Description xml:lang="en">Enter a description of your IdP at shibboleth.mpt.unicon.net</mdui:Description>
+                            <mdui:Logo height="80" width="80">https://shibboleth.mpt.unicon.net/Path/To/Logo.png</mdui:Logo>
+                        </mdui:UIInfo>
+            -->
         </Extensions>
 
         <KeyDescriptor use="signing">
             <ds:KeyInfo>
                 <ds:X509Data>
                     <ds:X509Certificate>
-                        MIIDIzCCAgugAwIBAgIUIEHTfbStY0ckKZzxIgqd5p1O2K0wDQYJKoZIhvcNAQEF
-                        BQAwGTEXMBUGA1UEAxMOaWRwLnVuaWNvbi5uZXQwHhcNMTEwOTEzMDMyMzE2WhcN
-                        MzEwOTEzMDMyMzE2WjAZMRcwFQYDVQQDEw5pZHAudW5pY29uLm5ldDCCASIwDQYJ
-                        KoZIhvcNAQEBBQADggEPADCCAQoCggEBANtUsFXxlhvD3bWT5Y7TqKkf5rxa+dPA
-                        z7vpbJ6bWhDPSMXb/9MiJe/ciY5ZKKrB1rdRC04s7blrzem3YtjGihfGd4ld+NRt
-                        Pi0xoAT2YIp83CvEe5BHAKwqD7KTonN1unbN84mVo65itbme9d8lZKc0PfLM+BQp
-                        fhXKUBfYeBCkYU4YWxmgL4Vs7XBaKjEjpTN4ncar4YSrarWTTPyO5RzmVPLAcv88
-                        1OBqewTyN41+JRXt0Jopi4ZQ8JjKkm73vhoYDBPHr/VMqk1lFfrDcDwJa2ygyWCm
-                        qTlq6zyLE9Fr6sYz6CbgA2lAqu/b1rYCqVCnRpoHZKahAQ9uGQSfHD8CAwEAAaNj
-                        MGEwQAYDVR0RBDkwN4IOaWRwLnVuaWNvbi5uZXSGJWh0dHBzOi8vaWRwLnVuaWNv
-                        bi5uZXQvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFK6yUrpGjvY3B09ke0kVl4wA
-                        CMAnMA0GCSqGSIb3DQEBBQUAA4IBAQDG/gMpr3N+nAMuo7RhtDBsckiJV2+BwT/r
-                        JmpxlHAV1Zgc3eeuOdyxm5/jA78tspLldL0+6W/LzZWov/je36IqVT1wSGy1n0Sc
-                        Pjw8DHgyEJLCij2vVScV+j/Y4Eg0bVy6pZTeQW+e3ygb6WgiVT/ARM8QBp6GjAUC
-                        qIlJCads9Rcx3vAih72I4exUUD4qMuBMeLIdY5XReHy5YHqxbkPjQhDIEORAFlzJ
-                        jLqO/Ldzn4waEa5snDZyeYjsl6pi+8CVGfXLSDVsDuk5s47B9OD+gOSJ1wEc7O/N
-                        nU9d/WCcM1V4IGZGL8TXUdfJoVXYZUFF08jUGSL2mj30WS1orIWo
-
+                        MIIDUDCCAjigAwIBAgIVANJjXOfRMLZl0ggUKcix1vGeULobMA0GCSqGSIb3DQEB
+                        CwUAMCQxIjAgBgNVBAMMGXNoaWJib2xldGgubXB0LnVuaWNvbi5uZXQwHhcNMTgw
+                        ODEwMjIzNzQ1WhcNMzgwODEwMjIzNzQ1WjAkMSIwIAYDVQQDDBlzaGliYm9sZXRo
+                        Lm1wdC51bmljb24ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+                        nxzksqMYjCHqRWuSw2sAv6XeC7qfGCnuHzP8NhfQbSuNpeifASOV8+5iOaOoVTUD
+                        iTyAudXklgP6Ul6wmw7iku1TNl5Q/gt5+iFUvMS8ZHo8PuNTCCYhfxUtkRpL3CAt
+                        qghzE9Zsd1hKb/yw640oM986Mg7Icx6Xy9L83Tm2mhgTBwHtNUqN4ShI4zFmYPbH
+                        7jjHWlExNhzkkv1IudrLMcxSYj2zgxG7DxE3t2JEUIAWxTGAkEIDVdZaKvlkVVkp
+                        t3sZjpfBLPhqprDdcbiszhg2YrITtO52i92ynAH1irYnNVjRKvHZ+sGTtg2uenpj
