main
1<?xml version="1.0"?>
2<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ac843efd-be77-4851-9d2f-1cc2f071c15a" entityID="https://www.example.com/adfs/services/trust">
3 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
4 <ds:SignedInfo>
5 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
6 <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
7 <ds:Reference URI="#_ac843efd-be77-4851-9d2f-1cc2f071c15a">
8 <ds:Transforms>
9 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
10 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
11 </ds:Transforms>
12 <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
13 <ds:DigestValue>de3Vuh/NKHihVAwJO9v40Dija1BPqn85JC2hCKVr/qw=</ds:DigestValue>
14 </ds:Reference>
15 </ds:SignedInfo>
16 <ds:SignatureValue>crVFOJkxK+4o4R+zyqH/YW0dUgYO8DKYBlxgvdkBkKZlzjbWLNxM+urJs2pqpMMAnOh4gB61JTW/xT+MXOOGLtU6/98SRQaGWvDeZ4QzD/ijnw8nlBa4IS7lqrRuZBMBXPg206yDYWwZQCq3t/ZlcNm56G7GiNGShdijfIXXlVvUGi5eHxi47ojJYlvOZGSWgZanSB+gnpgRK3Qhu3cU6RXFBnp8qJQhc+Jioq51HbP7bFA6b3djVHWZD3E27HQmDbuUIB1Mwv9AOid8Z/zGQVNXZ8U8CZdfqK7dXz4PUXAjO/5GX/Iwnx3dhOWrfjooVDMXVpxwyn6ETLiQNI/Lhg==</ds:SignatureValue>
17 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
18 <X509Data>
19 <X509Certificate>MIIC9DCCAdygAwIBAgIQPUYupdctSKhFxrjyD5572DANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDEytBREZTIFNpZ25pbmcgLSBXSU4tOE5QUEcwME5BQlIuMms4c3NvLmxvY2FsMB4XDTE2MTAwNjIwMzUyMFoXDTE3MTAwNjIwMzUyMFowNjE0MDIGA1UEAxMrQURGUyBTaWduaW5nIC0gV0lOLThOUFBHMDBOQUJSLjJrOHNzby5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBy5neD7sTZ1LJ4ah5tBOYYXvLaTslgyCizqx7vRBsBi9Se+a2Wvo/0KuLe2LtTo4TGA9j0j/1fS4Je3zGDE3DJn4eodRH34XRIerHuTB8EzjarTE6uxWzpaLhnrzbfFi/BDVX7flf3YDavtmqWJGaKcI155zVl9+Iyp7YOXLpmZumsrVi5L8Xcb79C99T/ErMKS7tXLvBvPslKABqm7+09Btdu/JCpKpEL+dxKaGj2VRjz1nFgXZPZJ+37nPkThjt3IvAitYzQCIme926AXBoMnS09yG5QN9Y+i8Fk+2YbSkxQTf+6xnxk51NytIzF8VRumNjZu2moOp5THp+Um2UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADzxFG5vtFjnz8SBicenB11wODN6+MP3p+WZGy69eJcig/mq8C4OnOSY9CnQNVhEVgEL8RRmx9TQ3CWrX4QACCQOS9RDlULdczGNnN3hqkj4m/AtyFisbT1f0U+fBK1W3rEo1IqL0b189O7dPDFDr4lmZq7rc9IkbkPEoIR+saC9krUkEf7wBL0pA7hB591Hk5pxx58L4V5qYADoPinOfHM7/7A2N3TC+L21HerIDSzIHdVNb5dQp0BwU+E7A/6DqRtw74SyjPVIoPC/2HDwwhuDmV0/ve5ADSl9yYh06hdOrGg0khlP65N38BbZGYMRaul/EeIZTYNbzSVfBNORtaQ==</X509Certificate>
20 </X509Data>
21 </KeyInfo>
22 </ds:Signature>
23 <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="www.example.com">
24 <KeyDescriptor use="encryption">
25 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
26 <X509Data>
27 <X509Certificate>MIIC+jCCAeKgAwIBAgIQHjTznGekMIhCsGKTYQfDSjANBgkqhkiG9w0BAQsFADA5MTcwNQYDVQQDEy5BREZTIEVuY3J5cHRpb24gLSBXSU4tOE5QUEcwME5BQlIuMms4c3NvLmxvY2FsMB4XDTE2MTAwNjIwMzUyMVoXDTE3MTAwNjIwMzUyMVowOTE3MDUGA1UEAxMuQURGUyBFbmNyeXB0aW9uIC0gV0lOLThOUFBHMDBOQUJSLjJrOHNzby5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKx9AQ55jyNebZ/n5/WRx8FTQHtEOUUFfoaO6MogC79rsDBdnFrQZh718vTFIV69kRNI9olBlIShcq9OJ2ZIyA1l1o4aBE5VqUpDq+ReNnlsRmwRStGrwibmfPTQQmwcrO6EqjdIcANYHpOpcsqrP7+s7k1kKGE73nZCCzjlcA63xTJHhC1VmxogHnWOutXYVr1KHwGuWZIF6ElfoGorOmaVq7IOrkAwtwHZXwGz7iD9AWiCZF9c9U+aroPCp0enUgZ4XFk59muYl8GReiRIL/D2Lk/WB6Bz5/5qyJlCcB+BJPMYCfLmllyzN17S2L6kCGEpqL9BhAXf5ZAJDTN1wJsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAD2frFw+c35baIX1b1daIU+9+o03pzJSLnCdMK0Fy/HAsHQGP8muKGCXdfFCy/cVZ8NxCXX9TsvtiXHyfasQ+H+RJVrer5zRhsQUn1mxP6vNGshpY6cJqkXy1jrZA+af53P3ntUi4Ygu1ofzmleULHmK8m6zAGms1GT6ae82OoAfo7YOYwK5/QWWvOla4uF06fw8mfMRkKFEn/CFU1LAxaJ39tO+8/01VQe+bQaBGH7dmLhfkeMsi+oo3t+uQYdPuPP+WhpsVSEFqgMuzeoo2ZVbfvJUuQNiKvEx97VRe1CAhDasTIlkmN4Fj2Dxkia7nC1esYZd7YQ2LoeDGjyO7oA==</X509Certificate>
