Bug #64249
Erreur 500 lors de la déconnexion depuis un service non-autorisé
Statut:
Nouveau
Priorité:
Normal
Assigné à:
-
Catégorie:
-
Version cible:
-
Début:
15 avril 2022
Echéance:
% réalisé:
0%
Temps estimé:
Patch proposed:
Non
Planning:
Non
Description
La déconnexion SAML depuis un service non-autorisé déclenche une erreur 500 et l'exception suivante :
ERROR Internal Server Error: /idp/saml2/slo Traceback (most recent call last): File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 115, in _get_response response = self.process_exception_by_middleware(e, request) File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 113, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python3/dist-packages/authentic2/decorators.py", line 40, in f return func(request, *args, **kwargs) File "/usr/lib/python3/dist-packages/authentic2/decorators.py", line 40, in f return func(request, *args, **kwargs) File "/usr/lib/python3/dist-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func response = view_func(request, *args, **kwargs) File "/usr/lib/python3/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view return view_func(*args, **kwargs) File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 1397, in slo return return_logout_error(request, logout, AUTHENTIC_STATUS_CODE_UNAUTHORIZED) File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 1151, in return_logout_error logout.buildResponseMsg() File "/usr/lib/python3/dist-packages/lasso.py", line 2851, in buildResponseMsg Error.raise_on_rc(rc) File "/usr/lib/python3/dist-packages/lasso.py", line 62, in raise_on_rc raise exception lasso.ProfileUnknownProfileUrlError: <lasso.ProfileUnknownProfileUrlError(-410): Unable to find Profile URL in metadata>
Pour info, voilà la requête SAML reçue et déclenchant l'erreur :
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://idp.cnsad.psl.eu/idp/saml2/slo" ID="_4efec5e6df7cc9ed6e3303503d7f5024" IssueInstant="2022-04-15T08:44:19Z" Version="2.0" > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test-sp.federation.renater.fr</saml:Issuer> <samlp:Extensions> <aslo:Asynchronous xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo" /> </samlp:Extensions> <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://idp.cnsad.psl.eu/idp/saml2/metadata" >_DE1AD560163EE7723BE65D7DFEE9A4DBC058A4C3</saml:NameID> <samlp:SessionIndex>_6A2F8D0073D5ED053CAFC37A5D430EB7</samlp:SessionIndex> </samlp:LogoutRequest>
Et voilà les métadonnées du service SAML ayant demandé la déconnexion :
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:ns2="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:ns3="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns4="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ns5="http://www.w3.org/2000/09/xmldsig#" entityID="https://test-sp.federation.renater.fr"> <ns0:Extensions> <ns1:RegistrationInfo registrationAuthority="https://federation.renater.fr/" registrationInstant="2019-02-18T17:40:52Z"> <ns1:RegistrationPolicy xml:lang="en">https://services.renater.fr/federation/en/documentation/engagement-conformite/metadata_registration_practice_statement</ns1:RegistrationPolicy> </ns1:RegistrationInfo> <ns2:EntityAttributes> <ns3:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <ns3:AttributeValue>https://federation.renater.fr/category/metier</ns3:AttributeValue> <ns3:AttributeValue>https://federation.renater.fr/scope/national</ns3:AttributeValue> </ns3:Attribute> </ns2:EntityAttributes> </ns0:Extensions> <ns0:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> <ns0:Extensions> <ns4:UIInfo> <ns4:DisplayName xml:lang="en">GIP RENATER - Test SP</ns4:DisplayName> <ns4:InformationURL xml:lang="fr">https://test-sp.federation.renater.fr</ns4:InformationURL> <ns4:Description xml:lang="en">Test service provider listing transmitted attributes.</ns4:Description> <ns4:DisplayName xml:lang="fr">GIP RENATER - SP de test</ns4:DisplayName> <ns4:Description xml:lang="fr">Fournisseur de service de test listant les attributs transmis.</ns4:Description> </ns4:UIInfo> </ns0:Extensions> <ns0:KeyDescriptor use="signing"> <ns5:KeyInfo> <ns5:X509Data> <ns5:X509Certificate>MIIERTCCAq2gAwIBAgIJANLeISo/aI8sMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV BAMTHXRlc3Qtc3AuZmVkZXJhdGlvbi5yZW5hdGVyLmZyMB4XDTIwMDIyNTE0MTQx NFoXDTMwMDIyMjE0MTQxNFowKDEmMCQGA1UEAxMddGVzdC1zcC5mZWRlcmF0aW9u LnJlbmF0ZXIuZnIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCv4TO5 g4cs1YMzrGVvgFjhZbtjUUhOhb/Eq2AqBxshVSH0HdKwW77+rAb8QlhEIZGfCjEr nUtOPphq8QkLzKLjgKa+ImlgsS55DLbr4SylIPiWyfnhlHswE7PXauIpJlddjMiZ JupQiPn5hAMzpxzAdc1dNoNfECcOFktSY6lSeSdqNlRF7NioTDW0dZL9DKIp/y+D uf9py43KidnmiXe3MAfwuVGXkF2pdvoGFmKTAqBc139z22TtJN20tGWtf8f9JtSB 4SDKFysR+Qlj+3spuM6CYQVjitQm7YbH0X9/Fev50tIwa4u57m9vV8nBNavC7PD+ D9F/v/ffS6MHsRec5m5SIXwxDSPvXXGlfq6cfuBCw6yi5p8K85eOEDLE4pH6tVqf owogLYboah5vSJpKGOVBSkEE0TzmbUjYBf7vCVqYkbD9wGYsWQb3fKo8EbXVpgL3 MPnJMFmJn127I3xpP8ZH90e2nr5BI995zERUFxvRQ3QU3SSQbeY1+SuZBlsCAwEA AaNyMHAwTwYDVR0RBEgwRoIddGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnKG JWh0dHBzOi8vdGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnIwHQYDVR0OBBYE FAwO7Jaa5l4/nyuQNxXiiZKZPEs1MA0GCSqGSIb3DQEBCwUAA4IBgQAiO96pWBKB QdGI53z69A7GnIivGHONGPNs4K0lPaNGB3zxZOuDMouIP7Mt1PoWQDoSep0s29EJ AlKjtw2uVjS0yiQNsi8ViiFiCsTtAl3nHzOvq6NJWgTOqvxBvukPiD1ykmelj8I3 ye1wRl00kZPPHdZEWvjro5bmruCIk3SMM/1NZfMS24708w6UySYjCKMlPwfl7PRI fA8N6rgdZJu9k7z3noEyuOy0yqmuS/hlaY/hgRA54ak2lC2yHOm8gNh5sdyJvqDh AQRXIOpBXmnDtEuJaSIz2KggocRKn35X6z0RIOFBUNVOnaPSndWQJQGuh7HtbW1B gcG9y/WJClS04vg/3MbDZdc3t+con11x8SESjV+OdPZvHi8SLTklzaWrSJSBGqwK GUkb1xcow63IoKrhXyL4P8RqCJc0/ENee2RNlplVnDlZN0ybGzh+rpr0kqhFhJ6k 9cD16NIwcrBR7YUy6TVyDcL1BE0xawZ0VyV1DINy8Zd05dRDL2IOpC8=</ns5:X509Certificate> </ns5:X509Data> </ns5:KeyInfo> </ns0:KeyDescriptor> <ns0:KeyDescriptor use="encryption"> <ns5:KeyInfo> <ns5:X509Data> <ns5:X509Certificate>MIIERTCCAq2gAwIBAgIJANLeISo/aI8sMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV BAMTHXRlc3Qtc3AuZmVkZXJhdGlvbi5yZW5hdGVyLmZyMB4XDTIwMDIyNTE0MTQx NFoXDTMwMDIyMjE0MTQxNFowKDEmMCQGA1UEAxMddGVzdC1zcC5mZWRlcmF0aW9u LnJlbmF0ZXIuZnIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCv4TO5 g4cs1YMzrGVvgFjhZbtjUUhOhb/Eq2AqBxshVSH0HdKwW77+rAb8QlhEIZGfCjEr nUtOPphq8QkLzKLjgKa+ImlgsS55DLbr4SylIPiWyfnhlHswE7PXauIpJlddjMiZ JupQiPn5hAMzpxzAdc1dNoNfECcOFktSY6lSeSdqNlRF7NioTDW0dZL9DKIp/y+D uf9py43KidnmiXe3MAfwuVGXkF2pdvoGFmKTAqBc139z22TtJN20tGWtf8f9JtSB 4SDKFysR+Qlj+3spuM6CYQVjitQm7YbH0X9/Fev50tIwa4u57m9vV8nBNavC7PD+ D9F/v/ffS6MHsRec5m5SIXwxDSPvXXGlfq6cfuBCw6yi5p8K85eOEDLE4pH6tVqf owogLYboah5vSJpKGOVBSkEE0TzmbUjYBf7vCVqYkbD9wGYsWQb3fKo8EbXVpgL3 MPnJMFmJn127I3xpP8ZH90e2nr5BI995zERUFxvRQ3QU3SSQbeY1+SuZBlsCAwEA AaNyMHAwTwYDVR0RBEgwRoIddGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnKG JWh0dHBzOi8vdGVzdC1zcC5mZWRlcmF0aW9uLnJlbmF0ZXIuZnIwHQYDVR0OBBYE FAwO7Jaa5l4/nyuQNxXiiZKZPEs1MA0GCSqGSIb3DQEBCwUAA4IBgQAiO96pWBKB QdGI53z69A7GnIivGHONGPNs4K0lPaNGB3zxZOuDMouIP7Mt1PoWQDoSep0s29EJ AlKjtw2uVjS0yiQNsi8ViiFiCsTtAl3nHzOvq6NJWgTOqvxBvukPiD1ykmelj8I3 ye1wRl00kZPPHdZEWvjro5bmruCIk3SMM/1NZfMS24708w6UySYjCKMlPwfl7PRI fA8N6rgdZJu9k7z3noEyuOy0yqmuS/hlaY/hgRA54ak2lC2yHOm8gNh5sdyJvqDh AQRXIOpBXmnDtEuJaSIz2KggocRKn35X6z0RIOFBUNVOnaPSndWQJQGuh7HtbW1B gcG9y/WJClS04vg/3MbDZdc3t+con11x8SESjV+OdPZvHi8SLTklzaWrSJSBGqwK GUkb1xcow63IoKrhXyL4P8RqCJc0/ENee2RNlplVnDlZN0ybGzh+rpr0kqhFhJ6k 9cD16NIwcrBR7YUy6TVyDcL1BE0xawZ0VyV1DINy8Zd05dRDL2IOpC8=</ns5:X509Certificate> </ns5:X509Data> </ns5:KeyInfo> </ns0:KeyDescriptor> <ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://test-sp.federation.renater.fr/Shibboleth.sso/SAML/POST" index="5" /> <ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test-sp.federation.renater.fr/Shibboleth.sso/SAML2/POST" index="1" /> <ns0:AttributeConsumingService index="0"> <ns0:ServiceName xml:lang="fr">GIP RENATER - SP de test</ns0:ServiceName> <ns0:ServiceName xml:lang="en">GIP RENATER - Test SP</ns0:ServiceName> <ns0:ServiceDescription xml:lang="fr">Fournisseur de service de test listant les attributs transmis.</ns0:ServiceDescription> <ns0:ServiceDescription xml:lang="en">Test service provider listing transmitted attributes.</ns0:ServiceDescription> <ns0:RequestedAttribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="homePhone" Name="urn:oid:0.9.2342.19200300.100.1.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="homePostalAddress" Name="urn:oid:0.9.2342.19200300.100.1.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="mobile" Name="urn:oid:0.9.2342.19200300.100.1.41" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="labeledURI" Name="urn:oid:1.3.6.1.4.1.250.1.57" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="schacHomeOrganizationType" Name="urn:oid:1.3.6.1.4.1.25178.1.2.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="schacPersonalUniqueCode" Name="urn:oid:1.3.6.1.4.1.25178.1.2.14" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="schacExpiryDate" Name="urn:oid:1.3.6.1.4.1.25178.1.2.17" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="schacDateOfBirth" Name="urn:oid:1.3.6.1.4.1.25178.1.2.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="schacHomeOrganization" Name="urn:oid:1.3.6.1.4.1.25178.1.2.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonPrincipalNamePrior" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonUniqueId" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonNickname" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonOrgDN" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonOrgUnitDN" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonPrimaryAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonPrimaryOrgUnitDN" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="eduOrgLegalName" Name="urn:oid:1.3.6.1.4.1.5923.1.2.