Produits Entr'ouvert » django-mellon

MELLON_FEDERATIONS

------------------

A list of dictionaries, only one key 'FEDERATION' is mandatory in those

dictionaries. It should contain the local path or the remote URL for the

metadata file describing the SAML-based federation to be loaded in mellon. Both

relative and absolute paths are supported.

Additional parameters can be given as key/value pairs in the dictionaries, on

a similar basis as the aforementioned MELLON_IDENTITY_PROVIDERS config.

For each dictionary describing a federation, these parameters will apply to

any successfully-loaded provider belonging to that federation.

These parameters also override the global settings.

from django.utils.text import slugify

from mellon.federation_utils import idp_metadata_store, url2filename, \

        idp_metadata_extract_entity_id, idp_metadata_is_cached, \

        idp_metadata_load, idp_settings_store, idp_settings_load

        idp = {}

        # First, check whether the provider is cached

        if idp_metadata_is_cached(entity_id):

            metadata_content = idp_metadata_load(entity_id)

            idp.update({'METADATA': metadata_content,

                   'ENTITY_ID': entity_id})

            # Extra settings loaded if the provider comes from a federation

            idp.update(idp_settings_load(entity_id) or {})

        # If not, try to fetch it from the mellon settings

        else:

            for idp in self.get_identity_providers_setting():

                if not idp.get('METADATA_URL') and not idp.get('METADATA'):

                    self.logger.error(u'missing METADATA or METADATA_URL in idp %s', idp or '')

                    continue

                elif 'METADATA_URL' in idp and 'METADATA' not in idp:

                    metadata = utils.get_metadata_from_url(idp)

                    if not metadata:

                        continue

                    idp['METADATA'] = metadata

                if 'ENTITY_ID' not in idp:

                    if idp['METADATA'].startswith('/') or idp['METADATA'].startswith('./'):

                    # In case the entity ID isn't provided in the settings, it

                    # needs to be fetched from the content of the metadata file

                        metadata_path = idp['METADATA']

                        if 'FEDERATION' in idp:

                            metadata_path = default_storage.path(metadata_path)

                        content = file(metadata_path).read()

                    else:

                        content = idp['METADATA']

                    idp['ENTITY_ID'] = idp_metadata_extract_entity_id(content)

                if idp['ENTITY_ID'] == entity_id:

                    break

        return idp.copy()

        # First, providers from federation as declared in the mellon settings

        for federation_data in self.get_federations():

            if not isinstance(federation_data, dict) or \

                    'FEDERATION' not in federation_data:

                continue

            fed_extra_attrs = federation_data.copy()

            # Federation can be declared as URLs. If so, their content needs

            # to be fetched and cached

            fed_filepath, _ = utils.get_federation_metadata(federation_data.get('FEDERATION'))

            try:

                tree = ET.parse(fed_filepath)

                root = tree.getroot()

                for child in root:

                    provider = {}

                    entity_id = idp_metadata_extract_entity_id(ET.tostring(child))

                    if not entity_id:

                        # The XML tag wasn't an IDPSSODescriptor

                        continue

                    # Store the metadata content in cache

                    provider['METADATA'] = idp_metadata_store(ET.tostring(child))

                    provider['ENTITY_ID'] = entity_id

                    # Add in each provider the federation-wise configuration

                    provider.update(fed_extra_attrs)

                    idp_settings_store(provider)

                    yield provider

            except:

                self.logger.error('Couldn\'t load federation metadata file %r',

                                  fed_filepath)

                continue

        # Then, the non-federated providers

        for extra_provider in app_settings.IDENTITY_PROVIDERS:

            yield extra_provider

    def get_federations(self):

        for federation in getattr(app_settings, 'FEDERATIONS', []):

            yield federation

                md_content = utils.get_metadata_from_url(idp)

                if not md_content:

                if 'FEDERATION' in idp:

                    # IdPs from federation are cached on filesystem

                    # only the filename is kept in memory

                    idp['METADATA'] = idp_metadata_store(md_content)

                    entity_id = idp.get('ENTITY_ID')

                    if not entity_id:

                        idp['ENTITY_ID'] = idp_metadata_extract_entity_id(md_content)

                    # load federation-specific configuration

                    idp.update(idp_settings_load(idp.get('ENTITY_ID')))

                else:

                    idp['METADATA'] = md_content

            elif idp.get('METADATA', '').startswith('/') or \

                    idp.get('METADATA', '').startswith('./') and \

                    'FEDERATION' not in idp:

                idp['METADATA'] = file(idp['METADATA']).read()

            elif not idp.get('METADATA'):

        'FEDERATIONS': [],

    @property

    def FEDERATIONS(self):

        from django.conf import settings

        if settings.hasattr('MELLON_FEDERATIONS'):

            federations = settings.MELLON_FEDERATIONS

        if isinstance(federations, dict):

            federations = [federations]

        return federations

        idps = []

            if hasattr(settings, 'MELLON_IDENTITY_PROVIDERS'):

                idps = settings.MELLON_IDENTITY_PROVIDERS

            elif not hasattr(settings, 'MELLON_FEDERATIONS'):

                raise AttributeError

            raise ImproperlyConfigured('Either the MELLON_IDENTITY_PROVIDERS '

                                       'or the MELLON_FEDERATIONS settings '

                                       'are mandatory')

import fcntl

import json

import lasso

import logging

import tempfile

from datetime import timedelta

from django.utils.text import slugify

from datetime import datetime

import requests

from xml.etree import ElementTree as ET

import os

import hashlib

import os.path

from django.core.files.storage import default_storage

def truncate_unique(s, length=250):

    if len(s) < length:

        return s

    md5 = hashlib.md5(s.encode('ascii')).hexdigest()

    # we should be the first and last characters from the URL

    l = (length - len(md5)) / 2 - 2  # four additional characters

    assert l > 20

    return s[:l] + '...' + s[-l:] + '_' + md5

def url2filename(url):

    return truncate_unique(slugify(url), 230)

def load_federation_cache(url):

    logger = logging.getLogger(__name__)

    try:

        filename = url2filename(url)

        path = os.path.join('metadata-cache', filename)

        unix_path = default_storage.path(path)

        dirname = os.path.dirname(unix_path)

        if not os.path.exists(dirname):

            os.makedirs(dirname)

        f = open(unix_path, 'w')

        try:

            fcntl.lockf(f, fcntl.LOCK_EX | fcntl.LOCK_NB)

        except IOError:

            return

        else:

            with tempfile.NamedTemporaryFile(dir=os.path.dirname(unix_path), delete=False) as temp:

                try:

                    # increase modified time by one hour to prevent too many updates

                    st = os.stat(unix_path)

                    os.utime(unix_path, (st.st_atime, st.st_mtime + 3600))

                    response = requests.get(url)

                    response.raise_for_status()

                    temp.write(response.content)

                    temp.flush()

                    os.rename(temp.name, unix_path)

                except:

                    logger.error('Could\'nt fetch %r', url)

                    os.unlink(temp.name)

                finally:

                    fcntl.lockf(f, fcntl.LOCK_UN)

        finally:

            f.close()

    except OSError:

        logger.exception(u"could create the intermediary 'metadata-cache' "

                         "folder")

        return

    except:

        logger.exception(u'failed to load federation from %s', url)

def get_federation_from_url(url, update_cache=False):

    logger = logging.getLogger(__name__)

    filename = url2filename(url)

    filepath = os.path.join('metadata-cache', filename)

    if not default_storage.exists(filepath) or update_cache or \

            default_storage.created_time(filepath) < datetime.now() - timedelta(days=1):

        load_federation_cache(url)

    else:

        logger.warning('federation %s has not been loaded', url)

    return default_storage.path(filepath)

def idp_metadata_filepath(entity_id):

    filename = url2filename(entity_id)

    filepath = os.path.join('./metadata-cache', filename)

    return filepath

def idp_settings_filepath(entity_id):

    filename = url2filename(entity_id) + "_settings.json"

    filepath = os.path.join('./metadata-cache', filename)

    return filepath

def idp_metadata_is_cached(entity_id):

    filepath = idp_metadata_filepath(entity_id)

    if not default_storage.exists(filepath):

        return False

    return True

def idp_metadata_is_file(metadata):

    # XXX too restrictive (e.g. 'metadata/http-somemetadataserver-com-md00.xml'

    # could be a file too...)

    # On the opposite, `if "http://" in metadata or "https://" in metadata:" is

    # equally restrictive.

    # Using a URLValidator doesn't seem adequate either.

    if metadata.startswith('/') or metadata.startswith('./'):

        return True

def idp_metadata_needs_refresh(entity_id, update_cache=False):

    filepath = idp_metadata_filepath(entity_id)

    if not default_storage.exists(filepath) or update_cache or \

            default_storage.created_time(filepath) < datetime.now() - timedelta(days=1):

        return True

    return False

def idp_settings_needs_refresh(entity_id, update_cache=False):

    filepath = idp_settings_filepath(entity_id)

    if not default_storage.exists(filepath) or update_cache or \

            default_storage.created_time(filepath) < datetime.now() - timedelta(days=1):

        return True

    return False

def idp_metadata_store(metadata_content):

    entity_id = idp_metadata_extract_entity_id(metadata_content)

    if not entity_id:

        return

    logger = logging.getLogger(__name__)

    filepath = idp_metadata_filepath(entity_id)

    dirname = os.path.dirname(filepath)

    if not default_storage.exists(dirname):

        os.makedirs(default_storage.path(dirname))

    if idp_metadata_needs_refresh(entity_id):

        with open(default_storage.path(filepath), 'w') as f:

            try:

                fcntl.lockf(f, fcntl.LOCK_EX | fcntl.LOCK_NB)

                f.write(metadata_content)

                fcntl.lockf(f, fcntl.LOCK_UN)

            except:

                logger.error('Couldn\'t store metadata for EntityID %r',

                        entity_id)

                return

    return default_storage.path(filepath)

def idp_metadata_load(entity_id):

    logger = logging.getLogger(__name__)

    filepath = idp_metadata_filepath(entity_id)

    if default_storage.exists(filepath):

        logger.info('Loading metadata for EntityID %r', entity_id)

        with open(default_storage.path(filepath), 'r') as f:

            return f.read()

    else:

        logger.warning('No metadata file for EntityID %r', entity_id)

def idp_settings_store(idp):

    """

    Stores an IDP settings when loaded from a federation.