28 </X509Data>
29 </KeyInfo>
30 </KeyDescriptor>
31 <fed:ClaimTypesRequested>
32 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
33 <auth:DisplayName>E-Mail Address</auth:DisplayName>
34 <auth:Description>The e-mail address of the user</auth:Description>
35 </auth:ClaimType>
36 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
37 <auth:DisplayName>Given Name</auth:DisplayName>
38 <auth:Description>The given name of the user</auth:Description>
39 </auth:ClaimType>
40 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
41 <auth:DisplayName>Name</auth:DisplayName>
42 <auth:Description>The unique name of the user</auth:Description>
43 </auth:ClaimType>
44 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true">
45 <auth:DisplayName>UPN</auth:DisplayName>
46 <auth:Description>The user principal name (UPN) of the user</auth:Description>
47 </auth:ClaimType>
48 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true">
49 <auth:DisplayName>Common Name</auth:DisplayName>
50 <auth:Description>The common name of the user</auth:Description>
51 </auth:ClaimType>
52 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true">
53 <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
54 <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
55 </auth:ClaimType>
56 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true">
57 <auth:DisplayName>Group</auth:DisplayName>
58 <auth:Description>A group that the user is a member of</auth:Description>
59 </auth:ClaimType>
60 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true">
61 <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
62 <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
63 </auth:ClaimType>
64 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
65 <auth:DisplayName>Role</auth:DisplayName>
66 <auth:Description>A role that the user has</auth:Description>
67 </auth:ClaimType>
68 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
69 <auth:DisplayName>Surname</auth:DisplayName>
70 <auth:Description>The surname of the user</auth:Description>
71 </auth:ClaimType>
72 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true">
73 <auth:DisplayName>PPID</auth:DisplayName>
74 <auth:Description>The private identifier of the user</auth:Description>
75 </auth:ClaimType>
76 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
77 <auth:DisplayName>Name ID</auth:DisplayName>
78 <auth:Description>The SAML name identifier of the user</auth:Description>
79 </auth:ClaimType>
80 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
81 <auth:DisplayName>Authentication time stamp</auth:DisplayName>
82 <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
83 </auth:ClaimType>
84 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
85 <auth:DisplayName>Authentication method</auth:DisplayName>
86 <auth:Description>The method used to authenticate the user</auth:Description>
87 </auth:ClaimType>
88 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true">
89 <auth:DisplayName>Deny only group SID</auth:DisplayName>
90 <auth:Description>The deny-only group SID of the user</auth:Description>
91 </auth:ClaimType>
92 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true">
93 <auth:DisplayName>Deny only primary SID</auth:DisplayName>
94 <auth:Description>The deny-only primary SID of the user</auth:Description>
95 </auth:ClaimType>
