Merge branch 'shibboleth-integration'

demo/postgresql/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "3.3"
+
+services:
+  postgresql:
+    build: ./postgresql/
+    environment:
+     - POSTGRES_PASSWORD=password
+    expose:
+     - 5432
+    ports:
+     - 5432:5432
+    networks:
+     - net
+    volumes:
+     - data:/var/lib/postgresql/data
+
+
+networks:
+  net:
+    driver: bridge
+
+volumes:
+  data:

demo/postgresql/midpoint-additions-for-standalone-run.yml

@@ -0,0 +1,37 @@
+#
+# This is a file with additions to ../midpoint/docker-compose.yml file, to be used in the following way:
+#
+# (in this directory)
+#
+# $ docker-compose up
+#
+# (in ../midpoint directory)
+#
+# $ docker-compose -f docker-compose.yml -f ../demo/postgresql/midpoint-additions-for-standalone-run.yml up midpoint-server
+#
+# It expects that PostgreSQL is started independently of midPoint. When executing the containers in this way, there are two compositions with the following containers:
+#
+# "midpoint"
+#
+# - midpoint-server
+#
+# "postgresql"
+#
+# - postgresql
+#
+
+version: "3.3"
+
+services:
+  midpoint-server:
+    environment:
+     - REPO_DATABASE_TYPE=postgresql
+     - REPO_HOST=postgresql
+     - REPO_DATABASE=midpoint
+     - REPO_USER=midpoint
+    networks:
+     - postgresql_net
+
+networks:
+  postgresql_net:
+    external: true

demo/postgresql/midpoint-additions.yml

@@ -0,0 +1,38 @@
+#
+# This is a file with additions to ../midpoint/docker-compose.yml file, to be used in the following way:
+#
+# (in ../midpoint directory)
+#
+# $ docker-compose -f docker-compose.yml -f ../demo/postgresql/midpoint-additions.yml up midpoint-server postgresql
+#
+# It expects that PostgreSQL is started as part of midPoint composition. So there will be three containers there:
+#
+# 1) midpoint-server
+# 2) postgresql
+#
+
+version: "3.3"
+
+services:
+  postgresql:
+    build: ../demo/postgresql/postgresql/
+    environment:
+     - POSTGRES_PASSWORD=password
+    expose:
+     - 5432
+    ports:
+     - 5432:5432
+    networks:
+     - back
+    volumes:
+     - postgresql_data:/var/lib/postgresql/data
+
+  midpoint-server:
+    environment:
+     - REPO_DATABASE_TYPE=postgresql
+     - REPO_HOST=postgresql
+     - REPO_DATABASE=midpoint
+     - REPO_USER=midpoint
+
+volumes:
+  postgresql_data:

demo/postgresql/postgresql/Dockerfile

@@ -0,0 +1,3 @@
+FROM postgres:9.5
+
+COPY container_files/* /docker-entrypoint-initdb.d/

demo/postgresql/postgresql/container_files/init-user-db.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+echo Creating midPoint user and database
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER midpoint WITH PASSWORD '456654' LOGIN SUPERUSER;
+    CREATE DATABASE midpoint WITH OWNER = midpoint ENCODING = 'UTF8' TABLESPACE = pg_default LC_COLLATE = 'en_US.utf8' LC_CTYPE = 'en_US.utf8' CONNECTION LIMIT = -1;
+EOSQL
+
+echo midPoint user and database were created
+

shibboleth-integration/mp-gr/configs-and-secrets/shibboleth/idp-metadata.xml → demo/shibboleth/configs-and-secrets/shibboleth/idp-metadata.xml

@@ -101,18 +101,6 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
 
         </KeyDescriptor>
 
-        <!--
-        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://localhost:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
-        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
-        -->
-
-        <!--
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/idp/profile/SAML2/SOAP/SLO"/>
-        -->
-
         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 

shibboleth-integration/mp-gr/configs-and-secrets/shibboleth/grouper/shibboleth2.xml → demo/shibboleth/configs-and-secrets/shibboleth/shibboleth2.xml

@@ -22,7 +22,7 @@
 
 
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
-    <ApplicationDefaults entityID="https://grouperdemo/shibboleth"
+    <ApplicationDefaults entityID="https://midpointdemo/shibboleth"
                          REMOTE_USER="uid">
 
         <!--

shibboleth-integration/mp-gr/directory/container_files/seed-data/users.ldif → demo/shibboleth/directory/container_files/seed-data/users.ldif