    """

    logger = logging.getLogger(__name__)

    entity_id = idp.get('ENTITY_ID')

    filepath = idp_settings_filepath(entity_id)

    idp_settings = {}

    if not entity_id:

        return

    dirname = os.path.dirname(filepath)

    if not default_storage.exists(dirname):

        os.makedirs(default_storage.path(dirname))

    for key, value in idp.items():

        if key not in ('METADATA', 'ENTITY_ID'):

            idp_settings.update({key: value})

    if idp_settings_needs_refresh(entity_id) and idp_settings:

        with open(default_storage.path(filepath), 'w') as f:

            try:

                fcntl.lockf(f, fcntl.LOCK_EX | fcntl.LOCK_NB)

                f.write(json.dumps(idp_settings))

                fcntl.lockf(f, fcntl.LOCK_UN)

            except:

                logger.error('Couldn\'t store settings for EntityID %r',

                        entity_id)

def idp_settings_load(entity_id):

    logger = logging.getLogger(__name__)

    filepath = idp_settings_filepath(entity_id)

    if default_storage.exists(filepath):

        logger.info('Loading JSON settings for EntityID %r', entity_id)

        with open(default_storage.path(filepath), 'r') as f:

            try:

                idp_settings = json.loads(f.read())

            except:

                logger.warning('Couldn\'t load JSON settings for EntityID %r',

                        entity_id)

            else:

                return idp_settings

    else:

        logger.warning('No JSON settings file for EntityID %r', entity_id)

    return {}

def idp_metadata_extract_entity_id(metadata_content):

    logger = logging.getLogger(__name__)

    try:

        doc = ET.fromstring(metadata_content)

    except (TypeError, ET.ParseError):

        logger.error(u'METADATA of idp %r is invalid', metadata_content)

        return

    if doc.tag != '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF:

        logger.error(u'METADATA of idp %r has no EntityDescriptor root tag',

                metadata_content)

        return

    if not 'entityID' in doc.attrib:

        logger.error(

                u'METADATA of idp %r has no entityID attribute on its root tag',

                metadata_content)

        return

    return doc.attrib['entityID']

import requests

import requests.exceptions

from django.core.exceptions import ValidationError

from django.core.validators import URLValidator

from federation_utils import get_federation_from_url, idp_metadata_is_file, \

        idp_metadata_load, idp_metadata_extract_entity_id

    metadata = create_metadata(request)

    if app_settings.PRIVATE_KEY:

        private_key = app_settings.PRIVATE_KEY

        private_key_password = app_settings.PRIVATE_KEY_PASSWORD

    elif app_settings.PRIVATE_KEYS:

        private_key = app_settings.PRIVATE_KEYS[0]

        private_key_password = None

        if isinstance(private_key, (tuple, list)):

            private_key_password = private_key[1]

            private_key = private_key[0]

    else:  # no signature

        private_key = None

        private_key_password = None

    server = lasso.Server.newFromBuffers(metadata, private_key_content=private_key,

                                         private_key_password=private_key_password)

    server.setEncryptionPrivateKeyWithPassword(private_key, private_key_password)

    private_keys = app_settings.PRIVATE_KEYS

    # skip first key if it is already loaded

    if not app_settings.PRIVATE_KEY:

        private_keys = app_settings.PRIVATE_KEYS[1:]

    for key in private_keys:

        password = None

        if isinstance(key, (tuple, list)):

            password = key[1]

            key = key[0]

        server.setEncryptionPrivateKeyWithPassword(key, password)

    return server

def get_federation_metadata(federation):

    logger = logging.getLogger(__name__)

    fedmd = None

    pemcert = None

    if (isinstance(federation, tuple) and len(federation) == 2):

        logger.info('Loading local cert-based federation %r',

                    federation)

        if federation[1].endswith('.pem'):

            fedmd = federation[0]

            pemcert = federation[1]

    else:

        urlval = URLValidator()

        try:

            urlval(federation)

        except ValidationError:

            logger.info('Loading file-based federation %s',

                        federation)

            fedmd = federation

        else:

            logger.info('Fetching and loading url-based federation %s',

                        federation)

            fedmd = get_federation_from_url(federation)

    return (fedmd, pemcert)

def create_login(request, server=None):

    if not server:

        server = create_server(request)

def get_federations():

    for adapter in get_adapters():

        if hasattr(adapter, 'get_federations'):

            for federation in adapter.get_federations():

                yield federation

def create_logout(request, server=None):

    if not server:

        server = create_server(request)

def recreate_server(request, remote_provider_id=None):

    def add_provider_from_idp(server, idp):

        logger = logging.getLogger(__name__)

        metadata = idp.get('METADATA')

        entity_id = idp.get('ENTITY_ID')

        try:

            if 'FEDERATION' in idp and idp_metadata_is_file(metadata):

                # Federated IdPs have their own cache management:

                if idp_metadata_is_file(metadata):

                    if not entity_id:

                        entity_id = idp_metadata_extract_entity_id(metadata)

                    server.addProviderFromBuffer(

                            lasso.PROVIDER_ROLE_IDP,

                            idp_metadata_load(entity_id))

            elif metadata.startswith('/') or metadata.startswith('./'):

                # Simply call the adequate built-in lasso routine

                server.addProvider(lasso.PROVIDER_ROLE_IDP, metadata)

            else:

                # The metadata supplied is directly the content buffer:

                server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, metadata)

        except lasso.ServerAddProviderFailedError as e:

            logger.error('Error %s: Failed to load idp %s', e, metadata)

    if remote_provider_id:

        server = create_server(request)

        idp = get_idp(remote_provider_id)

        idp_metadata = idp.get('METADATA')

        if not idp_metadata:

            return server

        add_provider_from_idp(server, idp)

    else:

        # No remote provider identifier was provided, but the server still needs

        # to be recreated:

        server = create_server(request)

        for idp in get_idps():

            add_provider_from_idp(server, idp)

    return server

def get_metadata_from_url(idp):

    logger = logging.getLogger(__name__)

    verify_ssl_certificate = get_setting(

        idp, 'VERIFY_SSL_CERTIFICATE')

    try:

        response = requests.get(idp['METADATA_URL'], verify=verify_ssl_certificate)

        response.raise_for_status()

    except requests.exceptions.RequestException as e:

        logger.error(

                u'retrieval of metadata URL %r failed with error %s',

                idp['METADATA_URL'], e)

    else:

        return response.content

from . import app_settings, utils, federation_utils

        worth_trying_again = True

        num_tries = 0

        while worth_trying_again:

            try:

                login.processAuthnResponseMsg(request.POST['SAMLResponse'])

                login.acceptSso()

            except lasso.ProfileCannotVerifySignatureError:

                worth_trying_again = False

                self.log.warning('SAML authentication failed: signature validation failed for %r',

