Bug #64249
Erreur 500 lors de la déconnexion depuis un service non-autorisé
Statut:
Nouveau
Priorité:
Normal
Assigné à:
-
Catégorie:
-
Version cible:
-
Début:
15 avril 2022
Echéance:
% réalisé:
0%
Temps estimé:
Patch proposed:
Non
Planning:
Non
Description
La déconnexion SAML depuis un service non-autorisé déclenche une erreur 500 et l'exception suivante :
ERROR Internal Server Error: /idp/saml2/slo
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/authentic2/decorators.py", line 40, in f
return func(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/authentic2/decorators.py", line 40, in f
return func(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 1397, in slo
return return_logout_error(request, logout, AUTHENTIC_STATUS_CODE_UNAUTHORIZED)
File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 1151, in return_logout_error
logout.buildResponseMsg()
File "/usr/lib/python3/dist-packages/lasso.py", line 2851, in buildResponseMsg
Error.raise_on_rc(rc)
File "/usr/lib/python3/dist-packages/lasso.py", line 62, in raise_on_rc
raise exception
lasso.ProfileUnknownProfileUrlError: <lasso.ProfileUnknownProfileUrlError(-410): Unable to find Profile URL in metadata>
Pour info, voilà la requête SAML reçue et déclenchant l'erreur :
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://idp.cnsad.psl.eu/idp/saml2/slo"
ID="_4efec5e6df7cc9ed6e3303503d7f5024"
IssueInstant="2022-04-15T08:44:19Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test-sp.federation.renater.fr</saml:Issuer>
<samlp:Extensions>
<aslo:Asynchronous xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo" />
</samlp:Extensions>
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
NameQualifier="https://idp.cnsad.psl.eu/idp/saml2/metadata"
>_DE1AD560163EE7723BE65D7DFEE9A4DBC058A4C3</saml:NameID>
<samlp:SessionIndex>_6A2F8D0073D5ED053CAFC37A5D430EB7</samlp:SessionIndex>
</samlp:LogoutRequest>
Et voilà les métadonnées du service SAML ayant demandé la déconnexion :
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:ns2="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:ns3="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns4="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ns5="http://www.w3.org/2000/09/xmldsig#" entityID="https://test-sp.federation.renater.fr">
<ns0:Extensions>
<ns1:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2019-02-18T17:40:52Z">
<ns1:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/documentation/engagement-conformite/metadata_registration_practice_statement</ns1:RegistrationPolicy>
</ns1:RegistrationInfo>
<ns2:EntityAttributes>
<ns3:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns3:AttributeValue>https://federation.renater.fr/category/metier</ns3:AttributeValue>
<ns3:AttributeValue>https://federation.renater.fr/scope/national</ns3:AttributeValue>
</ns3:Attribute>
</ns2:EntityAttributes>
</ns0:Extensions>
<ns0:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<ns0:Extensions>
<ns4:UIInfo>
<ns4:DisplayName xml:lang="en">GIP RENATER - Test SP</ns4:DisplayName>
<ns4:InformationURL xml:lang="fr">https://test-sp.federation.renater.fr</ns4:InformationURL>
<ns4:Description xml:lang="en">Test service provider listing transmitted attributes.</ns4:Description>
<ns4:DisplayName xml:lang="fr">GIP RENATER - SP de test</ns4:DisplayName>
<ns4:Description xml:lang="fr">Fournisseur de service de test listant les attributs transmis.</ns4:Description>
</ns4:UIInfo>
</ns0:Extensions>
<ns0:KeyDescriptor use="signing">
<ns5:KeyInfo>
<ns5:X509Data>
<ns5:X509Certificate>MIIERTCCAq2gAwIBAgIJANLeISo/aI8sMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
BAMTHXRlc3Qtc3AuZmVkZXJhdGlvbi5yZW5hdGVyLmZyMB4XDTIwMDIyNTE0MTQx
NFoXDTMwMDIyMjE0MTQxNFowKDEmMCQGA1UEAxMddGVzdC1zcC5mZWRlcmF0aW9u
LnJlbmF0ZXIuZnIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCv4TO5
g4cs1YMzrGVvgFjhZbtjUUhOhb/Eq2AqBxshVSH0HdKwW77+rAb8QlhEIZGfCjEr
nUtOPphq8QkLzKLjgKa+ImlgsS55DLbr4SylIPiWyfnhlHswE7PXauIpJlddjMiZ
JupQiPn5hAMzpxzAdc1dNoNfECcOFktSY6lSeSdqNlRF7NioTDW0dZL9DKIp/y+D
uf9py43KidnmiXe3MAfwuVGXkF2pdvoGFmKTAqBc139z22TtJN20tGWtf8f9JtSB
4SDKFysR+Qlj+3spuM6CYQVjitQm7YbH0X9/Fev50tIwa4u57m9vV8nBNavC7PD+
D9F/v/ffS6MHsRec5m5SIXwxDSPvXXGlfq6cfuBCw6yi5p8K85eOEDLE4pH6tVqf
owogLYboah5vSJpKGOVBSkEE0TzmbUjYBf7vCVqYkbD9wGYsWQb3fKo8EbXVpgL3
MPnJMFmJn127I3xpP8ZH90e2nr5BI995zERUFxvRQ3QU3SSQbeY1+SuZBlsCAwEA
AaNyMHAwTwYDVR0RBEgwRoIddGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnKG
JWh0dHBzOi8vdGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnIwHQYDVR0OBBYE
FAwO7Jaa5l4/nyuQNxXiiZKZPEs1MA0GCSqGSIb3DQEBCwUAA4IBgQAiO96pWBKB
QdGI53z69A7GnIivGHONGPNs4K0lPaNGB3zxZOuDMouIP7Mt1PoWQDoSep0s29EJ
AlKjtw2uVjS0yiQNsi8ViiFiCsTtAl3nHzOvq6NJWgTOqvxBvukPiD1ykmelj8I3
ye1wRl00kZPPHdZEWvjro5bmruCIk3SMM/1NZfMS24708w6UySYjCKMlPwfl7PRI
fA8N6rgdZJu9k7z3noEyuOy0yqmuS/hlaY/hgRA54ak2lC2yHOm8gNh5sdyJvqDh
AQRXIOpBXmnDtEuJaSIz2KggocRKn35X6z0RIOFBUNVOnaPSndWQJQGuh7HtbW1B
gcG9y/WJClS04vg/3MbDZdc3t+con11x8SESjV+OdPZvHi8SLTklzaWrSJSBGqwK
GUkb1xcow63IoKrhXyL4P8RqCJc0/ENee2RNlplVnDlZN0ybGzh+rpr0kqhFhJ6k
