<?xml version="1.0" encoding="UTF-8"?>

<md:EntityDescriptor 
  xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
  xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  entityID="https://sp01.devtest.eduteams.org/saml/default-sp">

  <md:Extensions>
    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <!-- Required for R&S SPs -->
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
        
        <!-- Required for Production SPs -->
        <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue>
      </saml:Attribute>

      <!-- Required for SPs supporting Sirtfi -->
      <saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xsi:type="xs:string">https://refeds.org/sirtfi</saml:AttributeValue>
      </saml:Attribute>

      <!-- Required to signal the requirement for the release of subject-id -->
      <saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id:req" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue>any</saml:AttributeValue>
      </saml:Attribute>
    </mdattr:EntityAttributes>
  </md:Extensions>

  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false">
    <md:Extensions>
      <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
        <!-- Required: Change it for your SP -->
        <mdui:DisplayName xml:lang="en">eduTEAMS Test Service Provider (SP01)</mdui:DisplayName>

        <!-- Required: Change it for your SP -->
        <mdui:Description xml:lang="en">eduTEAMS Service Provider used in development and test environments (SP01)</mdui:Description>

        <!-- Required for Production: Change it for your SP -->
        <mdui:PrivacyStatementURL xml:lang="en">https://wiki.geant.org/display/eduTEAMS/Privacy+Policy</mdui:PrivacyStatementURL>

        <!-- Required: Change it for your SP -->
        <mdui:Logo width="200" height="200">https://www.eduteams.org/img/logo.png</mdui:Logo>
        <mdui:Logo width="16" height="16">https://www.eduteams.org/img/logo_small.png</mdui:Logo>

        <!-- Optional: Change it for your SP -->
        <mdui:InformationURL xml:lang="en">https://www.eduteams.org</mdui:InformationURL>
      </mdui:UIInfo>
    </md:Extensions>

    <!-- Required: Change it for your SP -->
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>....</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>

    <!-- Required: Change it for your SP -->
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>....</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>

    <!-- Optional: Change it for your SP -->
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sp01.devtest.eduteams.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp"/>
   
    <!-- Required -->
    <!-- 
    In the list below all the attributes are requested. If your SP 
    needs less attributes, the list has to be modified accordingly.
    Check the attributes supported by the AAI service you are using. 
    -->
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp01.devtest.eduteams.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="0"/>
    <md:AttributeConsumingService index="0">
      <md:ServiceName xml:lang="en">eduTEAMS Test Service Provider</md:ServiceName>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" FriendlyName="eduPersonUniqueId" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.25178.4.1.6" FriendlyName="voPersonID" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.5.4.42" FriendlyName="givenName" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.5.4.4" FriendlyName="sn" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:2.16.840.1.113730.3.1.241" FriendlyName="displayName" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" FriendlyName="mail" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.25178.4.1.11" FriendlyName="voPersonExternalAffiliation" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" FriendlyName="eduPersonScopedAffiliation" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" FriendlyName="eduPersonEntitlement" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" FriendlyName="eduPersonAssurance" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" FriendlyName="eduPersonOrcid" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" FriendlyName="eduPersonPrincipalName" isRequired="true"/>
      <md:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13" FriendlyName="sshPublicKey" isRequired="true"/>
    </md:AttributeConsumingService>
  </md:SPSSODescriptor>

  <!-- Required: Change it for your SP -->
  <md:Organization>
    <md:OrganizationName xml:lang="en">GEANT</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">GEANT</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">https://www.geant.org</md:OrganizationURL>
  </md:Organization>

  <!-- Required: Change it for your SP -->
  <md:ContactPerson contactType="administrative">
    <md:EmailAddress>mailto:admin@eduteams.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required: Change it for your SP -->
  <md:ContactPerson contactType="technical">
    <md:EmailAddress>mailto:support@eduteams.org</md:EmailAddress>
  </md:ContactPerson>

  <!-- Required for SPs supporting Sirtfi: Change it for your SP -->
  <md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
    <md:GivenName>eduTEAMS Service</md:GivenName>
    <md:EmailAddress>mailto:security@eduteams.org</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>