Save counter-example and test draft.

fisx · fisx · commit 50beb0637820 · 2025-05-14T13:57:54.000+02:00
diff --git a/libs/saml2-web-sso/test/Test/SAML2/WebSSO/APISpec.hs b/libs/saml2-web-sso/test/Test/SAML2/WebSSO/APISpec.hs
@@ -322,6 +322,26 @@ spec = describe "API" $ do
 
     vendorCompatibility "centrify.com" [uri|https://prod-nginz-https.wire.com/sso/finalize-login|]
 
--- TODO:
---  * onelogin
---  * jives [https://community.jivesoftware.com/docs/DOC-240217#jive_content_id_IdP_Metadata]
+  -- TODO:
+  --  * onelogin
+  --  * jives [https://community.jivesoftware.com/docs/DOC-240217#jive_content_id_IdP_Metadata]
+
+  focus . describe "simpleVerifyAuthnResponse, second attempt" $ do
+    let check :: FilePath -> FilePath -> Expectation
+        check metaFile respFile = do
+          resp :: LBS <- cs <$> readSampleIO respFile
+          assertions <- liftIO $ do
+            mIdpCfg :: Maybe (IdPConfig_) <- do
+              raw <- readSampleIO metaFile
+              pure (undefined raw)
+            ctx <- mkTestCtxSimple
+            modifyMVar_ ctx (pure . (ctxIdPs .~ maybeToList ((, SampleIdP undefined undefined undefined undefined) <$> mIdpCfg)))
+            ioFromTestSP ctx $ do
+              let mIssuer = (^. idpMetadata . edIssuer) <$> mIdpCfg
+              creds <- issuerToCreds mIssuer Nothing
+              simpleVerifyAuthnResponse creds resp
+
+          length assertions `shouldBe` 1
+
+    it "works" $ do
+      check "microsoft-azure-utf8-issue-metadata.base64" "microsoft-azure-utf8-issue-authentication-request.base64"
diff --git a/libs/saml2-web-sso/test/samples/microsoft-azure-utf8-issue-authentication-request.base64 b/libs/saml2-web-sso/test/samples/microsoft-azure-utf8-issue-authentication-request.base64
@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlIElEPSJfZWE3ZDI0NTctZDYwOS00ZTUyLTk4NDItMTZmNThlMTEwMDUyIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNS0wNS0xM1QxNDowNDozMi4zNjBaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zdGFnaW5nLW5naW56LWh0dHBzLnppbmZyYS5pby9zc28vZmluYWxpemUtbG9naW4iIEluUmVzcG9uc2VUbz0iXzQ2YTg0NzJjLWY3MjAtNDk0OS1iMjk0LTNkMWZhMjU4NGUyNiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvOTJiMjBkNTQtNmJkZC00Njg2LTkyODYtYzQ0ODY1ZjUwMjc3LzwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24gSUQ9Il85NGNmMGRmZS05MmQ3LTQxZjctYTFiZi02YjA4Njc2NjhmMDAiIElzc3VlSW5zdGFudD0iMjAyNS0wNS0xM1QxNDowNDozMi4zNTdaIiBWZXJzaW9uPSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48SXNzdWVyPmh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzkyYjIwZDU0LTZiZGQtNDY4Ni05Mjg2LWM0NDg2NWY1MDI3Ny88L0lzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PFJlZmVyZW5jZSBVUkk9IiNfOTRjZjBkZmUtOTJkNy00MWY3LWExYmYtNmIwODY3NjY4ZjAwIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48RGlnZXN0VmFsdWU+M08wSUtyU1Uvd1k5TldIZ0tscmlseEtvd0RSNk5zRXpYOGxYdkx6R1dFND08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+V3FSOHFVTGpMOEh0WXZyd0F1TXhNa1ZLcS94UkprQ0tYQlNFUmh6ajMxdXhUKzdiZWhxU1RYamY3VWc3SEJROGF0VURMTWQvdGs3ZkxXVHRuV3o1ek95blFJOFhTLzY2WWFMMUo4bUhpUVc5MExXR1E1WTFWMmNjWlpTeXJjMGlMbi9mYjhlVzA3dHdxaUxXZGJQaTFSWXZtSHNLRm01eTVrZXliYkxabkhTRDJLaWN5aGI2WUZadTlLUzFySE4wNXJBMzNIVUovaThZWHlDU1lTdXNvNlpBNFNqOThiTlRDbytKMnh5SUdQVGxTZm9UMFgyV3gzMzFsYnhnSVhQTnRqMzI5QUs2eGg3UTBlMUx2L2xZYlErclBOR2U4bXoyVDVOanordG4rek92NS8zenc4akJrMFk4bm0vN3I4R2s4bTRUZUJIb2ZlZGxIbkZ2OXpiYktnPT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUM4RENDQWRpZ0F3SUJBZ0lRR3g0RFoya2k3NjFQbE16UnZQWTJ1ekFOQmdrcWhraUc5dzBCQVFzRkFEQTBNVEl3TUFZRFZRUURFeWxOYVdOeWIzTnZablFnUVhwMWNtVWdSbVZrWlhKaGRHVmtJRk5UVHlCRFpYSjBhV1pwWTJGMFpUQWVGdzB5TlRBMU1UTXhNekV4TWpOYUZ3MHlPREExTVRNeE16RXhNak5hTURReE1qQXdCZ05WQkFNVEtVMXBZM0p2YzI5bWRDQkJlblZ5WlNCR1pXUmxjbUYwWldRZ1UxTlBJRU5sY25ScFptbGpZWFJsTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0cklNWWY3MEp6SUpRQndveE5RU3FNbThXYldGdTVvZUo0SHpqR21VQWM3VkxsTzNTTk9TUmhzQ283R0l0eGFyY0F6RkFTTGNrLzVsMm9rN0xBekk2T2U1ZmlkRTZnekRUT0pxalJIcDNLbW1ZYXJoeVdyalBEYkRadDRuSDNUaDdGbGpwOC9iL2lpL3dwNDlvd01hNkRzQTZCUlJTdmoxVytMTGdUUmJpd1hRZlZJTlBKSktRVDAza2pHblJUSUhrVXg1aUF3UWlQWlE0SEdneVJ0WmIxRmphRGdCSk9GL2JCT3IvQ2FNM3VZYjFYTlhLalVpZDgvS3V4bDdJYXRxb3N1bUlHa1pkSWVXV0ovaGZFUVZrcjBwVWltUlRtanc5ZTRGajJvM3NPY2kvSkF1cG9QS0p3R0x1ZEVRanRyZmI3QXhVeVhEWWp3UFlmUFl1eXVpOVFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJyTy8xb1RKL3pzbUc1Nm9qR1Rwb1R4RVdtNUdLZ1c1aGc5ZUpHRUdnNVN1MHJyaE9ndjA2VlpnUS96VVZRUnJWMUtZYXBmVXBoVkV1UHZ2MDEwNXJrUzVYSHBwWDFvRXIrdUdQaDF6SXhLbmxQeUhtN2V1WU9RZCtPM1FXcE4rSE83RC9GUUs4czhKa2lZY3pmT3pVQ25hcGh0ZWQ2cVJ1TGdKZDBIZCtTMS83VzE2QzNBdFZ0Uk1FalJLL3BZL2hEcXBHNFVaSzgwR2dmUzZpdWxvWXpTR3ZzaHRPZnRHcGIydUJ1Q0pRYUVpUFFta01vTW03dndVY3FjSFptOS9CSS9sdFNYdWRoQTZVWTJnemlhOEFWQ1hOUmZEc0hNYjlmREtnTW1DZkR2ZEFFT21DbTE1YXFIQW1NYXRSeDhoeEZ2c3B0dnBMOG9WUkg2dVlpRUdoLzwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxTdWJqZWN0PjxOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPmFyaWFuQHRpYWdvd2lyZS5vbm1pY3Jvc29mdC5jb208L05hbWVJRD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il80NmE4NDcyYy1mNzIwLTQ5NDk
diff --git a/libs/saml2-web-sso/test/samples/microsoft-azure-utf8-issue-metadata.base64 b/libs/saml2-web-sso/test/samples/microsoft-azure-utf8-issue-metadata.base64
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><EntityDescriptor ID="_df11156f-7953-48e4-9f64-7934c3479eb9" entityID="https://sts.windows.net/92b20d54-6bdd-4686-9286-c44865f50277/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_df11156f-7953-48e4-9f64-7934c3479eb9"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>3Vwy1k7AmqZ3EtCgZ23KLgmfCwrOvAI5Ob45rDZX2rw=</DigestValue></Reference></SignedInfo><SignatureValue>qHWEg849hSGMOSD6hXHH0nAUlar9U8Z1Zrt1Gq1q+gbztvXsV8+JdWdvvRZ0wBJ0e0ySFzRZ56a25QXZY+wqlzwwjxtZ6E7sgHyTZ8h0yNnCcXo9c7ItE8FipiaYAxcvlVvDHF3pjLM0YNEA/5LW8dZMoBODR6I0MhyzgnFEuuEjmcZ8taSOJx5TTcoQuDymVHZeMyeqSHpctT3vJMq20mlRqze8NK851hArLqwIASdMkY+rQ0cXlRTQSjdUBnhdtmH9lw6sCvZ/IbfxzsEAkS29FVOt5YKYkvvLey6WQb1x2C4NZaP5hTd5VazanvBeXMCbBtWRi4fOgjb+L1WVvA==</SignatureValue><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</ds:X509Certificate></ds:X509Data></ds:KeyInfo></Signature><RoleDescriptor xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706"><KeyDescriptor use="signing"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</X509Certificate></X509Data></KeyInfo></KeyDescriptor><fed:ClaimTypesOffered><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Name</auth:DisplayName><auth:Description>The mutable display name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Subject</auth:DisplayName><auth:Description>An immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Given Name</auth:DisplayName><auth:Description>First name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Surname</auth:DisplayName><auth:Description>Last name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/displayname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Display Name</auth:DisplayName><auth:Description>Display name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/nickname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Nick Name</auth:DisplayName><auth:Description>Nick name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Authentication Instant</auth:DisplayName><auth:Description>The time (UTC) when the user is authenticated to Windows Azure Active Directory.