                                 login.remoteProviderId)

            except lasso.ParamError:

                worth_trying_again = False

                self.log.exception('lasso param error')

            except (lasso.LoginStatusNotSuccessError,

                    lasso.ProfileStatusNotSuccessError,

                    lasso.ProfileRequestDeniedError):

                worth_trying_again = False

                self.show_message_status_is_not_success(login, 'SAML authentication failed')

            except (lasso.ProfileUnknownProviderError,

                    lasso.ServerProviderNotFoundError) as e:

                if num_tries == 1:

                    raise e

                server = utils.recreate_server(request, login.remoteProviderId)

                self.profile = login = utils.create_login(request, server)

                num_tries += 1

            except lasso.Error as e:

                return HttpResponseBadRequest('error processing the authentication response: %r' % e)

            else:

                if 'RelayState' in request.POST and utils.is_nonnull(request.POST['RelayState']):

                    login.msgRelayState = request.POST['RelayState']

                return self.sso_success(request, login)

        num_tries = 0

        while num_tries < 2:

            try:

                login.initRequest(message, method)

            except lasso.ProfileInvalidArtifactError:

                self.log.warning(u'artifact is malformed %r', artifact)

                return HttpResponseBadRequest(u'artifact is malformed %r' % artifact)

            except (lasso.ProfileUnknownProviderError,

                    lasso.ServerProviderNotFoundError,

                    lasso.ProfileInvalidArtifactError) as e:

                if num_tries == 1:

                    raise e

                server = utils.recreate_server(request, login.remoteProviderId)

                self.profile = login = utils.create_login(request, server)

                if relay_state and utils.is_nonnull(relay_state):

                    login.msgRelayState = relay_state

            except lasso.ProfileInvalidArtifactError:

                self.log.warning(u'artifact is malformed %r', artifact)

                return HttpResponseBadRequest(u'artifact is malformed %r' % artifact)

            except lasso.ServerProviderNotFoundError:

                self.log.warning('no entity id found for artifact %s', artifact)

                return HttpResponseBadRequest(

                    'no entity id found for this artifact %r' % artifact)

            num_tries += 1

        self.log.debug('authenticating to %r', idp.get('ENTITY_ID') or idp['METADATA'])

        entity_id = idp.get('ENTITY_ID') or federation_utils.idp_metadata_extract_entity_id(idp.get('METADATA'))

        num_tries = 0

        while num_tries < 2:

            try:

                login.initAuthnRequest(entity_id, lasso.HTTP_METHOD_REDIRECT)

            except (lasso.ProfileUnknownProviderError,

                    lasso.ServerProviderNotFoundError) as e:

                if num_tries == 1:

                    raise e

                server = utils.recreate_server(request, login.remoteProviderId)

                self.profile = login = utils.create_login(request, server)

            except lasso.Error as e:

                return HttpResponseBadRequest('error initializing the authentication request: %r' % e)

            num_tries += 1

        num_tries = 0

        while num_tries < 2:

            try:

                logout.processRequestMsg(request.META['QUERY_STRING'])

            except (lasso.ProfileUnknownProviderError,

                    lasso.ServerProviderNotFoundError) as e:

                if num_tries == 1:

                    raise e

                server = utils.recreate_server(request, logout.remoteProviderId)

                self.profile = logout = utils.create_logout(request, server)

            except lasso.Error as e:

                return HttpResponseBadRequest('error processing logout request: %r' % e)

            num_tries += 1

        num_tries = 0

        worth_trying_again = True

        while worth_trying_again:

            try:

                logout.processResponseMsg(request.META['QUERY_STRING'])

            except lasso.ProfileStatusNotSuccessError:

                self.show_message_status_is_not_success(logout, 'SAML logout failed')

                worth_trying_again = False

            except lasso.LogoutPartialLogoutError:

                self.log.warning('partial logout')

                worth_trying_again = False

            except (lasso.ProfileUnknownProviderError,

                    lasso.ServerProviderNotFoundError) as e:

                if num_tries == 1:

                    raise e

                server = utils.recreate_server(request, logout.remoteProviderId)

                self.profile = logout = utils.create_logout(request, server)

            except lasso.Error as e:

                self.log.warning('unable to process a logout response: %s', e)

                return HttpResponseRedirect(resolve_url(settings.LOGIN_REDIRECT_URL))

            num_tries += 1

          'pytz',

# XXX temporary workaround

#     non-federated IdPs shouldn't have their MD cached

@pytest.fixture(autouse=True)

def mellon_settings(settings, tmpdir):

        settings.MEDIA_ROOT = str(tmpdir)

<?xml version="1.0" encoding="UTF-8" standalone="no"?><md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:pyff="http://pyff.io/NS" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xrd="http://docs.oasis-open.org/ns/xri/xrd-1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_20171018T113001Z" Name="https://federation.renater.fr/" cacheDuration="PT1H" validUntil="2017-10-27T11:30:01Z"><ds:Signature>

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<ds:Reference URI="">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>JKdLdd5yGvkFdb1fCAByMMnurIKYhZepRouZfOjIUrg=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

OTexfi8c63TsP1V9j5m6digA2NomUfqBtT8pPKhwdqEDQS5qLh6fxvT+wWkP6JaIhkP8nxwpbArl

7cUHkRv5ibZzcknIAjXYMhsSTtFQUq89OMcDHtZHG54jiKyHPhu2+XEbvv6DsAYanYC6SHEnGjNG

opnOEUB2XqeycsvvTQQIuWZEoABTVcKYyk2CW7Ij5EUmPOAPiidtbt8lzrtkV6dwLbkyoEbChAyj

emrL/oS01aJgT9sQoJxR8lyRMGiZ/BwQqYTareiKwOXLPdGThzsfZXD8de9T1xuysILaAM7sHPJV

QfrQJm80Zo2MM/GnhJTO9rc4m3kRnRhqmA6qMw==

</ds:SignatureValue>

<ds:KeyInfo>

<ds:KeyValue>

<ds:RSAKeyValue>

<ds:Modulus>

71+vTf66BPgYUF7sm4T++W69qMVyGQn9wNqpBLc6sp53eq/JRTOUD26Yehjsld5qN52Bv2r5QG7o

4VU123akXUYzupvq1f+tmF9NwYa7MPEPFzCzJHhNXjZNRxcsW1WLW34fhQCm0oak3oSPoNo5qeGi

jNsTSkgSt1mPH0P8d95af2VJnT6zbrclxvH4emqpT9oGLsWqKWLlIbZ7u1PUjuNVwLHuj909/apm

C13RBIpV52fey4qey34bnRHdCTknZeN/TJLTJ9hMWzz9TbdjfIFaiF7MeY+OYRXzUJeQuHHMu/2I

emkoR26mYi6irvmx8AdPcPCwcRKw2Ca4xLhbNw==

</ds:Modulus>

<ds:Exponent>AQAB</ds:Exponent>

</ds:RSAKeyValue>

</ds:KeyValue>

<ds:X509Data>

<ds:X509Certificate>

MIIC9zCCAd+gAwIBAgIEfe6j3jANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFTQU1MIE1ldGFk

YXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMTYwNzI5MDczNjM4WhcNMjYwNjA3MDczNjM4WjAs

MSowKAYDVQQDEyFTQU1MIE1ldGFkYXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3

DQEBAQUAA4IBDwAwggEKAoIBAQDvX69N/roE+BhQXuybhP75br2oxXIZCf3A2qkEtzqynnd6r8lF

M5QPbph6GOyV3mo3nYG/avlAbujhVTXbdqRdRjO6m+rV/62YX03Bhrsw8Q8XMLMkeE1eNk1HFyxb

VYtbfh+FAKbShqTehI+g2jmp4aKM2xNKSBK3WY8fQ/x33lp/ZUmdPrNutyXG8fh6aqlP2gYuxaop

YuUhtnu7U9SO41XAse6P3T39qmYLXdEEilXnZ97Lip7LfhudEd0JOSdl439MktMn2ExbPP1Nt2N8

gVqIXsx5j45hFfNQl5C4ccy7/Yh6aShHbqZiLqKu+bHwB09w8LBxErDYJrjEuFs3AgMBAAGjITAf

MB0GA1UdDgQWBBTT88iZzWO+hN9SBUkpx871lmTuLTANBgkqhkiG9w0BAQsFAAOCAQEABoPpODry

XwiM5jjtqk6veR02FevCKHpZP6Od7Kqcfs6lg5LcQmGUOgpmW3Gg4UMjBYkgARsT2Nsnah1CJqa8

cjvv8p5KEIhY0hVS8iMJnrb3PDeiFSeP4xSfct/6z/ebV4+QFl22bsm2zpAC6BpFz8+IJ/jAmQzT

Vob4MAUeQPnwwzm3xz6yanLZx7BK5cfrTCa+hrarNQCboRjXPwiejF8WRCxpgRHH6yNs5QH/Z6o5

e3tUP7uEpn2Ob+kcLsEMGb9DghkoDAgkHCOZeTy+7hgxt+/T94cLTa58gVtvEOnd0GuL7Vfd+IVd

XgSard8RfR3OyZlf6M4aSGQA73sskQ==

</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</ds:Signature><md:EntityDescriptor entityID="https://aishib.agropolis.fr/idp/shibboleth">

			<md:Extensions>

				<mdrpi:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2013-06-06T11:49:20Z">