+                        Qu/cohBkKGE3nC7CVCQqKwIDAQABo3kwdzAdBgNVHQ4EFgQUsedlUmbDiHP3qKvD
+                        gn2gMdzoAuYwVgYDVR0RBE8wTYIZc2hpYmJvbGV0aC5tcHQudW5pY29uLm5ldIYw
+                        aHR0cHM6Ly9zaGliYm9sZXRoLm1wdC51bmljb24ubmV0L2lkcC9zaGliYm9sZXRo
+                        MA0GCSqGSIb3DQEBCwUAA4IBAQAmifiYwbGlWvxYUdqdkwfyulGzsF/AFamI7aU+
+                        0a+vCNokKMA2qED3TagRgbyijFrviES0IMr48upcXIba+LsGsLdJBRoKTi0cBVtN
+                        pkfSMDDIZWrKRE785aYw5SvtOT+O83pJNBvayqPA9p0AHkIdoIZ5Va8f4aRMGLFh
+                        J3yrN2kFpfsmdwaVobeTLxyJCe4gh29CqqJLJfBWK+cTqWqq17gP5v9/hX5E33v4
+                        TxQ0Kyhk110fZre9wE0lxGF9JpIICK4Hw7OcQo+pqus0SFdIpF+yxwbscajWZ7lc
+                        PDZlbYpSYHHfEl3rYtdpP/LJdGe5O9sckIeAtpi/nYw9WjFF
                     </ds:X509Certificate>
                 </ds:X509Data>
             </ds:KeyInfo>
+
         </KeyDescriptor>
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+                        MIIDTzCCAjegAwIBAgIUUwMnlrU9wjjhEPjnqTSeKUAVNzIwDQYJKoZIhvcNAQEL
+                        BQAwJDEiMCAGA1UEAwwZc2hpYmJvbGV0aC5tcHQudW5pY29uLm5ldDAeFw0xODA4
+                        MTAyMjM3NDVaFw0zODA4MTAyMjM3NDVaMCQxIjAgBgNVBAMMGXNoaWJib2xldGgu
+                        bXB0LnVuaWNvbi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7
+                        MqrBJfI28Z69eIDRttdOJKaCP456uavRcukQixBMlosIfo9Bs6h2RAShCL+qpr7u
+                        kU4Io2t+pRcf0PUZA+cjX5GY5Mvq0qedi1smcFP/G88QbY1g8w4WUy9nxu2F+e1T
+                        vRnoiclhLcqMA3ALi6j8hRbCYJc0fLtLmdIxoBkYlg9ocnffKff1pYfAGuKxjtus
+                        XkoFU72t3fxuWpmWmeh1tMlevmifqs3oDWJ0WUXZnuiTnm1OrveVqigvlZI9Q2ui
+                        aXc/atJwNlYyQ5aRyZrONh+CO0u+P2d+fIeyHoYAS9m7jlmElHwhGC5LdAyoTzPM
+                        yIGq2iBYRKFz7uU7YjY5AgMBAAGjeTB3MB0GA1UdDgQWBBTlpwwcXISXwYddmFNE
+                        m+hOlP9RGTBWBgNVHREETzBNghlzaGliYm9sZXRoLm1wdC51bmljb24ubmV0hjBo
+                        dHRwczovL3NoaWJib2xldGgubXB0LnVuaWNvbi5uZXQvaWRwL3NoaWJib2xldGgw
+                        DQYJKoZIhvcNAQELBQADggEBAGIUoJCJpuVYycLCLQKMTyK64EeC5ENIBiSiD8HG
+                        iDc/8jUNhcJs2L1zTSMGLINgZp6VmA5wq89caAQvnCHZ32QQRwgcSYPdcuH9NW08
+                        9c6XNLUzUDFdTMmYB5xXP0cdJALADkKAtkU+KyI50s33EZbhnOLVkEI06MEDApGH
+                        RyGtUfk7mVPPKCd8F5gapotattC3S8NPZR3+obuwvFgVx8rqP3+D+C+MsF1kNyN9
+                        cQDAOQ89Dy632CGgouEtYaNYEaqFT9NOlDrqMp3BjPwD+qTvRDoVQ6c3m+wadrqE
+                        Obuqe3/bQswltJMtQI1g0Maf58z5xe70oDnN267chrCfu58=
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
 
+        </KeyDescriptor>
         <KeyDescriptor use="encryption">
             <ds:KeyInfo>
                 <ds:X509Data>
                     <ds:X509Certificate>
