main
1<?xml version="1.0"?>
2<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_cb8c0fe7-be8e-4181-87b0-4206794f29c7" entityID="http://www.example.com/adfs/services/trust">
3 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
4 <ds:SignedInfo>
5 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
6 <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
7 <ds:Reference URI="#_cb8c0fe7-be8e-4181-87b0-4206794f29c7">
8 <ds:Transforms>
9 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
10 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
11 </ds:Transforms>
12 <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
13 <ds:DigestValue>JNxR1jtP8cpXqmQzfZok6aeOdVxcg2lkyi0ReqLXDKk=</ds:DigestValue>
14 </ds:Reference>
15 </ds:SignedInfo>
16 <ds:SignatureValue>dcIX3hi/+8A3zrTGGSEjkZ+oMogOfrI9XYyIBfMXqQqYXDCSRdC67kMVzcibu7y7mcAcZ/a8KS2sNhTTxnYfcngV5J1yfyzX9SCf02qaUkmIA8FnVdRkK90JLF9p0hyBBMA6GGtUj+K/snHf4oK2cCEaSP/oYLS0iLzATd/rPwpB8At+Nn8ploUh62Lkud7mpURmjbQmEcR/RuBqkQ99PgCw5A+EQ9idLc1Lb92mNiVbYaC0bQiCzNrPfr+Pw67PzQrTYprLuKfvPvPtyVkmZacusbVUHJr20+Xi+PYNaIOMfnM78oL97RRachKk/8x2ew+T0ZIjYyaYTUFOkk3JgA==</ds:SignatureValue>
17 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
18 <X509Data>
19 <X509Certificate>MIIC/DCCAeSgAwIBAgIQGobBMVmYz61AqNR/42A7NDANBgkqhkiG9w0BAQsFADA6MTgwNgYDVQQDEy9BREZTIFNpZ25pbmcgLSB3aW4yMDEycjItYWQtc3NvLnFhMS5pbW11bmV0LmNvbTAeFw0xNjEwMjExNDUwMDRaFw0xNzEwMjExNDUwMDRaMDoxODA2BgNVBAMTL0FERlMgU2lnbmluZyAtIHdpbjIwMTJyMi1hZC1zc28ucWExLmltbXVuZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvYden1ksmpxGGvnZGotnRwFCTOYknY4Ol0utUIYTYs/MTOZQtilSRWnsCFhPzUjXATMTF6kKuiH7LIow2QkYxv8JFMrc9FIUvxRauYJ/GVmedT9gMF2nh62Evi9DExDTM5xRM3bmircPB3cwg6M1BixcbvQtlRj37IEXEApk5ZAY24jivElnsQWwCIV9tLL9Kv4pBCDvQiZl6Bjk4ZRulyKolQDd9+S0tXISo+OaxQ6WwXbOFDIekUBgNE6ivXrbPH1+CP+paDAMB6vpj5C+o2c3rP9X53Dk4ig0mjw4mbOqd6p/S1Bs3cpNJb1F8RK9SgSxPIV7SIvI8u2FD+XdwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAlgP26UQUnC/3V1+ZlpCAWO6727MFNtsT/mue6PVEiydtjPurGF7cA4ljfk6E5QEB2U/Hhc4gh0VsbGTAP0g7m/BXAohaxG9S/1ITSj+8B/4IjLwQjUdPDuGcWHuRgOK84LMFj+Ial6zQUP1G4K0eQRFOEV3PeQVbyGDWBzxadFapN7k+BdDNJ1DgTDuEmJPmGAjHMM8I/m/G/UGQfCwZcB19pFPqhv+sV21D8BQ038y6j5Z3YXiIThdJ7LVTbOuN3dTXglgXIy0nPTx9YWGV9bf8hqVLwjYmsBRLH7lUoVxNjRkFeXCnbTrgT7AgG/94VlHtvnhJkCfQ3SMsAjwR3</X509Certificate>
20 </X509Data>
21 </KeyInfo>
22 </ds:Signature>
23 <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="www.example.com">
24 <KeyDescriptor use="encryption">
25 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
26 <X509Data>
27 <X509Certificate>MIIDAjCCAeqgAwIBAgIQRra0nUbJhqFBNtFtXXUr4jANBgkqhkiG9w0BAQsFADA9MTswOQYDVQQDEzJBREZTIEVuY3J5cHRpb24gLSB3aW4yMDEycjItYWQtc3NvLnFhMS5pbW11bmV0LmNvbTAeFw0xNjEwMjExNDUwMDZaFw0xNzEwMjExNDUwMDZaMD0xOzA5BgNVBAMTMkFERlMgRW5jcnlwdGlvbiAtIHdpbjIwMTJyMi1hZC1zc28ucWExLmltbXVuZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdQOAO/jAtq6Kbdq87+APchTXGNKKr2H168l7iVu7bH/QEtQJg2a3XD5wXwbwAOsMHbIzdZfaEqn4coB6O2kvombJHSl1+ZSz5bm1JV79afPdvfcfw1RBN7WXt59di3WCCN2dUD6l9FJWjI61B83BSFPsJIXYewhPJRmFV+nbFAVPjLr5wQXWIXm2e5JSxKwpAU3kNuUOq57O1IKLXvsqTrb0j+LJyCEs8uum3Ex+K/BAzPn4P8Xq6kRmsHLUCivXyjMHmA1T/4S+HMvTRI08O6zYUYbpNDUztzuxYOjjcDRCyLxbWBJIDv2KVoXG5iGF61CFLhtKaWw8mBPF7OqpQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBDoG1K4XC/xPU3/0BZ0i6DqjzsRhelFB5U9Ufhen+qdx0IjgHwb06U0mUst53kPuLy/uABGUqBololQmctx+RB9A5+6b6Cm6ZQPNnxn2nopJNqT6VKKszsOnaphE6kVSFZUFOXQjezCIbyT22sBSa6lxG4wdun5vKThFh8tUDK1radniEKLrsdISgnVMl7KUYUlEDcy4hUOXR4DJkcbgryBgnP81pAUu01+0rfiLvJgpZnnhMRNYKrMC9X3jSdoSomh+SRV+Pld1j0QX3WambF38qd3AbQ/TXt8ytzh1NwIKkiRDGshkOwKItSbxEMLE2Qx1W4pal0e9J+An7+3eaB</X509Certificate>
28 </X509Data>
29 </KeyInfo>
30 </KeyDescriptor>
31 <fed:ClaimTypesRequested>
32 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
33 <auth:DisplayName>E-Mail Address</auth:DisplayName>
34 <auth:Description>The e-mail address of the user</auth:Description>
35 </auth:ClaimType>
36 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
37 <auth:DisplayName>Given Name</auth:DisplayName>
38 <auth:Description>The given name of the user</auth:Description>
39 </auth:ClaimType>
40 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
41 <auth:DisplayName>Name</auth:DisplayName>
42 <auth:Description>The unique name of the user</auth:Description>
43 </auth:ClaimType>
44 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true">
45 <auth:DisplayName>UPN</auth:DisplayName>
46 <auth:Description>The user principal name (UPN) of the user</auth:Description>
47 </auth:ClaimType>
48 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true">
49 <auth:DisplayName>Common Name</auth:DisplayName>
50 <auth:Description>The common name of the user</auth:Description>
51 </auth:ClaimType>
52 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true">
53 <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
54 <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description>
55 </auth:ClaimType>
56 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true">
57 <auth:DisplayName>Group</auth:DisplayName>
58 <auth:Description>A group that the user is a member of</auth:Description>
59 </auth:ClaimType>
60 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true">
61 <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
62 <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description>
63 </auth:ClaimType>
64 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
65 <auth:DisplayName>Role</auth:DisplayName>
66 <auth:Description>A role that the user has</auth:Description>
67 </auth:ClaimType>
68 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
69 <auth:DisplayName>Surname</auth:DisplayName>
70 <auth:Description>The surname of the user</auth:Description>
71 </auth:ClaimType>
72 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true">
73 <auth:DisplayName>PPID</auth:DisplayName>
74 <auth:Description>The private identifier of the user</auth:Description>
75 </auth:ClaimType>
76 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