9cD16NIwcrBR7YUy6TVyDcL1BE0xawZ0VyV1DINy8Zd05dRDL2IOpC8=</ns5:X509Certificate>
</ns5:X509Data>
</ns5:KeyInfo>
</ns0:KeyDescriptor>
<ns0:KeyDescriptor use="encryption">
<ns5:KeyInfo>
<ns5:X509Data>
<ns5:X509Certificate>MIIERTCCAq2gAwIBAgIJANLeISo/aI8sMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
BAMTHXRlc3Qtc3AuZmVkZXJhdGlvbi5yZW5hdGVyLmZyMB4XDTIwMDIyNTE0MTQx
NFoXDTMwMDIyMjE0MTQxNFowKDEmMCQGA1UEAxMddGVzdC1zcC5mZWRlcmF0aW9u
LnJlbmF0ZXIuZnIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCv4TO5
g4cs1YMzrGVvgFjhZbtjUUhOhb/Eq2AqBxshVSH0HdKwW77+rAb8QlhEIZGfCjEr
nUtOPphq8QkLzKLjgKa+ImlgsS55DLbr4SylIPiWyfnhlHswE7PXauIpJlddjMiZ
JupQiPn5hAMzpxzAdc1dNoNfECcOFktSY6lSeSdqNlRF7NioTDW0dZL9DKIp/y+D
uf9py43KidnmiXe3MAfwuVGXkF2pdvoGFmKTAqBc139z22TtJN20tGWtf8f9JtSB
4SDKFysR+Qlj+3spuM6CYQVjitQm7YbH0X9/Fev50tIwa4u57m9vV8nBNavC7PD+
D9F/v/ffS6MHsRec5m5SIXwxDSPvXXGlfq6cfuBCw6yi5p8K85eOEDLE4pH6tVqf
owogLYboah5vSJpKGOVBSkEE0TzmbUjYBf7vCVqYkbD9wGYsWQb3fKo8EbXVpgL3
MPnJMFmJn127I3xpP8ZH90e2nr5BI995zERUFxvRQ3QU3SSQbeY1+SuZBlsCAwEA
AaNyMHAwTwYDVR0RBEgwRoIddGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnKG
JWh0dHBzOi8vdGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnIwHQYDVR0OBBYE
FAwO7Jaa5l4/nyuQNxXiiZKZPEs1MA0GCSqGSIb3DQEBCwUAA4IBgQAiO96pWBKB
QdGI53z69A7GnIivGHONGPNs4K0lPaNGB3zxZOuDMouIP7Mt1PoWQDoSep0s29EJ
AlKjtw2uVjS0yiQNsi8ViiFiCsTtAl3nHzOvq6NJWgTOqvxBvukPiD1ykmelj8I3
ye1wRl00kZPPHdZEWvjro5bmruCIk3SMM/1NZfMS24708w6UySYjCKMlPwfl7PRI
fA8N6rgdZJu9k7z3noEyuOy0yqmuS/hlaY/hgRA54ak2lC2yHOm8gNh5sdyJvqDh
AQRXIOpBXmnDtEuJaSIz2KggocRKn35X6z0RIOFBUNVOnaPSndWQJQGuh7HtbW1B
gcG9y/WJClS04vg/3MbDZdc3t+con11x8SESjV+OdPZvHi8SLTklzaWrSJSBGqwK
GUkb1xcow63IoKrhXyL4P8RqCJc0/ENee2RNlplVnDlZN0ybGzh+rpr0kqhFhJ6k
9cD16NIwcrBR7YUy6TVyDcL1BE0xawZ0VyV1DINy8Zd05dRDL2IOpC8=</ns5:X509Certificate>
</ns5:X509Data>
</ns5:KeyInfo>
</ns0:KeyDescriptor>
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://test-sp.federation.renater.fr/Shibboleth.sso/SAML/POST" index="5" />
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test-sp.federation.renater.fr/Shibboleth.sso/SAML2/POST" index="1" />
<ns0:AttributeConsumingService index="0">
<ns0:ServiceName xml:lang="fr">GIP RENATER - SP de test</ns0:ServiceName>
<ns0:ServiceName xml:lang="en">GIP RENATER - Test SP</ns0:ServiceName>
<ns0:ServiceDescription xml:lang="fr">Fournisseur de service de test listant les attributs transmis.</ns0:ServiceDescription>
<ns0:ServiceDescription xml:lang="en">Test service provider listing transmitted attributes.</ns0:ServiceDescription>
<ns0:RequestedAttribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="homePhone" Name="urn:oid:0.9.2342.19200300.100.1.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="homePostalAddress" Name="urn:oid:0.9.2342.19200300.100.1.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="mobile" Name="urn:oid:0.9.2342.19200300.100.1.41" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="labeledURI" Name="urn:oid:1.3.6.1.4.1.250.1.57" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="schacHomeOrganizationType" Name="urn:oid:1.3.6.1.4.1.25178.1.2.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="schacPersonalUniqueCode" Name="urn:oid:1.3.6.1.4.1.25178.1.2.14" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="schacExpiryDate" Name="urn:oid:1.3.6.1.4.1.25178.1.2.17" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="schacHomeOrganization" Name="urn:oid:1.3.6.1.4.1.25178.1.2.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonPrincipalNamePrior" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonUniqueId" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonNickname" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonOrgDN" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonOrgUnitDN" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonPrimaryAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonPrimaryOrgUnitDN" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="eduOrgLegalName" Name="urn:oid:1.3.6.1.4.1.5923.1.2.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannListeRouge" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuId" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEmpId" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannAutreTelephone" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEntiteAffectationPrincipale" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtablissement" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.14" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannMailPerso" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.15" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannActivite" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannRoleGenerique" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.23" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannRoleEntite" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.24" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuAnneeInscription" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.25" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuCursusAnnee" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.26" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuDiplome" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.27" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuElementPedagogique" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.28" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuEtape" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.29" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuInscription" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.30" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuRegimeInscription" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.31" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuSecteurDisciplinaire" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEtuTypeDiplome" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.33" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannAutreMail" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEmpCorps" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.35" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannRefId" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.37" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannNomDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannPrenomsEtatCivil" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCivilite" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannOIDCDateDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.40" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannOIDCGenre" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.41" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCodeINSEEVilleDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCodeINSEEPaysDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.43" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCMSAffectation" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.45" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCMSAppAffectation" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.46" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCMSAppIdDomaine" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.48" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCMSDateFin" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.49" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCMSIdEtiquette" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.51" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCMSType" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.52" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCMSSource" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.53" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannRessourceEtatDate" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.54" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannRessourceEtat" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannConsentement" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.62" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannAdressePostalePrivee" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.63" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannTelephonePrive" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannMailPrive" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.65" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannEntiteAffectation" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="supannCodeINE" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="mailForwardingAddress" Name="urn:oid:2.16.840.1.113730.3.1.17" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="departmentNumber" Name="urn:oid:2.16.840.1.113730.3.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="preferredLanguage" Name="urn:oid:2.16.840.1.113730.3.1.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="o" Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="ou" Name="urn:oid:2.5.4.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="title" Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="postalAddress" Name="urn:oid:2.5.4.16" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="telephoneNumber" Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="facsimileTelephoneNumber" Name="urn:oid:2.5.4.23" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="userCertificate" Name="urn:oid:2.5.4.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
<ns0:RequestedAttribute FriendlyName="l" Name="urn:oid:2.5.4.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
</ns0:AttributeConsumingService>
</ns0:SPSSODescriptor>
<ns0:Organization>
<ns0:OrganizationName xml:lang="en">GIP RENATER</ns0:OrganizationName>
<ns0:OrganizationDisplayName xml:lang="en">GIP RENATER</ns0:OrganizationDisplayName>
<ns0:OrganizationURL xml:lang="en">http://www.renater.fr</ns0:OrganizationURL>
</ns0:Organization>
<ns0:ContactPerson contactType="technical">
<ns0:EmailAddress>mailto:equipe-federation@listes.renater.fr</ns0:EmailAddress>
</ns0:ContactPerson>
</ns0:EntityDescriptor>