-                        MIIDIzCCAgugAwIBAgIUIEHTfbStY0ckKZzxIgqd5p1O2K0wDQYJKoZIhvcNAQEF
-                        BQAwGTEXMBUGA1UEAxMOaWRwLnVuaWNvbi5uZXQwHhcNMTEwOTEzMDMyMzE2WhcN
-                        MzEwOTEzMDMyMzE2WjAZMRcwFQYDVQQDEw5pZHAudW5pY29uLm5ldDCCASIwDQYJ
-                        KoZIhvcNAQEBBQADggEPADCCAQoCggEBANtUsFXxlhvD3bWT5Y7TqKkf5rxa+dPA
-                        z7vpbJ6bWhDPSMXb/9MiJe/ciY5ZKKrB1rdRC04s7blrzem3YtjGihfGd4ld+NRt
-                        Pi0xoAT2YIp83CvEe5BHAKwqD7KTonN1unbN84mVo65itbme9d8lZKc0PfLM+BQp
-                        fhXKUBfYeBCkYU4YWxmgL4Vs7XBaKjEjpTN4ncar4YSrarWTTPyO5RzmVPLAcv88
-                        1OBqewTyN41+JRXt0Jopi4ZQ8JjKkm73vhoYDBPHr/VMqk1lFfrDcDwJa2ygyWCm
-                        qTlq6zyLE9Fr6sYz6CbgA2lAqu/b1rYCqVCnRpoHZKahAQ9uGQSfHD8CAwEAAaNj
-                        MGEwQAYDVR0RBDkwN4IOaWRwLnVuaWNvbi5uZXSGJWh0dHBzOi8vaWRwLnVuaWNv
-                        bi5uZXQvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFK6yUrpGjvY3B09ke0kVl4wA
-                        CMAnMA0GCSqGSIb3DQEBBQUAA4IBAQDG/gMpr3N+nAMuo7RhtDBsckiJV2+BwT/r
-                        JmpxlHAV1Zgc3eeuOdyxm5/jA78tspLldL0+6W/LzZWov/je36IqVT1wSGy1n0Sc
-                        Pjw8DHgyEJLCij2vVScV+j/Y4Eg0bVy6pZTeQW+e3ygb6WgiVT/ARM8QBp6GjAUC
-                        qIlJCads9Rcx3vAih72I4exUUD4qMuBMeLIdY5XReHy5YHqxbkPjQhDIEORAFlzJ
-                        jLqO/Ldzn4waEa5snDZyeYjsl6pi+8CVGfXLSDVsDuk5s47B9OD+gOSJ1wEc7O/N
-                        nU9d/WCcM1V4IGZGL8TXUdfJoVXYZUFF08jUGSL2mj30WS1orIWo
-
+                        MIIDUDCCAjigAwIBAgIVAPJ+hmxRUcPUO6AGY+btaYhgkJqGMA0GCSqGSIb3DQEB
+                        CwUAMCQxIjAgBgNVBAMMGXNoaWJib2xldGgubXB0LnVuaWNvbi5uZXQwHhcNMTgw
+                        ODEwMjIzNzQ1WhcNMzgwODEwMjIzNzQ1WjAkMSIwIAYDVQQDDBlzaGliYm9sZXRo
+                        Lm1wdC51bmljb24ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+                        vRTRYpsnxOjjAXDtlimV8vHveDtC+RAABm7CVzcGzYCKRIuP2fhMA5cImQJ4hNAd
+                        PGjDOgopMbRO2KZ285Hyux2J7MJp7mBjALt5nb0ASBn9w0vG2xkDn3SM0sFtiXxE
+                        dGWhNa3rGSd4UFmPPnauaAT7uXLuwmf48kXQrB2FSaJrg7dodLmElhBriwewMszk
+                        iJ1agkVvKRIiQh0pMsyRN+T4331t95mWW7Mze6WqWilCCEQCHQaTn51oFgvP0SDk
+                        fQ/cMufHHoBYnCMOhrIWNFJ0SKXVHJ6rDTrgB3LRB45JAgq4RMiYzqFrvkdZQ8w5
+                        JJUeS/vPrCrXCCcNw8BgoQIDAQABo3kwdzAdBgNVHQ4EFgQUqKX2WwgXnEG/nJrP
+                        Q+VNvBTmxOswVgYDVR0RBE8wTYIZc2hpYmJvbGV0aC5tcHQudW5pY29uLm5ldIYw
+                        aHR0cHM6Ly9zaGliYm9sZXRoLm1wdC51bmljb24ubmV0L2lkcC9zaGliYm9sZXRo
+                        MA0GCSqGSIb3DQEBCwUAA4IBAQCwzD80lVm6BV0QSOJayrI0CEQSPUUs+y2teOPv
+                        vfGF4Yf3lYd29WdkdcP3ThgWEnX+RW1R4bAh5IEdpmsFBOkZFEamda4Y3t9YbwBs