96 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true">
97 <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
98 <auth:Description>The deny-only primary group SID of the user</auth:Description>
99 </auth:ClaimType>
100 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true">
101 <auth:DisplayName>Group SID</auth:DisplayName>
102 <auth:Description>The group SID of the user</auth:Description>
103 </auth:ClaimType>
104 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true">
105 <auth:DisplayName>Primary group SID</auth:DisplayName>
106 <auth:Description>The primary group SID of the user</auth:Description>
107 </auth:ClaimType>
108 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true">
109 <auth:DisplayName>Primary SID</auth:DisplayName>
110 <auth:Description>The primary SID of the user</auth:Description>
111 </auth:ClaimType>
112 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true">
113 <auth:DisplayName>Windows account name</auth:DisplayName>
114 <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description>
115 </auth:ClaimType>
116 </fed:ClaimTypesRequested>
117 <fed:TargetScopes>
118 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
119 <Address>https://www.example.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address>
120 </EndpointReference>
121 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
122 <Address>https://wwww.example.com/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256</Address>
123 </EndpointReference>
124 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
125 <Address>https://wwww.example.com/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256</Address>
126 </EndpointReference>
127 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
128 <Address>https://www.example.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</Address>
129 </EndpointReference>
130 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
131 <Address>https://www.example.com/adfs/ls/</Address>
132 </EndpointReference>
133 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
134 <Address>https://www.example.com/adfs/services/trust</Address>
135 </EndpointReference>
136 </fed:TargetScopes>
137 <fed:ApplicationServiceEndpoint>
138 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
139 <Address>https://www.example.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256</Address>
140 </EndpointReference>
141 </fed:ApplicationServiceEndpoint>
142 <fed:PassiveRequestorEndpoint>
143 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
144 <Address>https://www.example.com/adfs/ls/</Address>
145 </EndpointReference>
146 </fed:PassiveRequestorEndpoint>
147 </RoleDescriptor>
148 <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="www.example.com">
149 <KeyDescriptor use="signing">
150 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
151 <X509Data>
152 <X509Certificate>MIIC9DCCAdygAwIBAgIQPUYupdctSKhFxrjyD5572DANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDEytBREZTIFNpZ25pbmcgLSBXSU4tOE5QUEcwME5BQlIuMms4c3NvLmxvY2FsMB4XDTE2MTAwNjIwMzUyMFoXDTE3MTAwNjIwMzUyMFowNjE0MDIGA1UEAxMrQURGUyBTaWduaW5nIC0gV0lOLThOUFBHMDBOQUJSLjJrOHNzby5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBy5neD7sTZ1LJ4ah5tBOYYXvLaTslgyCizqx7vRBsBi9Se+a2Wvo/0KuLe2LtTo4TGA9j0j/1fS4Je3zGDE3DJn4eodRH34XRIerHuTB8EzjarTE6uxWzpaLhnrzbfFi/BDVX7flf3YDavtmqWJGaKcI155zVl9+Iyp7YOXLpmZumsrVi5L8Xcb79C99T/ErMKS7tXLvBvPslKABqm7+09Btdu/JCpKpEL+dxKaGj2VRjz1nFgXZPZJ+37nPkThjt3IvAitYzQCIme926AXBoMnS09yG5QN9Y+i8Fk+2YbSkxQTf+6xnxk51NytIzF8VRumNjZu2moOp5THp+Um2UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADzxFG5vtFjnz8SBicenB11wODN6+MP3p+WZGy69eJcig/mq8C4OnOSY9CnQNVhEVgEL8RRmx9TQ3CWrX4QACCQOS9RDlULdczGNnN3hqkj4m/AtyFisbT1f0U+fBK1W3rEo1IqL0b189O7dPDFDr4lmZq7rc9IkbkPEoIR+saC9krUkEf7wBL0pA7hB591Hk5pxx58L4V5qYADoPinOfHM7/7A2N3TC+L21HerIDSzIHdVNb5dQp0BwU+E7A/6DqRtw74SyjPVIoPC/2HDwwhuDmV0/ve5ADSl9yYh06hdOrGg0khlP65N38BbZGYMRaul/EeIZTYNbzSVfBNORtaQ==</X509Certificate>