77 <auth:DisplayName>Name ID</auth:DisplayName>
78 <auth:Description>The SAML name identifier of the user</auth:Description>
79 </auth:ClaimType>
80 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
81 <auth:DisplayName>Authentication time stamp</auth:DisplayName>
82 <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
83 </auth:ClaimType>
84 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
85 <auth:DisplayName>Authentication method</auth:DisplayName>
86 <auth:Description>The method used to authenticate the user</auth:Description>
87 </auth:ClaimType>
88 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true">
89 <auth:DisplayName>Deny only group SID</auth:DisplayName>
90 <auth:Description>The deny-only group SID of the user</auth:Description>
91 </auth:ClaimType>
92 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true">
93 <auth:DisplayName>Deny only primary SID</auth:DisplayName>
94 <auth:Description>The deny-only primary SID of the user</auth:Description>
95 </auth:ClaimType>
96 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true">
97 <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
98 <auth:Description>The deny-only primary group SID of the user</auth:Description>
99 </auth:ClaimType>
100 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true">
101 <auth:DisplayName>Group SID</auth:DisplayName>
102 <auth:Description>The group SID of the user</auth:Description>
103 </auth:ClaimType>
104 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true">
105 <auth:DisplayName>Primary group SID</auth:DisplayName>
106 <auth:Description>The primary group SID of the user</auth:Description>
107 </auth:ClaimType>
108 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true">
109 <auth:DisplayName>Primary SID</auth:DisplayName>
110 <auth:Description>The primary SID of the user</auth:Description>
111 </auth:ClaimType>
112 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true">
113 <auth:DisplayName>Windows account name</auth:DisplayName>
114 <auth:Description>The domain account name of the user in the form of domain\user</auth:Description>
115 </auth:ClaimType>
116 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true">
117 <auth:DisplayName>Is Registered User</auth:DisplayName>
118 <auth:Description>User is registered to use this device</auth:Description>
119 </auth:ClaimType>
120 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true">
121 <auth:DisplayName>Device Identifier</auth:DisplayName>
122 <auth:Description>Identifier of the device</auth:Description>
123 </auth:ClaimType>
124 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true">
125 <auth:DisplayName>Device Registration Identifier</auth:DisplayName>
126 <auth:Description>Identifier for Device Registration</auth:Description>
127 </auth:ClaimType>
128 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true">
129 <auth:DisplayName>Device Registration DisplayName</auth:DisplayName>
130 <auth:Description>Display name of Device Registration</auth:Description>
131 </auth:ClaimType>
132 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true">
133 <auth:DisplayName>Device OS type</auth:DisplayName>
134 <auth:Description>OS type of the device</auth:Description>
135 </auth:ClaimType>
136 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true">
137 <auth:DisplayName>Device OS Version</auth:DisplayName>
138 <auth:Description>OS version of the device</auth:Description>
139 </auth:ClaimType>
140 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true">
141 <auth:DisplayName>Is Managed Device</auth:DisplayName>
142 <auth:Description>Device is managed by a management service</auth:Description>
143 </auth:ClaimType>
144 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true">
145 <auth:DisplayName>Forwarded Client IP</auth:DisplayName>
146 <auth:Description>IP address of the user</auth:Description>
147 </auth:ClaimType>
148 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true">
149 <auth:DisplayName>Client Application</auth:DisplayName>
150 <auth:Description>Type of the Client Application</auth:Description>
151 </auth:ClaimType>
152 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true">
153 <auth:DisplayName>Client User Agent</auth:DisplayName>
154 <auth:Description>Device type the client is using to access the application</auth:Description>
155 </auth:ClaimType>
156 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true">
157 <auth:DisplayName>Client IP</auth:DisplayName>
158 <auth:Description>IP address of the client</auth:Description>
159 </auth:ClaimType>
160 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true">
161 <auth:DisplayName>Endpoint Path</auth:DisplayName>
162 <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description>
163 </auth:ClaimType>
164 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true">
165 <auth:DisplayName>Proxy</auth:DisplayName>
166 <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description>
167 </auth:ClaimType>
168 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true">
169 <auth:DisplayName>Application Identifier</auth:DisplayName>
170 <auth:Description>Identifier for the Relying Party</auth:Description>
171 </auth:ClaimType>
172 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true">
173 <auth:DisplayName>Application policies</auth:DisplayName>
174 <auth:Description>Application policies of the certificate</auth:Description>
175 </auth:ClaimType>
176 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true">
177 <auth:DisplayName>Authority Key Identifier</auth:DisplayName>
178 <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description>
179 </auth:ClaimType>
180 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true">
181 <auth:DisplayName>Basic Constraint</auth:DisplayName>
182 <auth:Description>One of the basic constraints of the certificate</auth:Description>
183 </auth:ClaimType>
184 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true">