+                        Jh4bI+LAXmwCHhmBCmF60n78j7kaBWqsic2LJS1j7S0TvsttiW1Ku1rr3c76zncU
+                        eRwuUnFlUDWdSzRJVQXz102MNAuEU1aSZDpmyDYR/ohCTMtsFxfhH6iBQ5GkmSwb
+                        CTqpAtFWs5I4X2Af/CPoYQvqjlmCNjUrRuaDmzlVv7BBCBsYal02rK3bD0hnk5MY
+                        /lEfUgFasEoUz7RqLvMt3rx/esZ9JA2j7YY2jcpt8+B6sXoA
                     </ds:X509Certificate>
                 </ds:X509Data>
             </ds:KeyInfo>
+
         </KeyDescriptor>
+
+        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.mpt.unicon.net:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
+        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://shibboleth.mpt.unicon.net:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
+
         <!--
-                <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.unicon.net/idp/profile/SAML2/Redirect/SLO"/>
-                <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.unicon.net/idp/profile/SAML2/POST/SLO"/>
-                <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.unicon.net/idp/profile/SAML2/POST-SimpleSign/SLO"/>
+        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://shibboleth.mpt.unicon.net/idp/profile/SAML2/Redirect/SLO"/>
+        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://shibboleth.mpt.unicon.net/idp/profile/SAML2/POST/SLO"/>
+        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://shibboleth.mpt.unicon.net/idp/profile/SAML2/POST-SimpleSign/SLO"/>
+        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://shibboleth.mpt.unicon.net:8443/idp/profile/SAML2/SOAP/SLO"/>
         -->
-        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 
-        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.unicon.net/idp/profile/Shibboleth/SSO"/>
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.unicon.net/idp/profile/SAML2/POST/SSO"/>
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.unicon.net/idp/profile/SAML2/POST-SimpleSign/SSO"/>
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.unicon.net/idp/profile/SAML2/Redirect/SSO"/>
+        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.mpt.unicon.net/idp/profile/Shibboleth/SSO"/>
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://shibboleth.mpt.unicon.net/idp/profile/SAML2/POST/SSO"/>
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://shibboleth.mpt.unicon.net/idp/profile/SAML2/POST-SimpleSign/SSO"/>
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://shibboleth.mpt.unicon.net/idp/profile/SAML2/Redirect/SSO"/>
+
     </IDPSSODescriptor>
 
-</EntityDescriptor>
+
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+
+        <Extensions>
+            <shibmd:Scope regexp="false">mpt.unicon.net</shibmd:Scope>