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Authentication Method</auth:DisplayName><auth:Description>The method that Windows Azure Active Directory uses to authenticate users.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/objectidentifier" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>ObjectIdentifier</auth:DisplayName><auth:Description>Primary identifier for the user in the directory. Immutable, globally unique, non-reusable.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/tenantid" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>TenantId</auth:DisplayName><auth:Description>Identifier for the user's tenant.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/identityprovider" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>IdentityProvider</auth:DisplayName><auth:Description>Identity provider for the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Email</auth:DisplayName><auth:Description>Email address of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Groups</auth:DisplayName><auth:Description>Groups of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/accesstoken" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>External Access Token</auth:DisplayName><auth:Description>Access token issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>External Access Token Expiration</auth:DisplayName><auth:Description>UTC expiration time of access token issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/openid2_id" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>External OpenID 2.0 Identifier</auth:DisplayName><auth:Description>OpenID 2.0 identifier issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/claims/groups.link" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>GroupsOverageClaim</auth:DisplayName><auth:Description>Issued when number of user's group claims exceeds return limit.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Role Claim</auth:DisplayName><auth:Description>Roles that the user or Service Principal is attached to</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/wids" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>RoleTemplate Id Claim</auth:DisplayName><auth:Description>Role template id of the Built-in Directory Roles that the user is a member of</auth:Description></auth:ClaimType></fed:ClaimTypesOffered><fed:SecurityTokenServiceEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:SecurityTokenServiceEndpoint><fed:PassiveRequestorEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:PassiveRequestorEndpoint></RoleDescriptor><RoleDescriptor xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706"><KeyDescriptor use="signing"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</X509Certificate></X509Data></KeyInfo></KeyDescriptor><fed:TargetScopes><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://sts.windows.net/92b20d54-6bdd-4686-9286-c44865f50277/</wsa:Address></wsa:EndpointReference></fed:TargetScopes><fed:ApplicationServiceEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:ApplicationServiceEndpoint><fed:PassiveRequestorEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:PassiveRequestorEndpoint></RoleDescriptor><IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><KeyDescriptor use="signing"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/saml2" /><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/saml2" /><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/saml2" /></IDPSSODescriptor></EntityDescriptor>