185 <auth:DisplayName>Enhanced Key Usage</auth:DisplayName>
186 <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description>
187 </auth:ClaimType>
188 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true">
189 <auth:DisplayName>Issuer</auth:DisplayName>
190 <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description>
191 </auth:ClaimType>
192 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true">
193 <auth:DisplayName>Issuer Name</auth:DisplayName>
194 <auth:Description>The distinguished name of the certificate issuer</auth:Description>
195 </auth:ClaimType>
196 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true">
197 <auth:DisplayName>Key Usage</auth:DisplayName>
198 <auth:Description>One of the key usages of the certificate</auth:Description>
199 </auth:ClaimType>
200 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true">
201 <auth:DisplayName>Not After</auth:DisplayName>
202 <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description>
203 </auth:ClaimType>
204 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true">
205 <auth:DisplayName>Not Before</auth:DisplayName>
206 <auth:Description>The date in local time on which a certificate becomes valid</auth:Description>
207 </auth:ClaimType>
208 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true">
209 <auth:DisplayName>Certificate Policies</auth:DisplayName>
210 <auth:Description>The policies under which the certificate has been issued</auth:Description>
211 </auth:ClaimType>
212 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true">
213 <auth:DisplayName>Public Key</auth:DisplayName>
214 <auth:Description>Public Key of the certificate</auth:Description>
215 </auth:ClaimType>
216 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true">
217 <auth:DisplayName>Certificate Raw Data</auth:DisplayName>
218 <auth:Description>The raw data of the certificate</auth:Description>
219 </auth:ClaimType>
220 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true">
221 <auth:DisplayName>Subject Alternative Name</auth:DisplayName>
222 <auth:Description>One of the alternative names of the certificate</auth:Description>
223 </auth:ClaimType>
224 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true">
225 <auth:DisplayName>Serial Number</auth:DisplayName>
226 <auth:Description>The serial number of a certificate</auth:Description>
227 </auth:ClaimType>
228 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true">
229 <auth:DisplayName>Signature Algorithm</auth:DisplayName>
230 <auth:Description>The algorithm used to create the signature of a certificate</auth:Description>
231 </auth:ClaimType>
232 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true">
233 <auth:DisplayName>Subject</auth:DisplayName>
234 <auth:Description>The subject from the certificate</auth:Description>
235 </auth:ClaimType>
236 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true">
237 <auth:DisplayName>Subject Key Identifier</auth:DisplayName>
238 <auth:Description>Describes the subject key identifier of the certificate</auth:Description>
239 </auth:ClaimType>
240 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true">
241 <auth:DisplayName>Subject Name</auth:DisplayName>
242 <auth:Description>The subject distinguished name from a certificate</auth:Description>
243 </auth:ClaimType>
244 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true">
245 <auth:DisplayName>V2 Template Name</auth:DisplayName>
246 <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description>
247 </auth:ClaimType>
248 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true">
249 <auth:DisplayName>V1 Template Name</auth:DisplayName>
250 <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description>
251 </auth:ClaimType>
252 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true">
253 <auth:DisplayName>Thumbprint</auth:DisplayName>
254 <auth:Description>Thumbprint of the certificate</auth:Description>
255 </auth:ClaimType>
256 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true">
257 <auth:DisplayName>X.509 Version</auth:DisplayName>
258 <auth:Description>The X.509 format version of a certificate</auth:Description>
259 </auth:ClaimType>
260 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true">
261 <auth:DisplayName>Inside Corporate Network</auth:DisplayName>
262 <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description>
263 </auth:ClaimType>
264 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true">
265 <auth:DisplayName>Password Expiration Time</auth:DisplayName>
266 <auth:Description>Used to display the time when the password expires</auth:Description>
267 </auth:ClaimType>
268 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true">
269 <auth:DisplayName>Password Expiration Days</auth:DisplayName>
270 <auth:Description>Used to display the number of days to password expiry</auth:Description>
271 </auth:ClaimType>
272 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true">
273 <auth:DisplayName>Update Password URL</auth:DisplayName>
274 <auth:Description>Used to display the web address of update password service</auth:Description>
275 </auth:ClaimType>
276 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true">
277 <auth:DisplayName>Authentication Methods References</auth:DisplayName>
278 <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description>
279 </auth:ClaimType>
280 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true">
281 <auth:DisplayName>Client Request ID</auth:DisplayName>
282 <auth:Description>Identifier for a user session</auth:Description>
283 </auth:ClaimType>
284 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true">
285 <auth:DisplayName>Alternate Login ID</auth:DisplayName>
286 <auth:Description>Alternate login ID of the user</auth:Description>
287 </auth:ClaimType>
288 </fed:ClaimTypesRequested>
289 <fed:TargetScopes>
290 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
291 <Address>https://www.example.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address>