+        </Extensions>
+
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+                        MIIDUDCCAjigAwIBAgIVANJjXOfRMLZl0ggUKcix1vGeULobMA0GCSqGSIb3DQEB
+                        CwUAMCQxIjAgBgNVBAMMGXNoaWJib2xldGgubXB0LnVuaWNvbi5uZXQwHhcNMTgw
+                        ODEwMjIzNzQ1WhcNMzgwODEwMjIzNzQ1WjAkMSIwIAYDVQQDDBlzaGliYm9sZXRo
+                        Lm1wdC51bmljb24ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+                        nxzksqMYjCHqRWuSw2sAv6XeC7qfGCnuHzP8NhfQbSuNpeifASOV8+5iOaOoVTUD
+                        iTyAudXklgP6Ul6wmw7iku1TNl5Q/gt5+iFUvMS8ZHo8PuNTCCYhfxUtkRpL3CAt
+                        qghzE9Zsd1hKb/yw640oM986Mg7Icx6Xy9L83Tm2mhgTBwHtNUqN4ShI4zFmYPbH
+                        7jjHWlExNhzkkv1IudrLMcxSYj2zgxG7DxE3t2JEUIAWxTGAkEIDVdZaKvlkVVkp
+                        t3sZjpfBLPhqprDdcbiszhg2YrITtO52i92ynAH1irYnNVjRKvHZ+sGTtg2uenpj
+                        Qu/cohBkKGE3nC7CVCQqKwIDAQABo3kwdzAdBgNVHQ4EFgQUsedlUmbDiHP3qKvD
+                        gn2gMdzoAuYwVgYDVR0RBE8wTYIZc2hpYmJvbGV0aC5tcHQudW5pY29uLm5ldIYw
+                        aHR0cHM6Ly9zaGliYm9sZXRoLm1wdC51bmljb24ubmV0L2lkcC9zaGliYm9sZXRo
+                        MA0GCSqGSIb3DQEBCwUAA4IBAQAmifiYwbGlWvxYUdqdkwfyulGzsF/AFamI7aU+
+                        0a+vCNokKMA2qED3TagRgbyijFrviES0IMr48upcXIba+LsGsLdJBRoKTi0cBVtN
+                        pkfSMDDIZWrKRE785aYw5SvtOT+O83pJNBvayqPA9p0AHkIdoIZ5Va8f4aRMGLFh
+                        J3yrN2kFpfsmdwaVobeTLxyJCe4gh29CqqJLJfBWK+cTqWqq17gP5v9/hX5E33v4
+                        TxQ0Kyhk110fZre9wE0lxGF9JpIICK4Hw7OcQo+pqus0SFdIpF+yxwbscajWZ7lc
+                        PDZlbYpSYHHfEl3rYtdpP/LJdGe5O9sckIeAtpi/nYw9WjFF
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+                        MIIDTzCCAjegAwIBAgIUUwMnlrU9wjjhEPjnqTSeKUAVNzIwDQYJKoZIhvcNAQEL
+                        BQAwJDEiMCAGA1UEAwwZc2hpYmJvbGV0aC5tcHQudW5pY29uLm5ldDAeFw0xODA4
+                        MTAyMjM3NDVaFw0zODA4MTAyMjM3NDVaMCQxIjAgBgNVBAMMGXNoaWJib2xldGgu
+                        bXB0LnVuaWNvbi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7
+                        MqrBJfI28Z69eIDRttdOJKaCP456uavRcukQixBMlosIfo9Bs6h2RAShCL+qpr7u
+                        kU4Io2t+pRcf0PUZA+cjX5GY5Mvq0qedi1smcFP/G88QbY1g8w4WUy9nxu2F+e1T
+                        vRnoiclhLcqMA3ALi6j8hRbCYJc0fLtLmdIxoBkYlg9ocnffKff1pYfAGuKxjtus
+                        XkoFU72t3fxuWpmWmeh1tMlevmifqs3oDWJ0WUXZnuiTnm1OrveVqigvlZI9Q2ui
+                        aXc/atJwNlYyQ5aRyZrONh+CO0u+P2d+fIeyHoYAS9m7jlmElHwhGC5LdAyoTzPM
+                        yIGq2iBYRKFz7uU7YjY5AgMBAAGjeTB3MB0GA1UdDgQWBBTlpwwcXISXwYddmFNE
+                        m+hOlP9RGTBWBgNVHREETzBNghlzaGliYm9sZXRoLm1wdC51bmljb24ubmV0hjBo
+                        dHRwczovL3NoaWJib2xldGgubXB0LnVuaWNvbi5uZXQvaWRwL3NoaWJib2xldGgw