@@ -5,26 +5,20 @@ cn: admin
 userPassword: password
 description: LDAP administrator
 
+dn: cn=users,ou=Groups,dc=internet2,dc=edu
+objectClass: groupOfUniqueNames
+objectClass: top
+uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
+uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
+cn: users
+
 dn: uid=administrator,ou=People,dc=internet2,dc=edu
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
-givenName: Admin
+givenName: Administrator
 uid: administrator
 sn: Administrator
 cn: Administrator
 userPassword: password
-
-dn: cn=users,ou=Groups,dc=internet2,dc=edu
-objectClass: groupOfUniqueNames
-objectClass: top
-uniqueMember: uid=administrator,ou=People,dc=internet2,dc=edu
-cn: users
-
-dn: ou=Courses,ou=Groups,dc=internet2,dc=edu
-objectClass: top
-objectClass: organizationalUnit
-ou: Courses
-
-

demo/shibboleth/docker-compose.yml

@@ -0,0 +1,33 @@
+version: "3.3"
+
+services:
+  directory:
+    build: ./directory/
+    expose:
+     - "389"
+    ports:
+     - "389:389"
+    networks:
+     - net
+    volumes:
+     - ldap:/var/lib/dirsrv
+
+  idp:
+    build: ./idp/
+    depends_on:
+     - directory
+    environment:
+     - JETTY_MAX_HEAP=64m
+     - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
+     - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
+    networks:
+     - net
+    ports:
+     - "4443:4443"
+
+networks:
+  net:
+    driver: bridge
+
+volumes:
+  ldap:

shibboleth-integration/mp-gr/idp/shibboleth-idp/conf/attribute-filter.xml → demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml

@@ -17,24 +17,6 @@
                             urn:mace:shibboleth:2.0:afp:mf:basic http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
                             urn:mace:shibboleth:2.0:afp:mf:saml http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd">
 
-    <!-- Release some attributes to an SP. -->
-    <afp:AttributeFilterPolicy id="example1">
-        <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://grouperdemo/shibboleth" />
-
-        <afp:AttributeRule attributeID="eduPersonPrincipalName">
-            <afp:PermitValueRule xsi:type="basic:ANY" />
-        </afp:AttributeRule>
-
-        <afp:AttributeRule attributeID="uid">
-            <afp:PermitValueRule xsi:type="basic:ANY" />
-        </afp:AttributeRule>
-
-        <afp:AttributeRule attributeID="mail">
-            <afp:PermitValueRule xsi:type="basic:ANY" />
-        </afp:AttributeRule>
-
-    </afp:AttributeFilterPolicy>
-
     <afp:AttributeFilterPolicy id="midpoint">
         <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://midpointdemo/shibboleth" />
 

shibboleth-integration/mp-gr/idp/shibboleth-idp/conf/metadata-providers.xml → demo/shibboleth/idp/shibboleth-idp/conf/metadata-providers.xml

@@ -25,7 +25,6 @@
     <!--                                                                                            -->
     <!-- ========================================================================================== -->
 
-    <MetadataProvider id="GrouperSP"  xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/grouper-sp.xml"/>
     <MetadataProvider id="MidpointSP"  xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/midpoint-sp.xml"/>
 
     <!-- Example HTTP metadata provider.  Use this if you want to download

shibboleth-integration/mp-gr/idp/shibboleth-idp/metadata/idp-metadata.xml → demo/shibboleth/idp/shibboleth-idp/metadata/idp-metadata.xml

@@ -101,18 +101,6 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
 
         </KeyDescriptor>
 
-        <!--
-        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://localhost:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
-        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
-        -->
-
-        <!--
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/idp/profile/SAML2/SOAP/SLO"/>
-        -->
-
         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 

shibboleth-integration/mp-gr/idp/shibboleth-idp/metadata/grouper-sp.xml → demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml

@@ -2,7 +2,7 @@
 This is example metadata only. Do *NOT* supply it as is without review,
 and do *NOT* provide it in real time to your partners.
  -->
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_57114916ca68943103854cb57a3a3b1c7c38bb81" entityID="https://grouperdemo/shibboleth">
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_57114916ca68943103854cb57a3a3b1c7c38bb81" entityID="https://midpointdemo/shibboleth">
 
   <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
     <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
@@ -25,32 +25,34 @@ and do *NOT* provide it in real time to your partners.
 