					<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>

				</mdrpi:RegistrationInfo>

			</md:Extensions>

		<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">

			<md:Extensions>

    				<shibmd:Scope regexp="false">agropolis.fr</shibmd:Scope>

			    <mdui:UIInfo>

			      <mdui:DisplayName xml:lang="en">Agropolis International</mdui:DisplayName>

			      <mdui:Logo height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAACPUlEQVQoz21SPW8TQRR8u7d3ju34Er6UCHACRqK4Bjk0oDSEjiYSBQVS8k9AkWgp+AuUASGEaCASkoPcgARVMF8iTnxJwMFJfL47397u3u6jsGVFwLzmFTN6ozdDEBEAAOD4kiRJsVgkhMA/YMfZzc3NVstnzGq1/KXlJfgf2Ii9XquVZ2YWbi5Io4MsbfPeZK4wRm0AOH6KICIivq2tV6/O5cYLHztbW9FvYTKuZaLk7PjpW+UrJXtspCHGmGazCQBnZ8svtj/0tbAINYhcy1DyThpRhHtztyedwkBDAWBnZ6dSqbzZ+7THu0IraTJplDSZ0JnQ2Y+482jj1cgSRUTHdrhW9fa3SKaxErFKIyUiKaIsjVQaKf5s631HxP1+X2vNwjB0J9zd+OgnD044Ra4lI5ZBw7XqyeRQREciaqe9xoE/K/OFfIENnqBM1uZBqlWBOYxQjYZnqieTThru8zCU3AASIAjIXNellGLePkjCUPICy1mEDAShSg7SqCsTBtQ7WfY3vlarVUYpdUsuAs5PXV7dfpe3HEYtjSbNZJwJoRUi3rl4fSrvfufctm0ySA0RD0V84+WDL1EbCCDCYIDApeKZ+uKK6faDIPA8jw7jIORUbry2eH+5Mu8ARTSAkCPW3QvX6osrE+B8bjQ8zxu2aACDaIwxxuzzsLbbePj88a8k0Mb4vr/2ei3LMoOIiGRU0iGGVuDp6pNz5fNSiKnpac/zgAABMuzSXwIggIjdbrdUKjHGYGQaAAD+AJBJecXxnEvWAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjQ4OjE1KzAyOjAwpWiGMQAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo0ODoxNSswMjowMNQ1Po0AAAAASUVORK5CYII=</mdui:Logo>

			      <mdui:InformationURL xml:lang="fr">http://www.agropolis.fr</mdui:InformationURL>

          		      <mdui:DisplayName xml:lang="fr">Agropolis International</mdui:DisplayName>

      			    </mdui:UIInfo>

			</md:Extensions>

				<md:KeyDescriptor use="signing">

<ds:KeyInfo>

					  <ds:X509Data>

					    <ds:X509Certificate>

					      MIIDNzCCAh+gAwIBAgIUYY3sGXwChkj2CRy6QFDvkdj2zlAwDQYJKoZIhvcNAQEF

BQAwHjEcMBoGA1UEAxMTYWlzaGliLmFncm9wb2xpcy5mcjAeFw0xMzA1MTUxMzM3

MTJaFw0zMzA1MTUxMzM3MTJaMB4xHDAaBgNVBAMTE2Fpc2hpYi5hZ3JvcG9saXMu

ZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxrDy6lrhIBjcxv16n

4UJ2cEMYPO4wSmfDwhO6feoSIEuIblYRHE2nQKirMokwD6seF4rbDHyxLXg/ColL

VLv+0CJteIOZjSCgSN90WzQRrC1Ex5sJfPu6yPEXvW8H1906gEg6ok8rlCIHRGfE

15pHK5eqxQS5f2n8c2t/Uk33/FBj79/hb3Cd7vE4mdlvReD3AFswC0lV4bPmj3Ka

KUuMj9xwipwnfWCu6p2/ZJF4M3ADU5grXHJ2Vqmd8DWm5raaObKjYwJddbRBByI8

bJJLIwAQQmX4Dh4hf1QKlf2oqWPWVQxLQp0erL1U8IWmj1RG8TTH9xOJl6kkEhYq

Z2gfAgMBAAGjbTBrMEoGA1UdEQRDMEGCE2Fpc2hpYi5hZ3JvcG9saXMuZnKGKmh0

dHBzOi8vYWlzaGliLmFncm9wb2xpcy5mci9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4E

FgQU9A7iQ8Qo+t2JCpKuOOV9YBoYs4MwDQYJKoZIhvcNAQEFBQADggEBAG0LOW6I

F+M8n2NpzyQjfVCJCA6QhWjbXrfemiPJFZGZZb2dVmHof4yCpCUYgHOBoZaXPOlB

nLYsUWvFZ6V2GELZpLHzHSSrYidieW07qQkh1DwcIYpvtZgLviOtT/tCEGsk925f

DUoGdeIqpqt54WZcW9+TbKicvjg3JT4BFOQ17bFNwPW+YjTbvsWYxen+e0mRp4vM

V0yMu2f3bccVhePASSZGL3yod3sJ1dPvlrJO9c35BekhtirolVjZqMQ0AYPVifua

yIU0dWXsZkAOcBL9kZFbJcYRUIxMgvp8U2Zdv1+ZlwOyXnnWDOOh9wjuT7FAyObU

ChvjHlgZHkvLwJI=

					    </ds:X509Certificate>

					  </ds:X509Data>

					</ds:KeyInfo>

				</md:KeyDescriptor>

			<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

			<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

			<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://aishib.agropolis.fr/idp/profile/SAML2/POST/SSO"/>

	        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://aishib.agropolis.fr/idp/profile/SAML2/Redirect/SSO"/>

			<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://aishib.agropolis.fr/idp/profile/Shibboleth/SSO"/>

		</md:IDPSSODescriptor>

		<md:Organization>

			<md:OrganizationName xml:lang="en">Agropolis International</md:OrganizationName>

			<md:OrganizationDisplayName xml:lang="en">Agropolis International</md:OrganizationDisplayName>

			<md:OrganizationURL xml:lang="en">http://www.agropolis.fr</md:OrganizationURL>

		</md:Organization>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Jean Cerda</md:SurName>

				 <md:EmailAddress>cerda@agropolis.fr</md:EmailAddress>

		        </md:ContactPerson>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Jean-Pierre  Allano</md:SurName>

				 <md:EmailAddress>allano@agropolis.fr</md:EmailAddress>

		        </md:ContactPerson>

	</md:EntityDescriptor><md:EntityDescriptor entityID="https://ambre.vetagro-sup.fr/idp/shibboleth">

			<md:Extensions>

				<mdrpi:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2013-01-14T16:11:53Z">

					<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>

				</mdrpi:RegistrationInfo>

			</md:Extensions>

		<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">

			<md:Extensions>

    				<shibmd:Scope regexp="false">vetagro-sup.fr</shibmd:Scope>

			    <mdui:UIInfo>

			      <mdui:DisplayName xml:lang="en">Vetagro Sup</mdui:DisplayName>

			      <mdui:Logo height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAAB/klEQVQ4y2NkQAP///+X+/jxI/PO7dujP3/7kf7v778ffDzciw2MDFaqq6t/Y2RkfIysngndAEZGxkezZ8/25xEQqVDTs5eRVrNU4RQUL7x9+7YtumasBjAwMDBISIgbcvBKct998p7h1fvfDKyc4nz//jF6yjAwSBNlwM+fP3/9/PmT4dbl4wysrCwMf//9Z/r7959UcFISD1EGPH107xgfD9sbTg52hrcvHjDw87Aw/Pz+7tLEefNuEmWAm6ffxvu3Ll4zMjZleHz/KsO7lw+f3bh+czs2tVgNsLS0fPfs4b3VnKy//wrycW84e2L/uobmtg0MpIKurt6N////Z8jPzxcnWTMDAwPD79//tbq7+9bhU8OMTfD//8cMP79L1X/8tjxMQYHXT0Uh88aBgyuvEW3Aly+8ntw8jLU3bx20cnH/xPz2jTyvk9OGpTt3NhIOxP//GRgkJGR8tPVeyElIvWA4dfIqg57Bff0nD+eHExULIb5dqkYmYgYm5r8YPH3vMzx//omBk+edpI4+vxVRBnz5zPqbi4vt7a9fv//9+cvAYG79jIGZmZWBg4NJiCgDdh4sfHD/7u9j714Z/BYWiGBQVkxjePNK8+erV5+uYDOABTMM/nP09y9Z8+OHgNjli9ahf//++8vGwrlAS0tp/v///7kYGRm/IasHAIVTy8DG/VpJAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjUwOjA5KzAyOjAwfDtz7wAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo1MDowOSswMjowMA1my1MAAAAASUVORK5CYII=</mdui:Logo>

			      <mdui:InformationURL xml:lang="fr">http://www.vetagro-sup.fr</mdui:InformationURL>