292 </EndpointReference>
293 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
294 <Address>https://www.example.com/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address>
295 </EndpointReference>
296 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
297 <Address>https://www.example.com/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address>
298 </EndpointReference>
299 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
300 <Address>https://www.example.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address>
301 </EndpointReference>
302 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
303 <Address>https://www.example.com/adfs/ls/</Address>
304 </EndpointReference>
305 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
306 <Address>http://www.example.com/adfs/services/trust</Address>
307 </EndpointReference>
308 </fed:TargetScopes>
309 <fed:ApplicationServiceEndpoint>
310 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
311 <Address>https://www.example.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address>
312 </EndpointReference>
313 </fed:ApplicationServiceEndpoint>
314 <fed:PassiveRequestorEndpoint>
315 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
316 <Address>https://www.example.com/adfs/ls/</Address>
317 </EndpointReference>
318 </fed:PassiveRequestorEndpoint>
319 </RoleDescriptor>
320 <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="www.example.com">
321 <KeyDescriptor use="signing">
322 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
323 <X509Data>
324 <X509Certificate>MIIC/DCCAeSgAwIBAgIQGobBMVmYz61AqNR/42A7NDANBgkqhkiG9w0BAQsFADA6MTgwNgYDVQQDEy9BREZTIFNpZ25pbmcgLSB3aW4yMDEycjItYWQtc3NvLnFhMS5pbW11bmV0LmNvbTAeFw0xNjEwMjExNDUwMDRaFw0xNzEwMjExNDUwMDRaMDoxODA2BgNVBAMTL0FERlMgU2lnbmluZyAtIHdpbjIwMTJyMi1hZC1zc28ucWExLmltbXVuZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvYden1ksmpxGGvnZGotnRwFCTOYknY4Ol0utUIYTYs/MTOZQtilSRWnsCFhPzUjXATMTF6kKuiH7LIow2QkYxv8JFMrc9FIUvxRauYJ/GVmedT9gMF2nh62Evi9DExDTM5xRM3bmircPB3cwg6M1BixcbvQtlRj37IEXEApk5ZAY24jivElnsQWwCIV9tLL9Kv4pBCDvQiZl6Bjk4ZRulyKolQDd9+S0tXISo+OaxQ6WwXbOFDIekUBgNE6ivXrbPH1+CP+paDAMB6vpj5C+o2c3rP9X53Dk4ig0mjw4mbOqd6p/S1Bs3cpNJb1F8RK9SgSxPIV7SIvI8u2FD+XdwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAlgP26UQUnC/3V1+ZlpCAWO6727MFNtsT/mue6PVEiydtjPurGF7cA4ljfk6E5QEB2U/Hhc4gh0VsbGTAP0g7m/BXAohaxG9S/1ITSj+8B/4IjLwQjUdPDuGcWHuRgOK84LMFj+Ial6zQUP1G4K0eQRFOEV3PeQVbyGDWBzxadFapN7k+BdDNJ1DgTDuEmJPmGAjHMM8I/m/G/UGQfCwZcB19pFPqhv+sV21D8BQ038y6j5Z3YXiIThdJ7LVTbOuN3dTXglgXIy0nPTx9YWGV9bf8hqVLwjYmsBRLH7lUoVxNjRkFeXCnbTrgT7AgG/94VlHtvnhJkCfQ3SMsAjwR3</X509Certificate>
325 </X509Data>
326 </KeyInfo>
327 </KeyDescriptor>
328 <fed:TokenTypesOffered>
329 <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/>
330 <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/>
331 </fed:TokenTypesOffered>
332 <fed:ClaimTypesOffered>
333 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
334 <auth:DisplayName>E-Mail Address</auth:DisplayName>
335 <auth:Description>The e-mail address of the user</auth:Description>
336 </auth:ClaimType>
337 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
338 <auth:DisplayName>Given Name</auth:DisplayName>
339 <auth:Description>The given name of the user</auth:Description>
340 </auth:ClaimType>
341 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
342 <auth:DisplayName>Name</auth:DisplayName>
343 <auth:Description>The unique name of the user</auth:Description>
344 </auth:ClaimType>
345 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true">
346 <auth:DisplayName>UPN</auth:DisplayName>
347 <auth:Description>The user principal name (UPN) of the user</auth:Description>
348 </auth:ClaimType>
349 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true">
350 <auth:DisplayName>Common Name</auth:DisplayName>
351 <auth:Description>The common name of the user</auth:Description>
352 </auth:ClaimType>
353 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true">
354 <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
355 <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description>
356 </auth:ClaimType>
357 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true">
358 <auth:DisplayName>Group</auth:DisplayName>
359 <auth:Description>A group that the user is a member of</auth:Description>
360 </auth:ClaimType>
361 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true">
362 <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
363 <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0</auth:Description>
364 </auth:ClaimType>
365 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
366 <auth:DisplayName>Role</auth:DisplayName>
367 <auth:Description>A role that the user has</auth:Description>
368 </auth:ClaimType>
369 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
370 <auth:DisplayName>Surname</auth:DisplayName>
371 <auth:Description>The surname of the user</auth:Description>
372 </auth:ClaimType>
373 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true">
374 <auth:DisplayName>PPID</auth:DisplayName>
375 <auth:Description>The private identifier of the user</auth:Description>
376 </auth:ClaimType>
377 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
378 <auth:DisplayName>Name ID</auth:DisplayName>
379 <auth:Description>The SAML name identifier of the user</auth:Description>
380 </auth:ClaimType>
381 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
382 <auth:DisplayName>Authentication time stamp</auth:DisplayName>
383 <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
384 </auth:ClaimType>
385 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
386 <auth:DisplayName>Authentication method</auth:DisplayName>
387 <auth:Description>The method used to authenticate the user</auth:Description>
388 </auth:ClaimType>
389 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true">
390 <auth:DisplayName>Deny only group SID</auth:DisplayName>