+                        DQYJKoZIhvcNAQELBQADggEBAGIUoJCJpuVYycLCLQKMTyK64EeC5ENIBiSiD8HG
+                        iDc/8jUNhcJs2L1zTSMGLINgZp6VmA5wq89caAQvnCHZ32QQRwgcSYPdcuH9NW08
+                        9c6XNLUzUDFdTMmYB5xXP0cdJALADkKAtkU+KyI50s33EZbhnOLVkEI06MEDApGH
+                        RyGtUfk7mVPPKCd8F5gapotattC3S8NPZR3+obuwvFgVx8rqP3+D+C+MsF1kNyN9
+                        cQDAOQ89Dy632CGgouEtYaNYEaqFT9NOlDrqMp3BjPwD+qTvRDoVQ6c3m+wadrqE
+                        Obuqe3/bQswltJMtQI1g0Maf58z5xe70oDnN267chrCfu58=
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+        <KeyDescriptor use="encryption">
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+                        MIIDUDCCAjigAwIBAgIVAPJ+hmxRUcPUO6AGY+btaYhgkJqGMA0GCSqGSIb3DQEB
+                        CwUAMCQxIjAgBgNVBAMMGXNoaWJib2xldGgubXB0LnVuaWNvbi5uZXQwHhcNMTgw
+                        ODEwMjIzNzQ1WhcNMzgwODEwMjIzNzQ1WjAkMSIwIAYDVQQDDBlzaGliYm9sZXRo
+                        Lm1wdC51bmljb24ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+                        vRTRYpsnxOjjAXDtlimV8vHveDtC+RAABm7CVzcGzYCKRIuP2fhMA5cImQJ4hNAd
+                        PGjDOgopMbRO2KZ285Hyux2J7MJp7mBjALt5nb0ASBn9w0vG2xkDn3SM0sFtiXxE
+                        dGWhNa3rGSd4UFmPPnauaAT7uXLuwmf48kXQrB2FSaJrg7dodLmElhBriwewMszk
+                        iJ1agkVvKRIiQh0pMsyRN+T4331t95mWW7Mze6WqWilCCEQCHQaTn51oFgvP0SDk
+                        fQ/cMufHHoBYnCMOhrIWNFJ0SKXVHJ6rDTrgB3LRB45JAgq4RMiYzqFrvkdZQ8w5
+                        JJUeS/vPrCrXCCcNw8BgoQIDAQABo3kwdzAdBgNVHQ4EFgQUqKX2WwgXnEG/nJrP
+                        Q+VNvBTmxOswVgYDVR0RBE8wTYIZc2hpYmJvbGV0aC5tcHQudW5pY29uLm5ldIYw
+                        aHR0cHM6Ly9zaGliYm9sZXRoLm1wdC51bmljb24ubmV0L2lkcC9zaGliYm9sZXRo
+                        MA0GCSqGSIb3DQEBCwUAA4IBAQCwzD80lVm6BV0QSOJayrI0CEQSPUUs+y2teOPv
+                        vfGF4Yf3lYd29WdkdcP3ThgWEnX+RW1R4bAh5IEdpmsFBOkZFEamda4Y3t9YbwBs
+                        Jh4bI+LAXmwCHhmBCmF60n78j7kaBWqsic2LJS1j7S0TvsttiW1Ku1rr3c76zncU
+                        eRwuUnFlUDWdSzRJVQXz102MNAuEU1aSZDpmyDYR/ohCTMtsFxfhH6iBQ5GkmSwb
+                        CTqpAtFWs5I4X2Af/CPoYQvqjlmCNjUrRuaDmzlVv7BBCBsYal02rK3bD0hnk5MY
+                        /lEfUgFasEoUz7RqLvMt3rx/esZ9JA2j7YY2jcpt8+B6sXoA
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+
+        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.mpt.unicon.net:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
+        <!-- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://shibboleth.mpt.unicon.net:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> -->
+        <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
+
+    </AttributeAuthorityDescriptor>
+
+</EntityDescriptor>
\ No newline at end of file