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+PHNhbWxwOlJlc3BvbnNlIElEPSJfZWE3ZDI0NTctZDYwOS00ZTUyLTk4NDItMTZmNThlMTEwMDUyIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNS0wNS0xM1QxNDowNDozMi4zNjBaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zdGFnaW5nLW5naW56LWh0dHBzLnppbmZyYS5pby9zc28vZmluYWxpemUtbG9naW4iIEluUmVzcG9uc2VUbz0iXzQ2YTg0NzJjLWY3MjAtNDk0OS1iMjk0LTNkMWZhMjU4NGUyNiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvOTJiMjBkNTQtNmJkZC00Njg2LTkyODYtYzQ0ODY1ZjUwMjc3LzwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24gSUQ9Il85NGNmMGRmZS05MmQ3LTQxZjctYTFiZi02YjA4Njc2NjhmMDAiIElzc3VlSW5zdGFudD0iMjAyNS0wNS0xM1QxNDowNDozMi4zNTdaIiBWZXJzaW9uPSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48SXNzdWVyPmh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzkyYjIwZDU0LTZiZGQtNDY4Ni05Mjg2LWM0NDg2NWY1MDI3Ny88L0lzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PFJlZmVyZW5jZSBVUkk9IiNfOTRjZjBkZmUtOTJkNy00MWY3LWExYmYtNmIwODY3NjY4ZjAwIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48RGlnZXN0VmFsdWU+M08wSUtyU1Uvd1k5TldIZ0tscmlseEtvd0RSNk5zRXpYOGxYdkx6R1dFND08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+V3FSOHFVTGpMOEh0WXZyd0F1TXhNa1ZLcS94UkprQ0tYQlNFUmh6ajMxdXhUKzdiZWhxU1RYamY3VWc3SEJROGF0VURMTWQvdGs3ZkxXVHRuV3o1ek95blFJOFhTLzY2WWFMMUo4bUhpUVc5MExXR1E1WTFWMmNjWlpTeXJjMGlMbi9mYjhlVzA3dHdxaUxXZGJQaTFSWXZtSHNLRm01eTVrZXliYkxabkhTRDJLaWN5aGI2WUZadTlLUzFySE4wNXJBMzNIVUovaThZWHlDU1lTdXNvNlpBNFNqOThiTlRDbytKMnh5SUdQVGxTZm9UMFgyV3gzMzFsYnhnSVhQTnRqMzI5QUs2eGg3UTBlMUx2L2xZYlErclBOR2U4bXoyVDVOanordG4rek92NS8zenc4akJrMFk4bm0vN3I4R2s4bTRUZUJIb2ZlZGxIbkZ2OXpiYktnPT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUM4RENDQWRpZ0F3SUJBZ0lRR3g0RFoya2k3NjFQbE16UnZQWTJ1ekFOQmdrcWhraUc5dzBCQVFzRkFEQTBNVEl3TUFZRFZRUURFeWxOYVdOeWIzTnZablFnUVhwMWNtVWdSbVZrWlhKaGRHVmtJRk5UVHlCRFpYSjBhV1pwWTJGMFpUQWVGdzB5TlRBMU1UTXhNekV4TWpOYUZ3MHlPREExTVRNeE16RXhNak5hTURReE1qQXdCZ05WQkFNVEtVMXBZM0p2YzI5bWRDQkJlblZ5WlNCR1pXUmxjbUYwWldRZ1UxTlBJRU5sY25ScFptbGpZWFJsTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0cklNWWY3MEp6SUpRQndveE5RU3FNbThXYldGdTVvZUo0SHpqR21VQWM3VkxsTzNTTk9TUmhzQ283R0l0eGFyY0F6RkFTTGNrLzVsMm9rN0xBekk2T2U1ZmlkRTZnekRUT0pxalJIcDNLbW1ZYXJoeVdyalBEYkRadDRuSDNUaDdGbGpwOC9iL2lpL3dwNDlvd01hNkRzQTZCUlJTdmoxVytMTGdUUmJpd1hRZlZJTlBKSktRVDAza2pHblJUSUhrVXg1aUF3UWlQWlE0SEdneVJ0WmIxRmphRGdCSk9GL2JCT3IvQ2FNM3VZYjFYTlhLalVpZDgvS3V4bDdJYXRxb3N1bUlHa1pkSWVXV0ovaGZFUVZrcjBwVWltUlRtanc5ZTRGajJvM3NPY2kvSkF1cG9QS0p3R0x1ZEVRanRyZmI3QXhVeVhEWWp3UFlmUFl1eXVpOVFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJyTy8xb1RKL3pzbUc1Nm9qR1Rwb1R4RVdtNUdLZ1c1aGc5ZUpHRUdnNVN1MHJyaE9ndjA2VlpnUS96VVZRUnJWMUtZYXBmVXBoVkV1UHZ2MDEwNXJrUzVYSHBwWDFvRXIrdUdQaDF6SXhLbmxQeUhtN2V1WU9RZCtPM1FXcE4rSE83RC9GUUs4czhKa2lZY3pmT3pVQ25hcGh0ZWQ2cVJ1TGdKZDBIZCtTMS83VzE2QzNBdFZ0Uk1FalJLL3BZL2hEcXBHNFVaSzgwR2dmUzZpdWxvWXpTR3ZzaHRPZnRHcGIydUJ1Q0pRYUVpUFFta01vTW03dndVY3FjSFptOS9CSS9sdFNYdWRoQTZVWTJnemlhOEFWQ1hOUmZEc0hNYjlmREtnTW1DZkR2ZEFFT21DbTE1YXFIQW1NYXRSeDhoeEZ2c3B0dnBMOG9WUkg2dVlpRUdoLzwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxTdWJqZWN0PjxOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPmFyaWFuQHRpYWdvd2lyZS5vbm1pY3Jvc29mdC5jb208L05hbWVJRD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il80NmE4NDcyYy1mNzIwLTQ5NDk