   <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:Extensions>
-      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://localhost/Shibboleth.sso/Login"/>
-      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://localhost/Shibboleth.sso/Login" index="1"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://localhost:8443/Shibboleth.sso/Login"/>
+      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://localhost:8443/Shibboleth.sso/Login" index="1"/>
     </md:Extensions>
     <md:KeyDescriptor>
       <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sp.example.org</ds:KeyName>
+        <ds:KeyName>midpoint.sp.example.org</ds:KeyName>
         <ds:X509Data>
-          <ds:X509SubjectName>CN=sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US</ds:X509SubjectName>
-          <ds:X509Certificate>MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
+          <ds:X509SubjectName>CN=midpoint.sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US</ds:X509SubjectName>
+          <ds:X509Certificate>MIIDqDCCApCgAwIBAgIJAKUZrfriIt9cMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
+DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXZXZvbHZldW0uc3AuZXhhbXBsZS5v
+cmcwHhcNMTgwOTE0MDU0NjU3WhcNMTkwOTE0MDU0NjU3WjBpMQswCQYDVQQGEwJV
 UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
+ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF2V2b2x2ZXVtLnNwLmV4YW1wbGUub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5v1zxlM94yaBssgNNbIUJwW
+XxbGxgSs2AWBeg2aEi/VQd2UE5ivZakNJlqWSJyHo2xE4kxeSyBBxinjSyhmpNao
+xIcqQsgW0gxo4SEHo3kUXWPo+of/pj6CslutsSJZWGTRV0dHITvaWX+NM8eXMfgu
+mJFwy3RMdLaWQhY1Dyi2jNoO+DZnfNgPyPeEZcmORaoeEID9QdZfHtcgTf2QfSHq
++xsTwHB6Ro5t7YD2ma8Krb/XcDTfsq3qJemd7LhPj5lGmhYSMgDbgwEkZgZ1kBOP
+lfsP2BvX5nipv7Vd1C5YXmv+NDR8V3yAWBC7ZAenxGmrnkaSVXnpUplUsGGm1QID
+AQABo1MwUTAdBgNVHQ4EFgQUuxSZwW6V1P/b0tsTM32OU/v/n+UwHwYDVR0jBBgw
+FoAUuxSZwW6V1P/b0tsTM32OU/v/n+UwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAJWLXEfZkPeUyiGvsIUjczzdF3ptqXoP9aETS2pOV9sTri19R
+TsQZW6XQRHGtuEOsqEGH8yiTdGR5hbGC+ynH/xTJnK+tBn/R3KrgxLKyMvoUzAPl
+mhVq1dh+ZEtbsRpQRRubP6nm9kXNma0cXrkJSzuWM0W+l/xSOOYiSRRk3XWJfVjn
+9jQlcJRh5SOkKN08oZHrCYKxToEuOfV8PtRj3T80DhsBTv2SHqhg4cBhzQPb0Kjm
+9m4IkYOz8c5ZtuHDGnqMHw60Nyt+jyik4mMFP2frcOVP0W0sgwcfHllYzHoA/Khq
+Yk3TBVs1BjPuNDJWHct8Eo68YP2/ZvzqfVM87Q==
 </ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
@@ -64,15 +66,15 @@ Z75p+JrWYZJYrx/vpWxL8g==
       <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
       <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
     </md:KeyDescriptor>
-    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost/Shibboleth.sso/Artifact/SOAP" index="1"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost/Shibboleth.sso/SLO/SOAP"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/Shibboleth.sso/SLO/Redirect"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/Shibboleth.sso/SLO/POST"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost/Shibboleth.sso/SLO/Artifact"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/Shibboleth.sso/SAML2/POST" index="1"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost/Shibboleth.sso/SAML2/Artifact" index="3"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://localhost/Shibboleth.sso/SAML2/ECP" index="4"/>
+    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/Shibboleth.sso/Artifact/SOAP" index="1"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/Shibboleth.sso/SLO/SOAP"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8443/Shibboleth.sso/SLO/Redirect"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/Shibboleth.sso/SLO/POST"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost:8443/Shibboleth.sso/SLO/Artifact"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/Shibboleth.sso/SAML2/POST" index="1"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost:8443/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost:8443/Shibboleth.sso/SAML2/Artifact" index="3"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://localhost:8443/Shibboleth.sso/SAML2/ECP" index="4"/>
   </md:SPSSODescriptor>
 
 </md:EntityDescriptor>