153 </X509Data>
154 </KeyInfo>
155 </KeyDescriptor>
156 <fed:TokenTypesOffered>
157 <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion"/>
158 <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion"/>
159 </fed:TokenTypesOffered>
160 <fed:ClaimTypesOffered>
161 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
162 <auth:DisplayName>E-Mail Address</auth:DisplayName>
163 <auth:Description>The e-mail address of the user</auth:Description>
164 </auth:ClaimType>
165 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
166 <auth:DisplayName>Given Name</auth:DisplayName>
167 <auth:Description>The given name of the user</auth:Description>
168 </auth:ClaimType>
169 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
170 <auth:DisplayName>Name</auth:DisplayName>
171 <auth:Description>The unique name of the user</auth:Description>
172 </auth:ClaimType>
173 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true">
174 <auth:DisplayName>UPN</auth:DisplayName>
175 <auth:Description>The user principal name (UPN) of the user</auth:Description>
176 </auth:ClaimType>
177 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true">
178 <auth:DisplayName>Common Name</auth:DisplayName>
179 <auth:Description>The common name of the user</auth:Description>
180 </auth:ClaimType>
181 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true">
182 <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName>
183 <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
184 </auth:ClaimType>
185 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true">
186 <auth:DisplayName>Group</auth:DisplayName>
187 <auth:Description>A group that the user is a member of</auth:Description>
188 </auth:ClaimType>
189 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true">
190 <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName>
191 <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description>
192 </auth:ClaimType>
193 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
194 <auth:DisplayName>Role</auth:DisplayName>
195 <auth:Description>A role that the user has</auth:Description>
196 </auth:ClaimType>
197 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
198 <auth:DisplayName>Surname</auth:DisplayName>
199 <auth:Description>The surname of the user</auth:Description>
200 </auth:ClaimType>
201 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" Optional="true">
202 <auth:DisplayName>PPID</auth:DisplayName>
203 <auth:Description>The private identifier of the user</auth:Description>
204 </auth:ClaimType>
205 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
206 <auth:DisplayName>Name ID</auth:DisplayName>
207 <auth:Description>The SAML name identifier of the user</auth:Description>
208 </auth:ClaimType>
209 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
210 <auth:DisplayName>Authentication time stamp</auth:DisplayName>
211 <auth:Description>Used to display the time and date that the user was authenticated</auth:Description>
212 </auth:ClaimType>