391 <auth:Description>The deny-only group SID of the user</auth:Description>
392 </auth:ClaimType>
393 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true">
394 <auth:DisplayName>Deny only primary SID</auth:DisplayName>
395 <auth:Description>The deny-only primary SID of the user</auth:Description>
396 </auth:ClaimType>
397 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true">
398 <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
399 <auth:Description>The deny-only primary group SID of the user</auth:Description>
400 </auth:ClaimType>
401 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true">
402 <auth:DisplayName>Group SID</auth:DisplayName>
403 <auth:Description>The group SID of the user</auth:Description>
404 </auth:ClaimType>
405 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true">
406 <auth:DisplayName>Primary group SID</auth:DisplayName>
407 <auth:Description>The primary group SID of the user</auth:Description>
408 </auth:ClaimType>
409 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true">
410 <auth:DisplayName>Primary SID</auth:DisplayName>
411 <auth:Description>The primary SID of the user</auth:Description>
412 </auth:ClaimType>
413 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true">
414 <auth:DisplayName>Windows account name</auth:DisplayName>
415 <auth:Description>The domain account name of the user in the form of domain\user</auth:Description>
416 </auth:ClaimType>
417 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" Optional="true">
418 <auth:DisplayName>Is Registered User</auth:DisplayName>
419 <auth:Description>User is registered to use this device</auth:Description>
420 </auth:ClaimType>
421 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" Optional="true">
422 <auth:DisplayName>Device Identifier</auth:DisplayName>
423 <auth:Description>Identifier of the device</auth:Description>
424 </auth:ClaimType>
425 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" Optional="true">
426 <auth:DisplayName>Device Registration Identifier</auth:DisplayName>
427 <auth:Description>Identifier for Device Registration</auth:Description>
428 </auth:ClaimType>
429 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" Optional="true">
430 <auth:DisplayName>Device Registration DisplayName</auth:DisplayName>
431 <auth:Description>Display name of Device Registration</auth:Description>
432 </auth:ClaimType>
433 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" Optional="true">
434 <auth:DisplayName>Device OS type</auth:DisplayName>
435 <auth:Description>OS type of the device</auth:Description>
436 </auth:ClaimType>
437 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" Optional="true">
438 <auth:DisplayName>Device OS Version</auth:DisplayName>
439 <auth:Description>OS version of the device</auth:Description>
440 </auth:ClaimType>
441 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" Optional="true">
442 <auth:DisplayName>Is Managed Device</auth:DisplayName>
443 <auth:Description>Device is managed by a management service</auth:Description>
444 </auth:ClaimType>
445 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" Optional="true">
446 <auth:DisplayName>Forwarded Client IP</auth:DisplayName>
447 <auth:Description>IP address of the user</auth:Description>
448 </auth:ClaimType>
449 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" Optional="true">
450 <auth:DisplayName>Client Application</auth:DisplayName>
451 <auth:Description>Type of the Client Application</auth:Description>
452 </auth:ClaimType>
453 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" Optional="true">
454 <auth:DisplayName>Client User Agent</auth:DisplayName>
455 <auth:Description>Device type the client is using to access the application</auth:Description>
456 </auth:ClaimType>
457 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" Optional="true">
458 <auth:DisplayName>Client IP</auth:DisplayName>
459 <auth:Description>IP address of the client</auth:Description>
460 </auth:ClaimType>
461 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" Optional="true">
462 <auth:DisplayName>Endpoint Path</auth:DisplayName>
463 <auth:Description>Absolute Endpoint path which can be used to determine active versus passive clients</auth:Description>
464 </auth:ClaimType>
465 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" Optional="true">
466 <auth:DisplayName>Proxy</auth:DisplayName>
467 <auth:Description>DNS name of the federation server proxy that passed the request</auth:Description>
468 </auth:ClaimType>
469 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" Optional="true">
470 <auth:DisplayName>Application Identifier</auth:DisplayName>
471 <auth:Description>Identifier for the Relying Party</auth:Description>
472 </auth:ClaimType>
473 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" Optional="true">
474 <auth:DisplayName>Application policies</auth:DisplayName>
475 <auth:Description>Application policies of the certificate</auth:Description>
476 </auth:ClaimType>
477 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" Optional="true">
478 <auth:DisplayName>Authority Key Identifier</auth:DisplayName>
479 <auth:Description>The Authority Key Identifier extension of the certificate that signed an issued certificate</auth:Description>
480 </auth:ClaimType>
481 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" Optional="true">
482 <auth:DisplayName>Basic Constraint</auth:DisplayName>
483 <auth:Description>One of the basic constraints of the certificate</auth:Description>
484 </auth:ClaimType>
485 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" Optional="true">
486 <auth:DisplayName>Enhanced Key Usage</auth:DisplayName>
487 <auth:Description>Describes one of the enhanced key usages of the certificate</auth:Description>
488 </auth:ClaimType>
489 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" Optional="true">
490 <auth:DisplayName>Issuer</auth:DisplayName>
491 <auth:Description>The name of the certificate authority that issued the X.509 certificate</auth:Description>