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+<?xml version="1.0" encoding="utf-8"?><EntityDescriptor ID="_df11156f-7953-48e4-9f64-7934c3479eb9" entityID="https://sts.windows.net/92b20d54-6bdd-4686-9286-c44865f50277/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_df11156f-7953-48e4-9f64-7934c3479eb9"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>3Vwy1k7AmqZ3EtCgZ23KLgmfCwrOvAI5Ob45rDZX2rw=</DigestValue></Reference></SignedInfo><SignatureValue>qHWEg849hSGMOSD6hXHH0nAUlar9U8Z1Zrt1Gq1q+gbztvXsV8+JdWdvvRZ0wBJ0e0ySFzRZ56a25QXZY+wqlzwwjxtZ6E7sgHyTZ8h0yNnCcXo9c7ItE8FipiaYAxcvlVvDHF3pjLM0YNEA/5LW8dZMoBODR6I0MhyzgnFEuuEjmcZ8taSOJx5TTcoQuDymVHZeMyeqSHpctT3vJMq20mlRqze8NK851hArLqwIASdMkY+rQ0cXlRTQSjdUBnhdtmH9lw6sCvZ/IbfxzsEAkS29FVOt5YKYkvvLey6WQb1x2C4NZaP5hTd5VazanvBeXMCbBtWRi4fOgjb+L1WVvA==</SignatureValue><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</ds:X509Certificate></ds:X509Data></ds:KeyInfo></Signature><RoleDescriptor xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706"><KeyDescriptor use="signing"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</X509Certificate></X509Data></KeyInfo></KeyDescriptor><fed:ClaimTypesOffered><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Name</auth:DisplayName><auth:Description>The mutable display name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Subject</auth:DisplayName><auth:Description>An immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Given Name</auth:DisplayName><auth:Description>First name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Surname</auth:DisplayName><auth:Description>Last name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/displayname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Display Name</auth:DisplayName><auth:Description>Display name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/nickname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Nick Name</auth:DisplayName><auth:Description>Nick name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Authentication Instant</auth:DisplayName><auth:Description>The time (UTC) when the user is authenticated to Windows Azure Active Directory.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Authentication Method</auth:DisplayName><auth:Description>The method that Windows Azure Active Directory uses to authenticate users.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/objectidentifier" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>ObjectIdentifier</auth:DisplayName><auth:Description>Primary identifier for the user in the directory. Immutable, globally unique, non-reusable.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/tenantid" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>TenantId</auth:DisplayName><auth:Description>Identifier for the user's tenant.