          		      <mdui:DisplayName xml:lang="fr">Vetagro Sup</mdui:DisplayName>

      			    </mdui:UIInfo>

			</md:Extensions>

				<md:KeyDescriptor use="signing">

<ds:KeyInfo>

					  <ds:X509Data>

					    <ds:X509Certificate>

					      MIIDPDCCAiSgAwIBAgIVAL9PsuadPSIZcMHNxlK/oevezmzWMA0GCSqGSIb3DQEB

BQUAMB8xHTAbBgNVBAMTFGFtYnJlLnZldGFncm8tc3VwLmZyMB4XDTEyMTEwODEw

MTQwNFoXDTMyMTEwODEwMTQwNFowHzEdMBsGA1UEAxMUYW1icmUudmV0YWdyby1z

dXAuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc/ptfpmkomwmT

4RsID+1Ce1dX0eUjcLgSOZN8hVpHWLag2ERWkpmvB5aK7BAFcI5i//Gk80tAiasu

JtlZhBnEw54aTJRGpyL2CVkHyl6SMRxprIi1Ji67IoGqEgUeGaheAxo+tG5e1WSc

bIbldcSKdwvjAV+7HSB4C6NqLsAzJH25++yaRH2uf2LTD0TDzNR9Q2hVj/VyYWR+

K3HWI1Snjn/i7aFfZZhYmBkwHuQOaPhwCM+khikg5XicMsxUhHCMi93UgHGIsdkr

IEGj4xydBTUKsLaykeuFS8EgXbWwCLGkeX76w8xDoFIpnppU/yFd9v7Zg3EBfn4p

kTW3GdIjAgMBAAGjbzBtMEwGA1UdEQRFMEOCFGFtYnJlLnZldGFncm8tc3VwLmZy

hitodHRwczovL2FtYnJlLnZldGFncm8tc3VwLmZyL2lkcC9zaGliYm9sZXRoMB0G

A1UdDgQWBBTPTqWkVHrHXFjmxMWkNt/sp2h5ozANBgkqhkiG9w0BAQUFAAOCAQEA

FvXMtfBUmRZCzz8CjanGzr1TBUPmnkrKci5AtkseKw9YlfUmBXTHB01y697nYq6m

RB6KhvfW212h9CF0IOEEjoadgDhXqGYhq8PnAOtT4Ty3XDy8SbRh8aQWfvnfSngv

FdpHRiSpj5UXXuT5zTtkf59h58XKtEfCkMbUzvdOgUobJzpD0WISmQHPQnx+Neg6

9j7oMRrDiZjS39Om8Imu9xvsnddDM3PlsDBIsvrr1o7K5iLkEdR1YYX0ZNDbiFuw

QXXl2dwQPB8KrScPUvCe57slU2gFQvvIBzjQysxC6V6TPSuM3A/ee56lACuB3jKj

oYkHQc5Gj/1rSMLmu9aLMg==

					    </ds:X509Certificate>

					  </ds:X509Data>

					</ds:KeyInfo>

				</md:KeyDescriptor>

			<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

			<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

			<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ambre.vetagro-sup.fr/idp/profile/SAML2/POST/SSO"/>

	        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://ambre.vetagro-sup.fr/idp/profile/SAML2/Redirect/SSO"/>

			<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://ambre.vetagro-sup.fr/idp/profile/Shibboleth/SSO"/>

		</md:IDPSSODescriptor>

		<md:Organization>

			<md:OrganizationName xml:lang="en">Vetagro Sup</md:OrganizationName>

			<md:OrganizationDisplayName xml:lang="en">Vetagro Sup</md:OrganizationDisplayName>

			<md:OrganizationURL xml:lang="en">http://www.vetagro-sup.fr</md:OrganizationURL>

		</md:Organization>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Nicolas Aulas</md:SurName>

				 <md:EmailAddress>nicolas.aulas@vetagro-sup.fr</md:EmailAddress>

		        </md:ContactPerson>

	</md:EntityDescriptor><md:EntityDescriptor entityID="https://antimoine.insa-strasbourg.fr/idp/shibboleth">

			<md:Extensions>

				<mdrpi:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2014-02-11T08:44:08Z">

					<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>

				</mdrpi:RegistrationInfo>

			</md:Extensions>

		<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">

			<md:Extensions>

    				<shibmd:Scope regexp="false">insa-strasbourg.fr</shibmd:Scope>

			    <mdui:UIInfo>

			      <mdui:DisplayName xml:lang="en">INSA Strasbourg</mdui:DisplayName>

			      <mdui:Logo height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAq1BMVEXeAACEhoTWz87nQTn3oqXnIBjvgnvWlpT/5+fnEAjvZWOltrXnNDH3mpT/9/fnCAD/4+fvioz3x8bnVVL3qq3nKCnvkpTnHBjvcXP3sq3vgoT/7+/nFBDnODH3mpz////nDAj3z87vlpTveXv3vr3nAACMmpznRUL3pqXnJCHnFAj/+//nDADvjoz3y87vXVr3rq3nLCnvdXP3srXvhoT/8/fvODH3npz3lpQaie6kAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAAAe0lEQVQY053OwQqCQBhF4VM22VSMMWrFGP2kkIpUQ1nz/m8Ws20TeFeHb3WRnzEBBjO8xRjZrURi0TFiy+UITjTpjIKaOndZuDSGxF0j9G1+e7CuLN1nE2F7VI28tAoqMMezP1ieFOOp7RPueBXKSqdnMq8Wg66nPP0LX4uIG4jEwJ0sAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjQ5OjA0KzAyOjAwIHfmJQAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo0OTowNCswMjowMFEqXpkAAAAASUVORK5CYII=</mdui:Logo>

			      <mdui:InformationURL xml:lang="fr">http://www.insa-strasbourg.fr</mdui:InformationURL>

          		      <mdui:DisplayName xml:lang="fr">INSA Strasbourg</mdui:DisplayName>

      			    </mdui:UIInfo>

			</md:Extensions>

				<md:KeyDescriptor use="signing">

<ds:KeyInfo>

					  <ds:X509Data>

					    <ds:X509Certificate>

					      MIIDUDCCAjigAwIBAgIVAIbX8U0uAqAhuXm1jWxiFpggtDTDMA0GCSqGSIb3DQEB

CwUAMCQxIjAgBgNVBAMMGXNvdWZyZS5pbnNhLXN0cmFzYm91cmcuZnIwHhcNMTYw

OTI3MTIzNjIxWhcNMzYwOTI3MTIzNjIxWjAkMSIwIAYDVQQDDBlzb3VmcmUuaW5z

YS1zdHJhc2JvdXJnLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA

sEE02sLRPAG5N81DMHEeGpI2MYF8yG/RiwH07cFIlLqgV80ewOmi0FWPYijxMb8A

bmx0RwUMvJBVI6WMxtT9fykhID20k8rWOuYOzvaynzVqCktqVgKoEAxP1PFE9b0n

iGKFprjjNl9ZD90GOUsxbAO7yXG9Q4WBa/eThl6XkUvNkSaZp5hcdWrgcAdsae3q

iD/uxFa38NXNNeRLGyfxjd2K5qYSzbwBza9s9TOq1+pfw7sxu3/4BnfQ0RLGO6co

4tH4Mufh0ome4cyYk4pvW5DOd1AznxDb8HpqvE0zwEsa69c/FDX0akgFZydmc77a

j6USn6JKjjbO49yGtG1gVQIDAQABo3kwdzAdBgNVHQ4EFgQUjzMsxZYiokPYxper

9zadM8J0F0kwVgYDVR0RBE8wTYIZc291ZnJlLmluc2Etc3RyYXNib3VyZy5mcoYw

aHR0cHM6Ly9zb3VmcmUuaW5zYS1zdHJhc2JvdXJnLmZyL2lkcC9zaGliYm9sZXRo

MA0GCSqGSIb3DQEBCwUAA4IBAQBFJKsiS3yfWuDB/E+iqQ0TuQJzL5+JIcloN0dw

BFxW3VZOju15zeQ7LwRBg9S4SGLMPJU+LM1lvr68cK9brut/FjF51SETIXEeCWo3

7+PIqgOCzraLNinmpU/OtN8ENalOPvpS6Jvbd23qB2t+IqOtZ+j15b0Yq4/on1E3

W2F9CVzKpe4EwmmtCPQbe7U1wvhgFylEx797pex8veWs79YSYwqvcKMh79dzl8Fo

/CgsO5pDrfKmc6SGMkByq75dZj+PqhZDzZ9EFTxbrXOTaS08VRN6a5Rh2iYRnGxq

yZl66tPcaIm5PHgOEmu5X4lPkUoY+Jt36Gj3SGCbYt8qH5S0

					    </ds:X509Certificate>

					  </ds:X509Data>

					</ds:KeyInfo>

				</md:KeyDescriptor>

				<md:KeyDescriptor use="signing">

				       <ds:KeyInfo>

					  <ds:X509Data>

					    <ds:X509Certificate>

					      MIIDXDCCAkSgAwIBAgIVAKI+qiqDCk9wTTqn7OVAoZrvj/CpMA0GCSqGSIb3DQEB

BQUAMCcxJTAjBgNVBAMTHGFudGltb2luZS5pbnNhLXN0cmFzYm91cmcuZnIwHhcN

MTQwMTEzMTAzOTU4WhcNMzQwMTEzMTAzOTU4WjAnMSUwIwYDVQQDExxhbnRpbW9p

bmUuaW5zYS1zdHJhc2JvdXJnLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB

CgKCAQEAtuM8lRjlVjjmrHq9VtguaOMQL+Wd99BiOs56kL3Mbctg1FwH69LYThCW

6dOz6WJg/jU/naF7jEikXKc71xGyu7Ph7Iqa9S5hoXXAT8u/0q2nZDeTOraJqKe1

FMF2RzXhEEMyQO3CiKNK9b+tbKoNZS7FQCixMZklWZPt4EcEKd6jyRq1WYX3dpnb

r9I/aCdhtK/PGvGe5gKTDoTR2HKyWKJTc/obf8x/vlYIEwiaGgdlqI2KiBE0x48n

zQdP6XVi3T8ZWbnkLmCfgJtP2C8PtEJuwDRAy0Z9N4DSwvxn5YCVYgBLSi0TLa10

B/lUqqBezZrTrA9p9Lt8JtGXW5YGHwIDAQABo38wfTBcBgNVHREEVTBTghxhbnRp

bW9pbmUuaW5zYS1zdHJhc2JvdXJnLmZyhjNodHRwczovL2FudGltb2luZS5pbnNh

LXN0cmFzYm91cmcuZnIvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFLFkjPZUc9JY

qrWjldJ/iGGkKAt4MA0GCSqGSIb3DQEBBQUAA4IBAQBSk/wU1mRn4VF2ifmy261K

DK7uX+t1H1hh8S38fKSFU7HoNXJTV3vQnmBOpYIGC1gtvmb+qjqpNtikU2zO84Gq

Q0bXHxYF2d9RUP89mKaFxE5uNcXFmlOA3ChZY3pMT5zwAPI/T60tGrex7zci7OLn

JDAQj/q4Yk9ejx6JTFggQSCCVh+oV/SDIMd2p5AY6H3mto3b6XCk7Lssa8a/D30k

pEkZnhTKdN82eRyynuOR7UDU4tasV4d7Mi/j53f5ihnRcsvwh/pYodjoVYY8cEcZ

JLnAXYF8coSwh8UN4D/0NHsvTuSOFQc85hGrqacMsvxiQiw9mv01AX5+A5YLEbVQ

					    </ds:X509Certificate>

					  </ds:X509Data>

					</ds:KeyInfo>

				</md:KeyDescriptor>

			   <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://antimoine.insa-strasbourg.fr/idp/profile/SAML2/Redirect/SLO"/>