492 </auth:ClaimType>
493 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" Optional="true">
494 <auth:DisplayName>Issuer Name</auth:DisplayName>
495 <auth:Description>The distinguished name of the certificate issuer</auth:Description>
496 </auth:ClaimType>
497 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" Optional="true">
498 <auth:DisplayName>Key Usage</auth:DisplayName>
499 <auth:Description>One of the key usages of the certificate</auth:Description>
500 </auth:ClaimType>
501 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" Optional="true">
502 <auth:DisplayName>Not After</auth:DisplayName>
503 <auth:Description>Date in local time after which a certificate is no longer valid</auth:Description>
504 </auth:ClaimType>
505 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" Optional="true">
506 <auth:DisplayName>Not Before</auth:DisplayName>
507 <auth:Description>The date in local time on which a certificate becomes valid</auth:Description>
508 </auth:ClaimType>
509 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" Optional="true">
510 <auth:DisplayName>Certificate Policies</auth:DisplayName>
511 <auth:Description>The policies under which the certificate has been issued</auth:Description>
512 </auth:ClaimType>
513 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" Optional="true">
514 <auth:DisplayName>Public Key</auth:DisplayName>
515 <auth:Description>Public Key of the certificate</auth:Description>
516 </auth:ClaimType>
517 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" Optional="true">
518 <auth:DisplayName>Certificate Raw Data</auth:DisplayName>
519 <auth:Description>The raw data of the certificate</auth:Description>
520 </auth:ClaimType>
521 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" Optional="true">
522 <auth:DisplayName>Subject Alternative Name</auth:DisplayName>
523 <auth:Description>One of the alternative names of the certificate</auth:Description>
524 </auth:ClaimType>
525 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" Optional="true">
526 <auth:DisplayName>Serial Number</auth:DisplayName>
527 <auth:Description>The serial number of a certificate</auth:Description>
528 </auth:ClaimType>
529 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" Optional="true">
530 <auth:DisplayName>Signature Algorithm</auth:DisplayName>
531 <auth:Description>The algorithm used to create the signature of a certificate</auth:Description>
532 </auth:ClaimType>
533 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" Optional="true">
534 <auth:DisplayName>Subject</auth:DisplayName>
535 <auth:Description>The subject from the certificate</auth:Description>
536 </auth:ClaimType>
537 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" Optional="true">
538 <auth:DisplayName>Subject Key Identifier</auth:DisplayName>
539 <auth:Description>Describes the subject key identifier of the certificate</auth:Description>
540 </auth:ClaimType>
541 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" Optional="true">
542 <auth:DisplayName>Subject Name</auth:DisplayName>
543 <auth:Description>The subject distinguished name from a certificate</auth:Description>
544 </auth:ClaimType>
545 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" Optional="true">
546 <auth:DisplayName>V2 Template Name</auth:DisplayName>
547 <auth:Description>The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description>
548 </auth:ClaimType>
549 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" Optional="true">
550 <auth:DisplayName>V1 Template Name</auth:DisplayName>
551 <auth:Description>The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.</auth:Description>
552 </auth:ClaimType>
553 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" Optional="true">
554 <auth:DisplayName>Thumbprint</auth:DisplayName>
555 <auth:Description>Thumbprint of the certificate</auth:Description>
556 </auth:ClaimType>
557 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" Optional="true">
558 <auth:DisplayName>X.509 Version</auth:DisplayName>
559 <auth:Description>The X.509 format version of a certificate</auth:Description>
560 </auth:ClaimType>
561 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" Optional="true">
562 <auth:DisplayName>Inside Corporate Network</auth:DisplayName>
563 <auth:Description>Used to indicate if a request originated inside corporate network</auth:Description>
564 </auth:ClaimType>
565 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" Optional="true">
566 <auth:DisplayName>Password Expiration Time</auth:DisplayName>
567 <auth:Description>Used to display the time when the password expires</auth:Description>
568 </auth:ClaimType>
569 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" Optional="true">
570 <auth:DisplayName>Password Expiration Days</auth:DisplayName>
571 <auth:Description>Used to display the number of days to password expiry</auth:Description>
572 </auth:ClaimType>
573 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" Optional="true">
574 <auth:DisplayName>Update Password URL</auth:DisplayName>
575 <auth:Description>Used to display the web address of update password service</auth:Description>
576 </auth:ClaimType>
577 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/authnmethodsreferences" Optional="true">
578 <auth:DisplayName>Authentication Methods References</auth:DisplayName>
579 <auth:Description>Used to indicate all authentication methods used to authenticate the user</auth:Description>
580 </auth:ClaimType>
581 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" Optional="true">
582 <auth:DisplayName>Client Request ID</auth:DisplayName>
583 <auth:Description>Identifier for a user session</auth:Description>
584 </auth:ClaimType>
585 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2013/11/alternateloginid" Optional="true">
586 <auth:DisplayName>Alternate Login ID</auth:DisplayName>
587 <auth:Description>Alternate login ID of the user</auth:Description>