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/identityprovider" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>IdentityProvider</auth:DisplayName><auth:Description>Identity provider for the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Email</auth:DisplayName><auth:Description>Email address of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Groups</auth:DisplayName><auth:Description>Groups of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/accesstoken" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>External Access Token</auth:DisplayName><auth:Description>Access token issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>External Access Token Expiration</auth:DisplayName><auth:Description>UTC expiration time of access token issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/openid2_id" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>External OpenID 2.0 Identifier</auth:DisplayName><auth:Description>OpenID 2.0 identifier issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/claims/groups.link" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>GroupsOverageClaim</auth:DisplayName><auth:Description>Issued when number of user's group claims exceeds return limit.</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>Role Claim</auth:DisplayName><auth:Description>Roles that the user or Service Principal is attached to</auth:Description></auth:ClaimType><auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/wids" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:DisplayName>RoleTemplate Id Claim</auth:DisplayName><auth:Description>Role template id of the Built-in Directory Roles that the user is a member of</auth:Description></auth:ClaimType></fed:ClaimTypesOffered><fed:SecurityTokenServiceEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:SecurityTokenServiceEndpoint><fed:PassiveRequestorEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:PassiveRequestorEndpoint></RoleDescriptor><RoleDescriptor xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706"><KeyDescriptor use="signing"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</X509Certificate></X509Data></KeyInfo></KeyDescriptor><fed:TargetScopes><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://sts.windows.net/92b20d54-6bdd-4686-9286-c44865f50277/</wsa:Address></wsa:EndpointReference></fed:TargetScopes><fed:ApplicationServiceEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:ApplicationServiceEndpoint><fed:PassiveRequestorEndpoint><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/wsfed</wsa:Address></wsa:EndpointReference></fed:PassiveRequestorEndpoint></RoleDescriptor><IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><KeyDescriptor use="signing"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGx4DZ2ki761PlMzRvPY2uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNTA1MTMxMzExMjNaFw0yODA1MTMxMzExMjNaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIMYf70JzIJQBwoxNQSqMm8WbWFu5oeJ4HzjGmUAc7VLlO3SNOSRhsCo7GItxarcAzFASLck/5l2ok7LAzI6Oe5fidE6gzDTOJqjRHp3KmmYarhyWrjPDbDZt4nH3Th7Fljp8/b/ii/wp49owMa6DsA6BRRSvj1W+LLgTRbiwXQfVINPJJKQT03kjGnRTIHkUx5iAwQiPZQ4HGgyRtZb1FjaDgBJOF/bBOr/CaM3uYb1XNXKjUid8/Kuxl7IatqosumIGkZdIeWWJ/hfEQVkr0pUimRTmjw9e4Fj2o3sOci/JAupoPKJwGLudEQjtrfb7AxUyXDYjwPYfPYuyui9QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBrO/1oTJ/zsmG56ojGTpoTxEWm5GKgW5hg9eJGEGg5Su0rrhOgv06VZgQ/zUVQRrV1KYapfUphVEuPvv0105rkS5XHppX1oEr+uGPh1zIxKnlPyHm7euYOQd+O3QWpN+HO7D/FQK8s8JkiYczfOzUCnaphted6qRuLgJd0Hd+S1/7W16C3AtVtRMEjRK/pY/hDqpG4UZK80GgfS6iuloYzSGvshtOftGpb2uBuCJQaEiPQmkMoMm7vwUcqcHZm9/BI/ltSXudhA6UY2gzia8AVCXNRfDsHMb9fDKgMmCfDvdAEOmCm15aqHAmMatRx8hxFvsptvpL8oVRH6uYiEGh/</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/saml2" /><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/saml2" /><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/92b20d54-6bdd-4686-9286-c44865f50277/saml2" /></IDPSSODescriptor></EntityDescriptor>