			   <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://antimoine.insa-strasbourg.fr/idp/profile/SAML2/POST/SLO"/>

			   <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://antimoine.insa-strasbourg.fr/idp/profile/SAML2/SOAP/SLO"/>

			<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

			<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

			<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://antimoine.insa-strasbourg.fr/idp/profile/SAML2/POST/SSO"/>

	        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://antimoine.insa-strasbourg.fr/idp/profile/SAML2/Redirect/SSO"/>

			<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://antimoine.insa-strasbourg.fr/idp/profile/Shibboleth/SSO"/>

		</md:IDPSSODescriptor>

		<md:Organization>

			<md:OrganizationName xml:lang="en">INSA Strasbourg</md:OrganizationName>

			<md:OrganizationDisplayName xml:lang="en">INSA Strasbourg</md:OrganizationDisplayName>

			<md:OrganizationURL xml:lang="en">http://www.insa-strasbourg.fr</md:OrganizationURL>

		</md:Organization>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Lahsen BOUZID</md:SurName>

				 <md:EmailAddress>lahsen.bouzid@insa-strasbourg.fr</md:EmailAddress>

		        </md:ContactPerson>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Simon SCHERRER</md:SurName>

				 <md:EmailAddress>simon.scherrer@insa-strasbourg.fr</md:EmailAddress>

		        </md:ContactPerson>

	</md:EntityDescriptor></md:EntitiesDescriptor>

<?xml version="1.0" encoding="UTF-8" standalone="no"?><md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:pyff="http://pyff.io/NS" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xrd="http://docs.oasis-open.org/ns/xri/xrd-1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_20171018T113001Z" Name="https://federation.renater.fr/" cacheDuration="PT1H" validUntil="2017-10-27T11:30:01Z"><ds:Signature>

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<ds:Reference URI="">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>JKdLdd5yGvkFdb1fCAByMMnurIKYhZepRouZfOjIUrg=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

OTexfi8c63TsP1V9j5m6digA2NomUfqBtT8pPKhwdqEDQS5qLh6fxvT+wWkP6JaIhkP8nxwpbArl

7cUHkRv5ibZzcknIAjXYMhsSTtFQUq89OMcDHtZHG54jiKyHPhu2+XEbvv6DsAYanYC6SHEnGjNG

opnOEUB2XqeycsvvTQQIuWZEoABTVcKYyk2CW7Ij5EUmPOAPiidtbt8lzrtkV6dwLbkyoEbChAyj

emrL/oS01aJgT9sQoJxR8lyRMGiZ/BwQqYTareiKwOXLPdGThzsfZXD8de9T1xuysILaAM7sHPJV

QfrQJm80Zo2MM/GnhJTO9rc4m3kRnRhqmA6qMw==

</ds:SignatureValue>

<ds:KeyInfo>

<ds:KeyValue>

<ds:RSAKeyValue>

<ds:Modulus>

71+vTf66BPgYUF7sm4T++W69qMVyGQn9wNqpBLc6sp53eq/JRTOUD26Yehjsld5qN52Bv2r5QG7o

4VU123akXUYzupvq1f+tmF9NwYa7MPEPFzCzJHhNXjZNRxcsW1WLW34fhQCm0oak3oSPoNo5qeGi

jNsTSkgSt1mPH0P8d95af2VJnT6zbrclxvH4emqpT9oGLsWqKWLlIbZ7u1PUjuNVwLHuj909/apm

C13RBIpV52fey4qey34bnRHdCTknZeN/TJLTJ9hMWzz9TbdjfIFaiF7MeY+OYRXzUJeQuHHMu/2I

emkoR26mYi6irvmx8AdPcPCwcRKw2Ca4xLhbNw==

</ds:Modulus>

<ds:Exponent>AQAB</ds:Exponent>

</ds:RSAKeyValue>

</ds:KeyValue>

<ds:X509Data>

<ds:X509Certificate>

MIIC9zCCAd+gAwIBAgIEfe6j3jANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFTQU1MIE1ldGFk

YXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMTYwNzI5MDczNjM4WhcNMjYwNjA3MDczNjM4WjAs

MSowKAYDVQQDEyFTQU1MIE1ldGFkYXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3

DQEBAQUAA4IBDwAwggEKAoIBAQDvX69N/roE+BhQXuybhP75br2oxXIZCf3A2qkEtzqynnd6r8lF

M5QPbph6GOyV3mo3nYG/avlAbujhVTXbdqRdRjO6m+rV/62YX03Bhrsw8Q8XMLMkeE1eNk1HFyxb

VYtbfh+FAKbShqTehI+g2jmp4aKM2xNKSBK3WY8fQ/x33lp/ZUmdPrNutyXG8fh6aqlP2gYuxaop

YuUhtnu7U9SO41XAse6P3T39qmYLXdEEilXnZ97Lip7LfhudEd0JOSdl439MktMn2ExbPP1Nt2N8

gVqIXsx5j45hFfNQl5C4ccy7/Yh6aShHbqZiLqKu+bHwB09w8LBxErDYJrjEuFs3AgMBAAGjITAf

MB0GA1UdDgQWBBTT88iZzWO+hN9SBUkpx871lmTuLTANBgkqhkiG9w0BAQsFAAOCAQEABoPpODry

XwiM5jjtqk6veR02FevCKHpZP6Od7Kqcfs6lg5LcQmGUOgpmW3Gg4UMjBYkgARsT2Nsnah1CJqa8

cjvv8p5KEIhY0hVS8iMJnrb3PDeiFSeP4xSfct/6z/ebV4+QFl22bsm2zpAC6BpFz8+IJ/jAmQzT

Vob4MAUeQPnwwzm3xz6yanLZx7BK5cfrTCa+hrarNQCboRjXPwiejF8WRCxpgRHH6yNs5QH/Z6o5

e3tUP7uEpn2Ob+kcLsEMGb9DghkoDAgkHCOZeTy+7hgxt+/T94cLTa58gVtvEOnd0GuL7Vfd+IVd

XgSard8RfR3OyZlf6M4aSGQA73sskQ==

</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</ds:Signature><md:EntityDescriptor entityID="https://access-check.edugain.org/simplesaml/saml2/idp/metadata.php">

			<md:Extensions>

				<mdrpi:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2015-01-30T15:32:58Z">

					<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>

				</mdrpi:RegistrationInfo>

			</md:Extensions>

		<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

			<md:Extensions>

    				<shibmd:Scope regexp="false">access-check.edugain.org</shibmd:Scope>

			    <mdui:UIInfo>

			      <mdui:DisplayName xml:lang="en">eduGAIN Access Check</mdui:DisplayName>

			      <mdui:Logo height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAABbUlEQVQoz52RPW4UQRCFv6ru6fnZNSxCJuVKpFwAicR3IUI+AakvhQhI7JU8M/1T3QQzsg1sAhWV3qtPVaonfPrCX9W+fpTP3y7otzceGJKJxCiujpVUkCv0+m3K967hixUfWgWSHwAPxG6UqtIFbEFHGoCqR721BX+wirO8LVGg+a6amEXXjqxhM5ZxNFPvX1Odocn5ZwB7HCn4hWI42wxD6KWUBVfIZxXd9J2zNhHFmro2Gx3QPKSReGCiV40ESM/A1NcxTDnn7HvLFViXBRZ6MKJnmwaktca/lFzO4fZG7n5e0D9cK4DjFI69yrGbwvhqP7KWp7kR99QrQAn3cW5N5/SQ1rivDgdUCUegFfkDkKF26TG7FijzZoS0sM7kM7D6gncvgG5d7cEdu6wN+v3R/cRwQgaAdnA2vACQvn9Tk6NNqjtwjis1Iyp4JOpafwvu3ZAYa3TV2fBjBnjfe8uLKErOZLk6fU//lcMvhuSrh7MzMwcAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTUtMDctMjBUMTA6NTA6MTErMDI6MDCDfj0WAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE1LTA3LTIwVDEwOjUwOjExKzAyOjAw8iOFqgAAAABJRU5ErkJggg==</mdui:Logo>