588 </auth:ClaimType>
589 </fed:ClaimTypesOffered>
590 <fed:SecurityTokenServiceEndpoint>
591 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
592 <Address>https://www.example.com/adfs/services/trust/2005/certificatemixed</Address>
593 <Metadata>
594 <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
595 <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
596 <wsx:MetadataReference>
597 <Address xmlns="http://www.w3.org/2005/08/addressing">https://www.example.com/adfs/services/trust/mex</Address>
598 </wsx:MetadataReference>
599 </wsx:MetadataSection>
600 </Metadata>
601 </Metadata>
602 </EndpointReference>
603 </fed:SecurityTokenServiceEndpoint>
604 <fed:PassiveRequestorEndpoint>
605 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
606 <Address>https://www.example.com/adfs/ls/</Address>
607 </EndpointReference>
608 </fed:PassiveRequestorEndpoint>
609 </RoleDescriptor>
610 <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
611 <KeyDescriptor use="encryption">
612 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
613 <X509Data>
614 <X509Certificate>MIIDAjCCAeqgAwIBAgIQRra0nUbJhqFBNtFtXXUr4jANBgkqhkiG9w0BAQsFADA9MTswOQYDVQQDEzJBREZTIEVuY3J5cHRpb24gLSB3aW4yMDEycjItYWQtc3NvLnFhMS5pbW11bmV0LmNvbTAeFw0xNjEwMjExNDUwMDZaFw0xNzEwMjExNDUwMDZaMD0xOzA5BgNVBAMTMkFERlMgRW5jcnlwdGlvbiAtIHdpbjIwMTJyMi1hZC1zc28ucWExLmltbXVuZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdQOAO/jAtq6Kbdq87+APchTXGNKKr2H168l7iVu7bH/QEtQJg2a3XD5wXwbwAOsMHbIzdZfaEqn4coB6O2kvombJHSl1+ZSz5bm1JV79afPdvfcfw1RBN7WXt59di3WCCN2dUD6l9FJWjI61B83BSFPsJIXYewhPJRmFV+nbFAVPjLr5wQXWIXm2e5JSxKwpAU3kNuUOq57O1IKLXvsqTrb0j+LJyCEs8uum3Ex+K/BAzPn4P8Xq6kRmsHLUCivXyjMHmA1T/4S+HMvTRI08O6zYUYbpNDUztzuxYOjjcDRCyLxbWBJIDv2KVoXG5iGF61CFLhtKaWw8mBPF7OqpQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBDoG1K4XC/xPU3/0BZ0i6DqjzsRhelFB5U9Ufhen+qdx0IjgHwb06U0mUst53kPuLy/uABGUqBololQmctx+RB9A5+6b6Cm6ZQPNnxn2nopJNqT6VKKszsOnaphE6kVSFZUFOXQjezCIbyT22sBSa6lxG4wdun5vKThFh8tUDK1radniEKLrsdISgnVMl7KUYUlEDcy4hUOXR4DJkcbgryBgnP81pAUu01+0rfiLvJgpZnnhMRNYKrMC9X3jSdoSomh+SRV+Pld1j0QX3WambF38qd3AbQ/TXt8ytzh1NwIKkiRDGshkOwKItSbxEMLE2Qx1W4pal0e9J+An7+3eaB</X509Certificate>
615 </X509Data>
616 </KeyInfo>
617 </KeyDescriptor>
618 <KeyDescriptor use="signing">
619 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
620 <X509Data>
621 <X509Certificate>MIIC/DCCAeSgAwIBAgIQGobBMVmYz61AqNR/42A7NDANBgkqhkiG9w0BAQsFADA6MTgwNgYDVQQDEy9BREZTIFNpZ25pbmcgLSB3aW4yMDEycjItYWQtc3NvLnFhMS5pbW11bmV0LmNvbTAeFw0xNjEwMjExNDUwMDRaFw0xNzEwMjExNDUwMDRaMDoxODA2BgNVBAMTL0FERlMgU2lnbmluZyAtIHdpbjIwMTJyMi1hZC1zc28ucWExLmltbXVuZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvYden1ksmpxGGvnZGotnRwFCTOYknY4Ol0utUIYTYs/MTOZQtilSRWnsCFhPzUjXATMTF6kKuiH7LIow2QkYxv8JFMrc9FIUvxRauYJ/GVmedT9gMF2nh62Evi9DExDTM5xRM3bmircPB3cwg6M1BixcbvQtlRj37IEXEApk5ZAY24jivElnsQWwCIV9tLL9Kv4pBCDvQiZl6Bjk4ZRulyKolQDd9+S0tXISo+OaxQ6WwXbOFDIekUBgNE6ivXrbPH1+CP+paDAMB6vpj5C+o2c3rP9X53Dk4ig0mjw4mbOqd6p/S1Bs3cpNJb1F8RK9SgSxPIV7SIvI8u2FD+XdwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAlgP26UQUnC/3V1+ZlpCAWO6727MFNtsT/mue6PVEiydtjPurGF7cA4ljfk6E5QEB2U/Hhc4gh0VsbGTAP0g7m/BXAohaxG9S/1ITSj+8B/4IjLwQjUdPDuGcWHuRgOK84LMFj+Ial6zQUP1G4K0eQRFOEV3PeQVbyGDWBzxadFapN7k+BdDNJ1DgTDuEmJPmGAjHMM8I/m/G/UGQfCwZcB19pFPqhv+sV21D8BQ038y6j5Z3YXiIThdJ7LVTbOuN3dTXglgXIy0nPTx9YWGV9bf8hqVLwjYmsBRLH7lUoVxNjRkFeXCnbTrgT7AgG/94VlHtvnhJkCfQ3SMsAjwR3</X509Certificate>
622 </X509Data>
623 </KeyInfo>
624 </KeyDescriptor>
625 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/"/>
626 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/"/>
627 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
628 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
629 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
630 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/" index="0" isDefault="true"/>
631 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://www.example.com/adfs/ls/" index="1"/>
632 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/" index="2"/>
633 </SPSSODescriptor>
634 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
635 <KeyDescriptor use="encryption">
636 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
637 <X509Data>
638 <X509Certificate>MIIDAjCCAeqgAwIBAgIQRra0nUbJhqFBNtFtXXUr4jANBgkqhkiG9w0BAQsFADA9MTswOQYDVQQDEzJBREZTIEVuY3J5cHRpb24gLSB3aW4yMDEycjItYWQtc3NvLnFhMS5pbW11bmV0LmNvbTAeFw0xNjEwMjExNDUwMDZaFw0xNzEwMjExNDUwMDZaMD0xOzA5BgNVBAMTMkFERlMgRW5jcnlwdGlvbiAtIHdpbjIwMTJyMi1hZC1zc28ucWExLmltbXVuZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdQOAO/jAtq6Kbdq87+APchTXGNKKr2H168l7iVu7bH/QEtQJg2a3XD5wXwbwAOsMHbIzdZfaEqn4coB6O2kvombJHSl1+ZSz5bm1JV79afPdvfcfw1RBN7WXt59di3WCCN2dUD6l9FJWjI61B83BSFPsJIXYewhPJRmFV+nbFAVPjLr5wQXWIXm2e5JSxKwpAU3kNuUOq57O1IKLXvsqTrb0j+LJyCEs8uum3Ex+K/BAzPn4P8Xq6kRmsHLUCivXyjMHmA1T/4S+HMvTRI08O6zYUYbpNDUztzuxYOjjcDRCyLxbWBJIDv2KVoXG5iGF61CFLhtKaWw8mBPF7OqpQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBDoG1K4XC/xPU3/0BZ0i6DqjzsRhelFB5U9Ufhen+qdx0IjgHwb06U0mUst53kPuLy/uABGUqBololQmctx+RB9A5+6b6Cm6ZQPNnxn2nopJNqT6VKKszsOnaphE6kVSFZUFOXQjezCIbyT22sBSa6lxG4wdun5vKThFh8tUDK1radniEKLrsdISgnVMl7KUYUlEDcy4hUOXR4DJkcbgryBgnP81pAUu01+0rfiLvJgpZnnhMRNYKrMC9X3jSdoSomh+SRV+Pld1j0QX3WambF38qd3AbQ/TXt8ytzh1NwIKkiRDGshkOwKItSbxEMLE2Qx1W4pal0e9J+An7+3eaB</X509Certificate>
639 </X509Data>
640 </KeyInfo>
641 </KeyDescriptor>
642 <KeyDescriptor use="signing">
643 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
644 <X509Data>