213 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
214 <auth:DisplayName>Authentication method</auth:DisplayName>
215 <auth:Description>The method used to authenticate the user</auth:Description>
216 </auth:ClaimType>
217 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" Optional="true">
218 <auth:DisplayName>Deny only group SID</auth:DisplayName>
219 <auth:Description>The deny-only group SID of the user</auth:Description>
220 </auth:ClaimType>
221 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" Optional="true">
222 <auth:DisplayName>Deny only primary SID</auth:DisplayName>
223 <auth:Description>The deny-only primary SID of the user</auth:Description>
224 </auth:ClaimType>
225 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" Optional="true">
226 <auth:DisplayName>Deny only primary group SID</auth:DisplayName>
227 <auth:Description>The deny-only primary group SID of the user</auth:Description>
228 </auth:ClaimType>
229 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Optional="true">
230 <auth:DisplayName>Group SID</auth:DisplayName>
231 <auth:Description>The group SID of the user</auth:Description>
232 </auth:ClaimType>
233 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" Optional="true">
234 <auth:DisplayName>Primary group SID</auth:DisplayName>
235 <auth:Description>The primary group SID of the user</auth:Description>
236 </auth:ClaimType>
237 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" Optional="true">
238 <auth:DisplayName>Primary SID</auth:DisplayName>
239 <auth:Description>The primary SID of the user</auth:Description>
240 </auth:ClaimType>
241 <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" Optional="true">
242 <auth:DisplayName>Windows account name</auth:DisplayName>
243 <auth:Description>The domain account name of the user in the form of <domain>\<user></auth:Description>
244 </auth:ClaimType>
245 </fed:ClaimTypesOffered>
246 <fed:SecurityTokenServiceEndpoint>
247 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
248 <Address>https://www.example.com/adfs/services/trust/2005/certificatemixed</Address>
249 <Metadata>
250 <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
251 <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
252 <wsx:MetadataReference>
253 <Address xmlns="http://www.w3.org/2005/08/addressing">https://www.example.com/adfs/services/trust/mex</Address>
254 </wsx:MetadataReference>
255 </wsx:MetadataSection>
256 </Metadata>
257 </Metadata>
258 </EndpointReference>
259 </fed:SecurityTokenServiceEndpoint>
260 <fed:PassiveRequestorEndpoint>
261 <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
262 <Address>https://www.example.com/adfs/ls/</Address>
263 </EndpointReference>
264 </fed:PassiveRequestorEndpoint>
265 </RoleDescriptor>
266 <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
267 <KeyDescriptor use="encryption">
268 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
269 <X509Data>
270 <X509Certificate>MIIC+jCCAeKgAwIBAgIQHjTznGekMIhCsGKTYQfDSjANBgkqhkiG9w0BAQsFADA5MTcwNQYDVQQDEy5BREZTIEVuY3J5cHRpb24gLSBXSU4tOE5QUEcwME5BQlIuMms4c3NvLmxvY2FsMB4XDTE2MTAwNjIwMzUyMVoXDTE3MTAwNjIwMzUyMVowOTE3MDUGA1UEAxMuQURGUyBFbmNyeXB0aW9uIC0gV0lOLThOUFBHMDBOQUJSLjJrOHNzby5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKx9AQ55jyNebZ/n5/WRx8FTQHtEOUUFfoaO6MogC79rsDBdnFrQZh718vTFIV69kRNI9olBlIShcq9OJ2ZIyA1l1o4aBE5VqUpDq+ReNnlsRmwRStGrwibmfPTQQmwcrO6EqjdIcANYHpOpcsqrP7+s7k1kKGE73nZCCzjlcA63xTJHhC1VmxogHnWOutXYVr1KHwGuWZIF6ElfoGorOmaVq7IOrkAwtwHZXwGz