			      <mdui:InformationURL xml:lang="fr">http://www.renater.fr</mdui:InformationURL>

			      <mdui:Description xml:lang="en">eduGAIN Access Check allows administrators of a Service Provider (SP) registered in eduGAIN to create test accounts with different profiles to validate the behaviour and test federated login. The test accounts can only be used to access own services.</mdui:Description>

          		      <mdui:DisplayName xml:lang="fr">eduGAIN Access Check</mdui:DisplayName>

          		      <mdui:Description xml:lang="fr">eduGAIN Access Check allows administrators of a Service Provider (SP) registered in eduGAIN to create test accounts with different profiles to validate the behaviour and test federated login. The test accounts can only be used to access own services.</mdui:Description>

      			    </mdui:UIInfo>

			</md:Extensions>

				<md:KeyDescriptor use="signing">

<ds:KeyInfo>

					  <ds:X509Data>

					    <ds:X509Certificate>

					      MIID2zCCAsOgAwIBAgIJAJpdV2MFitUqMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYD

VQQGEwJGUjEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MQ4wDAYDVQQKDAVHRUFOVDEd

MBsGA1UEAwwUdGVzdC1pZHAuZWR1Z2Fpbi5vcmcxLjAsBgkqhkiG9w0BCQEWH3Rl

c3RpZHBhY2NvdW50bWFuYWdlckBnZWFudC5uZXQwHhcNMTQxMjE4MTAxODU5WhcN

MjQxMjE3MTAxODU5WjCBgzELMAkGA1UEBhMCRlIxFTATBgNVBAcMDERlZmF1bHQg

Q2l0eTEOMAwGA1UECgwFR0VBTlQxHTAbBgNVBAMMFHRlc3QtaWRwLmVkdWdhaW4u

b3JnMS4wLAYJKoZIhvcNAQkBFh90ZXN0aWRwYWNjb3VudG1hbmFnZXJAZ2VhbnQu

bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo48FFP0P/81e3WHb

U91F/TYDZC/JypEqO2XQNH50baXpk2JrJFVFOWdgdK6qWHsLznuxngRsfOasAaVA

Ob1Bf3g2xgPUd2htSLxds+o/Y24DOM6ZairxbWJk2rOvLhJFchlrcNWCpMtUCkfJ

xmqGmeo93XAud5byj3wQ1NuH2o8rjTPAkMgQdr8D2b8EG1NYEH00AqRlXZTFCWGL

KDEuZwyta6vgMQYT4K6UF/F+HWF2wzbmVgRTHguJ0rzNqz6t+9CtLkhyZO+/57Ro

4U0ikshVWkUOENPKCnB1t+ebs/AsNozbIGA/HcdtwUwDgIowv/K0hdnLDC1vz6/S

F3rnGQIDAQABo1AwTjAdBgNVHQ4EFgQUgWN9jmJxOEHYU5m8D0atl895HxowHwYD

VR0jBBgwFoAUgWN9jmJxOEHYU5m8D0atl895HxowDAYDVR0TBAUwAwEB/zANBgkq

hkiG9w0BAQUFAAOCAQEAXvlBHMaBK6m0PQNanTqGBRdRAFt8Xkr5texD5mPTmS/7

nqnxlN0orqYWGCaARmQE+T77EB2a2n9g2s130pUXwJxcbUwIOdPKH6CMKEHT/512

bndJXQ3DyhkuVSLtRFOdfleIhi8qUkNC9FWxM4jDHDTTQtNEHnCjFxlhxw+ri5QJ

AVKpH9MkcuIkM6Jx+QhNwTDwCRIJffoDOH420yR5EWx/sQ4tjKQGiFOPv/WHFjXd

LqHU+X8ErzxeNmUHHST6pHePWRCMtoPTdCPhEroJhou6NMHh8ylQOIVHt6gggc7r

kUWMUybDUxPp49qMeNkdKqFPby2aW7ouKRoOXuxZhg==

					    </ds:X509Certificate>

					  </ds:X509Data>

					</ds:KeyInfo>

				</md:KeyDescriptor>

			<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

	        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://access-check.edugain.org/simplesaml/saml2/idp/SSOService.php"/>

		</md:IDPSSODescriptor>

		<md:Organization>

			<md:OrganizationName xml:lang="en">eduGAIN Access Check</md:OrganizationName>

			<md:OrganizationDisplayName xml:lang="en">eduGAIN Access Check</md:OrganizationDisplayName>

			<md:OrganizationURL xml:lang="en">http://www.renater.fr</md:OrganizationURL>

		</md:Organization>

			    <md:ContactPerson contactType="technical">

			     <md:EmailAddress>edugain-integration@geant.net</md:EmailAddress>

		        </md:ContactPerson>

	</md:EntityDescriptor><md:EntityDescriptor entityID="https://aishib.agropolis.fr/idp/shibboleth">

			<md:Extensions>

				<mdrpi:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2013-06-06T11:49:20Z">

					<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>

				</mdrpi:RegistrationInfo>

			</md:Extensions>

		<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">

			<md:Extensions>

    				<shibmd:Scope regexp="false">agropolis.fr</shibmd:Scope>

			    <mdui:UIInfo>

			      <mdui:DisplayName xml:lang="en">Agropolis International</mdui:DisplayName>

			      <mdui:Logo height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAACPUlEQVQoz21SPW8TQRR8u7d3ju34Er6UCHACRqK4Bjk0oDSEjiYSBQVS8k9AkWgp+AuUASGEaCASkoPcgARVMF8iTnxJwMFJfL47397u3u6jsGVFwLzmFTN6ozdDEBEAAOD4kiRJsVgkhMA/YMfZzc3NVstnzGq1/KXlJfgf2Ii9XquVZ2YWbi5Io4MsbfPeZK4wRm0AOH6KICIivq2tV6/O5cYLHztbW9FvYTKuZaLk7PjpW+UrJXtspCHGmGazCQBnZ8svtj/0tbAINYhcy1DyThpRhHtztyedwkBDAWBnZ6dSqbzZ+7THu0IraTJplDSZ0JnQ2Y+482jj1cgSRUTHdrhW9fa3SKaxErFKIyUiKaIsjVQaKf5s631HxP1+X2vNwjB0J9zd+OgnD044Ra4lI5ZBw7XqyeRQREciaqe9xoE/K/OFfIENnqBM1uZBqlWBOYxQjYZnqieTThru8zCU3AASIAjIXNellGLePkjCUPICy1mEDAShSg7SqCsTBtQ7WfY3vlarVUYpdUsuAs5PXV7dfpe3HEYtjSbNZJwJoRUi3rl4fSrvfufctm0ySA0RD0V84+WDL1EbCCDCYIDApeKZ+uKK6faDIPA8jw7jIORUbry2eH+5Mu8ARTSAkCPW3QvX6osrE+B8bjQ8zxu2aACDaIwxxuzzsLbbePj88a8k0Mb4vr/2ei3LMoOIiGRU0iGGVuDp6pNz5fNSiKnpac/zgAABMuzSXwIggIjdbrdUKjHGYGQaAAD+AJBJecXxnEvWAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjQ4OjE1KzAyOjAwpWiGMQAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo0ODoxNSswMjowMNQ1Po0AAAAASUVORK5CYII=</mdui:Logo>

			      <mdui:InformationURL xml:lang="fr">http://www.agropolis.fr</mdui:InformationURL>

          		      <mdui:DisplayName xml:lang="fr">Agropolis International</mdui:DisplayName>

      			    </mdui:UIInfo>

			</md:Extensions>

				<md:KeyDescriptor use="signing">

<ds:KeyInfo>

					  <ds:X509Data>

					    <ds:X509Certificate>

					      MIIDNzCCAh+gAwIBAgIUYY3sGXwChkj2CRy6QFDvkdj2zlAwDQYJKoZIhvcNAQEF

BQAwHjEcMBoGA1UEAxMTYWlzaGliLmFncm9wb2xpcy5mcjAeFw0xMzA1MTUxMzM3

MTJaFw0zMzA1MTUxMzM3MTJaMB4xHDAaBgNVBAMTE2Fpc2hpYi5hZ3JvcG9saXMu

ZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxrDy6lrhIBjcxv16n

4UJ2cEMYPO4wSmfDwhO6feoSIEuIblYRHE2nQKirMokwD6seF4rbDHyxLXg/ColL

VLv+0CJteIOZjSCgSN90WzQRrC1Ex5sJfPu6yPEXvW8H1906gEg6ok8rlCIHRGfE

15pHK5eqxQS5f2n8c2t/Uk33/FBj79/hb3Cd7vE4mdlvReD3AFswC0lV4bPmj3Ka

KUuMj9xwipwnfWCu6p2/ZJF4M3ADU5grXHJ2Vqmd8DWm5raaObKjYwJddbRBByI8

bJJLIwAQQmX4Dh4hf1QKlf2oqWPWVQxLQp0erL1U8IWmj1RG8TTH9xOJl6kkEhYq

Z2gfAgMBAAGjbTBrMEoGA1UdEQRDMEGCE2Fpc2hpYi5hZ3JvcG9saXMuZnKGKmh0

dHBzOi8vYWlzaGliLmFncm9wb2xpcy5mci9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4E