645 <X509Certificate>MIIC/DCCAeSgAwIBAgIQGobBMVmYz61AqNR/42A7NDANBgkqhkiG9w0BAQsFADA6MTgwNgYDVQQDEy9BREZTIFNpZ25pbmcgLSB3aW4yMDEycjItYWQtc3NvLnFhMS5pbW11bmV0LmNvbTAeFw0xNjEwMjExNDUwMDRaFw0xNzEwMjExNDUwMDRaMDoxODA2BgNVBAMTL0FERlMgU2lnbmluZyAtIHdpbjIwMTJyMi1hZC1zc28ucWExLmltbXVuZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvYden1ksmpxGGvnZGotnRwFCTOYknY4Ol0utUIYTYs/MTOZQtilSRWnsCFhPzUjXATMTF6kKuiH7LIow2QkYxv8JFMrc9FIUvxRauYJ/GVmedT9gMF2nh62Evi9DExDTM5xRM3bmircPB3cwg6M1BixcbvQtlRj37IEXEApk5ZAY24jivElnsQWwCIV9tLL9Kv4pBCDvQiZl6Bjk4ZRulyKolQDd9+S0tXISo+OaxQ6WwXbOFDIekUBgNE6ivXrbPH1+CP+paDAMB6vpj5C+o2c3rP9X53Dk4ig0mjw4mbOqd6p/S1Bs3cpNJb1F8RK9SgSxPIV7SIvI8u2FD+XdwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAlgP26UQUnC/3V1+ZlpCAWO6727MFNtsT/mue6PVEiydtjPurGF7cA4ljfk6E5QEB2U/Hhc4gh0VsbGTAP0g7m/BXAohaxG9S/1ITSj+8B/4IjLwQjUdPDuGcWHuRgOK84LMFj+Ial6zQUP1G4K0eQRFOEV3PeQVbyGDWBzxadFapN7k+BdDNJ1DgTDuEmJPmGAjHMM8I/m/G/UGQfCwZcB19pFPqhv+sV21D8BQ038y6j5Z3YXiIThdJ7LVTbOuN3dTXglgXIy0nPTx9YWGV9bf8hqVLwjYmsBRLH7lUoVxNjRkFeXCnbTrgT7AgG/94VlHtvnhJkCfQ3SMsAjwR3</X509Certificate>
646 </X509Data>
647 </KeyInfo>
648 </KeyDescriptor>
649 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/"/>
650 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/"/>
651 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
652 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
653 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
654 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/"/>
655 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/"/>
656 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/>
657 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/>
658 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/>
659 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/>
660 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/>
661 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/>
662 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/>
663 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/>
664 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/>
665 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/>
666 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/>
667 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/>
668 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/>
669 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/>
670 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/>
671 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/>
672 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/>
673 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/>
674 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/>
675 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/>
676 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/>
677 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Registered User"/>
678 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Identifier"/>
679 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration Identifier"/>
680 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device Registration DisplayName"/>
681 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS type"/>
682 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Device OS Version"/>
683 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Is Managed Device"/>
684 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Forwarded Client IP"/>
685 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Application"/>
686 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client User Agent"/>
687 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client IP"/>
688 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Endpoint Path"/>
689 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Proxy"/>
690 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application Identifier"/>
691 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Application policies"/>
692 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authority Key Identifier"/>
693 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Basic Constraint"/>
694 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Enhanced Key Usage"/>
695 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer"/>
696 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Issuer Name"/>
697 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Key Usage"/>
698 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not After"/>
699 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Not Before"/>
700 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Policies"/>
701 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Public Key"/>
702 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Certificate Raw Data"/>
703 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Alternative Name"/>
704 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Serial Number"/>
705 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Signature Algorithm"/>
706 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject"/>
707 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Key Identifier"/>
708 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Subject Name"/>
709 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V2 Template Name"/>
710 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="V1 Template Name"/>
711 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Thumbprint"/>
712 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="X.509 Version"/>
713 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Inside Corporate Network"/>
714 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Time"/>
715 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Password Expiration Days"/>
716 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Update Password URL"/>
717 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/claims/authnmethodsreferences" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication Methods References"/>
718 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Client Request ID"/>
719 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2013/11/alternateloginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Alternate Login ID"/>
720 </IDPSSODescriptor>
721 <ContactPerson contactType="support">
722 <GivenName></GivenName>
723 <SurName></SurName>
724 <EmailAddress></EmailAddress>
725 <TelephoneNumber/>
726 </ContactPerson>
727</EntityDescriptor>