7iD9AWiCZF9c9U+aroPCp0enUgZ4XFk59muYl8GReiRIL/D2Lk/WB6Bz5/5qyJlCcB+BJPMYCfLmllyzN17S2L6kCGEpqL9BhAXf5ZAJDTN1wJsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAD2frFw+c35baIX1b1daIU+9+o03pzJSLnCdMK0Fy/HAsHQGP8muKGCXdfFCy/cVZ8NxCXX9TsvtiXHyfasQ+H+RJVrer5zRhsQUn1mxP6vNGshpY6cJqkXy1jrZA+af53P3ntUi4Ygu1ofzmleULHmK8m6zAGms1GT6ae82OoAfo7YOYwK5/QWWvOla4uF06fw8mfMRkKFEn/CFU1LAxaJ39tO+8/01VQe+bQaBGH7dmLhfkeMsi+oo3t+uQYdPuPP+WhpsVSEFqgMuzeoo2ZVbfvJUuQNiKvEx97VRe1CAhDasTIlkmN4Fj2Dxkia7nC1esYZd7YQ2LoeDGjyO7oA==</X509Certificate>
271 </X509Data>
272 </KeyInfo>
273 </KeyDescriptor>
274 <KeyDescriptor use="signing">
275 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
276 <X509Data>
277 <X509Certificate>MIIC9DCCAdygAwIBAgIQPUYupdctSKhFxrjyD5572DANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDEytBREZTIFNpZ25pbmcgLSBXSU4tOE5QUEcwME5BQlIuMms4c3NvLmxvY2FsMB4XDTE2MTAwNjIwMzUyMFoXDTE3MTAwNjIwMzUyMFowNjE0MDIGA1UEAxMrQURGUyBTaWduaW5nIC0gV0lOLThOUFBHMDBOQUJSLjJrOHNzby5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBy5neD7sTZ1LJ4ah5tBOYYXvLaTslgyCizqx7vRBsBi9Se+a2Wvo/0KuLe2LtTo4TGA9j0j/1fS4Je3zGDE3DJn4eodRH34XRIerHuTB8EzjarTE6uxWzpaLhnrzbfFi/BDVX7flf3YDavtmqWJGaKcI155zVl9+Iyp7YOXLpmZumsrVi5L8Xcb79C99T/ErMKS7tXLvBvPslKABqm7+09Btdu/JCpKpEL+dxKaGj2VRjz1nFgXZPZJ+37nPkThjt3IvAitYzQCIme926AXBoMnS09yG5QN9Y+i8Fk+2YbSkxQTf+6xnxk51NytIzF8VRumNjZu2moOp5THp+Um2UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADzxFG5vtFjnz8SBicenB11wODN6+MP3p+WZGy69eJcig/mq8C4OnOSY9CnQNVhEVgEL8RRmx9TQ3CWrX4QACCQOS9RDlULdczGNnN3hqkj4m/AtyFisbT1f0U+fBK1W3rEo1IqL0b189O7dPDFDr4lmZq7rc9IkbkPEoIR+saC9krUkEf7wBL0pA7hB591Hk5pxx58L4V5qYADoPinOfHM7/7A2N3TC+L21HerIDSzIHdVNb5dQp0BwU+E7A/6DqRtw74SyjPVIoPC/2HDwwhuDmV0/ve5ADSl9yYh06hdOrGg0khlP65N38BbZGYMRaul/EeIZTYNbzSVfBNORtaQ==</X509Certificate>
278 </X509Data>
279 </KeyInfo>
280 </KeyDescriptor>
281 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/"/>
282 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/"/>
283 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
284 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
285 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
286 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/" index="0" isDefault="true"/>
287 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://www.example.com/adfs/ls/" index="1"/>
288 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/" index="2"/>
289 </SPSSODescriptor>
290 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
291 <KeyDescriptor use="encryption">
292 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
293 <X509Data>
294 <X509Certificate>MIIC+jCCAeKgAwIBAgIQHjTznGekMIhCsGKTYQfDSjANBgkqhkiG9w0BAQsFADA5MTcwNQYDVQQDEy5BREZTIEVuY3J5cHRpb24gLSBXSU4tOE5QUEcwME5BQlIuMms4c3NvLmxvY2FsMB4XDTE2MTAwNjIwMzUyMVoXDTE3MTAwNjIwMzUyMVowOTE3MDUGA1UEAxMuQURGUyBFbmNyeXB0aW9uIC0gV0lOLThOUFBHMDBOQUJSLjJrOHNzby5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKx9AQ55jyNebZ/n5/WRx8FTQHtEOUUFfoaO6MogC79rsDBdnFrQZh718vTFIV69kRNI9olBlIShcq9OJ2ZIyA1l1o4aBE5VqUpDq+ReNnlsRmwRStGrwibmfPTQQmwcrO6EqjdIcANYHpOpcsqrP7+s7k1kKGE73nZCCzjlcA63xTJHhC1VmxogHnWOutXYVr1KHwGuWZIF6ElfoGorOmaVq7IOrkAwtwHZXwGz7iD9AWiCZF9c9U+aroPCp0enUgZ4XFk59muYl8GReiRIL/D2Lk/WB6Bz5/5qyJlCcB+BJPMYCfLmllyzN17S2L6kCGEpqL9BhAXf5ZAJDTN1wJsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAD2frFw+c35baIX1b1daIU+9+o03pzJSLnCdMK0Fy/HAsHQGP8muKGCXdfFCy/cVZ8NxCXX9TsvtiXHyfasQ+H+RJVrer5zRhsQUn1mxP6vNGshpY6cJqkXy1jrZA+af53P3ntUi4Ygu1ofzmleULHmK8m6zAGms1GT6ae82OoAfo7YOYwK5/QWWvOla4uF06fw8mfMRkKFEn/CFU1LAxaJ39tO+8/01VQe+bQaBGH7dmLhfkeMsi+oo3t+uQYdPuPP+WhpsVSEFqgMuzeoo2ZVbfvJUuQNiKvEx97VRe1CAhDasTIlkmN4Fj2Dxkia7nC1esYZd7YQ2LoeDGjyO7oA==</X509Certificate>