FgQU9A7iQ8Qo+t2JCpKuOOV9YBoYs4MwDQYJKoZIhvcNAQEFBQADggEBAG0LOW6I

F+M8n2NpzyQjfVCJCA6QhWjbXrfemiPJFZGZZb2dVmHof4yCpCUYgHOBoZaXPOlB

nLYsUWvFZ6V2GELZpLHzHSSrYidieW07qQkh1DwcIYpvtZgLviOtT/tCEGsk925f

DUoGdeIqpqt54WZcW9+TbKicvjg3JT4BFOQ17bFNwPW+YjTbvsWYxen+e0mRp4vM

V0yMu2f3bccVhePASSZGL3yod3sJ1dPvlrJO9c35BekhtirolVjZqMQ0AYPVifua

yIU0dWXsZkAOcBL9kZFbJcYRUIxMgvp8U2Zdv1+ZlwOyXnnWDOOh9wjuT7FAyObU

ChvjHlgZHkvLwJI=

					    </ds:X509Certificate>

					  </ds:X509Data>

					</ds:KeyInfo>

				</md:KeyDescriptor>

			<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

			<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

			<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://aishib.agropolis.fr/idp/profile/SAML2/POST/SSO"/>

	        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://aishib.agropolis.fr/idp/profile/SAML2/Redirect/SSO"/>

			<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://aishib.agropolis.fr/idp/profile/Shibboleth/SSO"/>

		</md:IDPSSODescriptor>

		<md:Organization>

			<md:OrganizationName xml:lang="en">Agropolis International</md:OrganizationName>

			<md:OrganizationDisplayName xml:lang="en">Agropolis International</md:OrganizationDisplayName>

			<md:OrganizationURL xml:lang="en">http://www.agropolis.fr</md:OrganizationURL>

		</md:Organization>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Jean Cerda</md:SurName>

				 <md:EmailAddress>cerda@agropolis.fr</md:EmailAddress>

		        </md:ContactPerson>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Jean-Pierre  Allano</md:SurName>

				 <md:EmailAddress>allano@agropolis.fr</md:EmailAddress>

		        </md:ContactPerson>

	</md:EntityDescriptor><md:EntityDescriptor entityID="https://ambre.vetagro-sup.fr/idp/shibboleth">

			<md:Extensions>

				<mdrpi:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2013-01-14T16:11:53Z">

					<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>

				</mdrpi:RegistrationInfo>

			</md:Extensions>

		<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">

			<md:Extensions>

    				<shibmd:Scope regexp="false">vetagro-sup.fr</shibmd:Scope>

			    <mdui:UIInfo>

			      <mdui:DisplayName xml:lang="en">Vetagro Sup</mdui:DisplayName>

			      <mdui:Logo height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAAB/klEQVQ4y2NkQAP///+X+/jxI/PO7dujP3/7kf7v778ffDzciw2MDFaqq6t/Y2RkfIysngndAEZGxkezZ8/25xEQqVDTs5eRVrNU4RQUL7x9+7YtumasBjAwMDBISIgbcvBKct998p7h1fvfDKyc4nz//jF6yjAwSBNlwM+fP3/9/PmT4dbl4wysrCwMf//9Z/r7959UcFISD1EGPH107xgfD9sbTg52hrcvHjDw87Aw/Pz+7tLEefNuEmWAm6ffxvu3Ll4zMjZleHz/KsO7lw+f3bh+czs2tVgNsLS0fPfs4b3VnKy//wrycW84e2L/uobmtg0MpIKurt6N////Z8jPzxcnWTMDAwPD79//tbq7+9bhU8OMTfD//8cMP79L1X/8tjxMQYHXT0Uh88aBgyuvEW3Aly+8ntw8jLU3bx20cnH/xPz2jTyvk9OGpTt3NhIOxP//GRgkJGR8tPVeyElIvWA4dfIqg57Bff0nD+eHExULIb5dqkYmYgYm5r8YPH3vMzx//omBk+edpI4+vxVRBnz5zPqbi4vt7a9fv//9+cvAYG79jIGZmZWBg4NJiCgDdh4sfHD/7u9j714Z/BYWiGBQVkxjePNK8+erV5+uYDOABTMM/nP09y9Z8+OHgNjli9ahf//++8vGwrlAS0tp/v///7kYGRm/IasHAIVTy8DG/VpJAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjUwOjA5KzAyOjAwfDtz7wAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo1MDowOSswMjowMA1my1MAAAAASUVORK5CYII=</mdui:Logo>

			      <mdui:InformationURL xml:lang="fr">http://www.vetagro-sup.fr</mdui:InformationURL>

          		      <mdui:DisplayName xml:lang="fr">Vetagro Sup</mdui:DisplayName>

      			    </mdui:UIInfo>

			</md:Extensions>

				<md:KeyDescriptor use="signing">

<ds:KeyInfo>

					  <ds:X509Data>

					    <ds:X509Certificate>

					      MIIDPDCCAiSgAwIBAgIVAL9PsuadPSIZcMHNxlK/oevezmzWMA0GCSqGSIb3DQEB

BQUAMB8xHTAbBgNVBAMTFGFtYnJlLnZldGFncm8tc3VwLmZyMB4XDTEyMTEwODEw

MTQwNFoXDTMyMTEwODEwMTQwNFowHzEdMBsGA1UEAxMUYW1icmUudmV0YWdyby1z

dXAuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc/ptfpmkomwmT

4RsID+1Ce1dX0eUjcLgSOZN8hVpHWLag2ERWkpmvB5aK7BAFcI5i//Gk80tAiasu

JtlZhBnEw54aTJRGpyL2CVkHyl6SMRxprIi1Ji67IoGqEgUeGaheAxo+tG5e1WSc

bIbldcSKdwvjAV+7HSB4C6NqLsAzJH25++yaRH2uf2LTD0TDzNR9Q2hVj/VyYWR+

K3HWI1Snjn/i7aFfZZhYmBkwHuQOaPhwCM+khikg5XicMsxUhHCMi93UgHGIsdkr

IEGj4xydBTUKsLaykeuFS8EgXbWwCLGkeX76w8xDoFIpnppU/yFd9v7Zg3EBfn4p

kTW3GdIjAgMBAAGjbzBtMEwGA1UdEQRFMEOCFGFtYnJlLnZldGFncm8tc3VwLmZy

hitodHRwczovL2FtYnJlLnZldGFncm8tc3VwLmZyL2lkcC9zaGliYm9sZXRoMB0G

A1UdDgQWBBTPTqWkVHrHXFjmxMWkNt/sp2h5ozANBgkqhkiG9w0BAQUFAAOCAQEA

FvXMtfBUmRZCzz8CjanGzr1TBUPmnkrKci5AtkseKw9YlfUmBXTHB01y697nYq6m

RB6KhvfW212h9CF0IOEEjoadgDhXqGYhq8PnAOtT4Ty3XDy8SbRh8aQWfvnfSngv

FdpHRiSpj5UXXuT5zTtkf59h58XKtEfCkMbUzvdOgUobJzpD0WISmQHPQnx+Neg6

9j7oMRrDiZjS39Om8Imu9xvsnddDM3PlsDBIsvrr1o7K5iLkEdR1YYX0ZNDbiFuw

QXXl2dwQPB8KrScPUvCe57slU2gFQvvIBzjQysxC6V6TPSuM3A/ee56lACuB3jKj

oYkHQc5Gj/1rSMLmu9aLMg==

					    </ds:X509Certificate>

					  </ds:X509Data>

					</ds:KeyInfo>

				</md:KeyDescriptor>

			<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

			<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

			<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ambre.vetagro-sup.fr/idp/profile/SAML2/POST/SSO"/>

	        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://ambre.vetagro-sup.fr/idp/profile/SAML2/Redirect/SSO"/>

			<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://ambre.vetagro-sup.fr/idp/profile/Shibboleth/SSO"/>

		</md:IDPSSODescriptor>

		<md:Organization>

			<md:OrganizationName xml:lang="en">Vetagro Sup</md:OrganizationName>

			<md:OrganizationDisplayName xml:lang="en">Vetagro Sup</md:OrganizationDisplayName>

			<md:OrganizationURL xml:lang="en">http://www.vetagro-sup.fr</md:OrganizationURL>

		</md:Organization>

			    <md:ContactPerson contactType="technical">

				 <md:SurName>Nicolas Aulas</md:SurName>

				 <md:EmailAddress>nicolas.aulas@vetagro-sup.fr</md:EmailAddress>

		        </md:ContactPerson>

	</md:EntityDescriptor><md:EntityDescriptor entityID="https://antimoine.insa-strasbourg.fr/idp/shibboleth">

			<md:Extensions>

				<mdrpi:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2014-02-11T08:44:08Z">

					<mdrpi:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/metadata_registration_practice_statement</mdrpi:RegistrationPolicy>

				</mdrpi:RegistrationInfo>

			</md:Extensions>

		<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">

			<md:Extensions>