295 </X509Data>
296 </KeyInfo>
297 </KeyDescriptor>
298 <KeyDescriptor use="signing">
299 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
300 <X509Data>
301 <X509Certificate>MIIC9DCCAdygAwIBAgIQPUYupdctSKhFxrjyD5572DANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDEytBREZTIFNpZ25pbmcgLSBXSU4tOE5QUEcwME5BQlIuMms4c3NvLmxvY2FsMB4XDTE2MTAwNjIwMzUyMFoXDTE3MTAwNjIwMzUyMFowNjE0MDIGA1UEAxMrQURGUyBTaWduaW5nIC0gV0lOLThOUFBHMDBOQUJSLjJrOHNzby5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBy5neD7sTZ1LJ4ah5tBOYYXvLaTslgyCizqx7vRBsBi9Se+a2Wvo/0KuLe2LtTo4TGA9j0j/1fS4Je3zGDE3DJn4eodRH34XRIerHuTB8EzjarTE6uxWzpaLhnrzbfFi/BDVX7flf3YDavtmqWJGaKcI155zVl9+Iyp7YOXLpmZumsrVi5L8Xcb79C99T/ErMKS7tXLvBvPslKABqm7+09Btdu/JCpKpEL+dxKaGj2VRjz1nFgXZPZJ+37nPkThjt3IvAitYzQCIme926AXBoMnS09yG5QN9Y+i8Fk+2YbSkxQTf+6xnxk51NytIzF8VRumNjZu2moOp5THp+Um2UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADzxFG5vtFjnz8SBicenB11wODN6+MP3p+WZGy69eJcig/mq8C4OnOSY9CnQNVhEVgEL8RRmx9TQ3CWrX4QACCQOS9RDlULdczGNnN3hqkj4m/AtyFisbT1f0U+fBK1W3rEo1IqL0b189O7dPDFDr4lmZq7rc9IkbkPEoIR+saC9krUkEf7wBL0pA7hB591Hk5pxx58L4V5qYADoPinOfHM7/7A2N3TC+L21HerIDSzIHdVNb5dQp0BwU+E7A/6DqRtw74SyjPVIoPC/2HDwwhuDmV0/ve5ADSl9yYh06hdOrGg0khlP65N38BbZGYMRaul/EeIZTYNbzSVfBNORtaQ==</X509Certificate>
302 </X509Data>
303 </KeyInfo>
304 </KeyDescriptor>
305 <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://www.example.com/adfs/services/trust/artifactresolution" index="0"/>
306 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/"/>
307 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/"/>
308 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
309 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
310 <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
311 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/adfs/ls/"/>
312 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/adfs/ls/"/>
313 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/>
314 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/>
315 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/>
316 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN"/>
317 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name"/>
318 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address"/>
319 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group"/>
320 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN"/>
321 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role"/>
322 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname"/>
323 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID"/>
324 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/>
325 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp"/>
326 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method"/>
327 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID"/>
328 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID"/>
329 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID"/>
330 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID"/>
331 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID"/>
332 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID"/>
333 <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/>
334 </IDPSSODescriptor>
335 <ContactPerson contactType="support"/>
336</EntityDescriptor>