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannListeRouge" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuId" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEmpId" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannAutreTelephone" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEntiteAffectationPrincipale" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.13" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtablissement" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.14" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannMailPerso" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.15" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannActivite" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannRoleGenerique" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.23" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannRoleEntite" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.24" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuAnneeInscription" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.25" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuCursusAnnee" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.26" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuDiplome" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.27" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuElementPedagogique" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.28" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuEtape" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.29" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuInscription" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.30" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuRegimeInscription" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.31" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuSecteurDisciplinaire" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEtuTypeDiplome" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.33" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannAutreMail" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEmpCorps" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.35" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannRefId" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.37" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannNomDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannPrenomsEtatCivil" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCivilite" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannOIDCDateDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.40" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannOIDCGenre" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.41" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCodeINSEEVilleDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCodeINSEEPaysDeNaissance" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.43" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCMSAffectation" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.45" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCMSAppAffectation" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.46" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCMSAppIdDomaine" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.48" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCMSDateFin" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.49" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCMSIdEtiquette" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.51" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCMSType" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.52" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCMSSource" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.53" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannRessourceEtatDate" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.54" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannRessourceEtat" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannConsentement" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.62" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannAdressePostalePrivee" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.63" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannTelephonePrive" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannMailPrive" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.65" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannEntiteAffectation" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="supannCodeINE" Name="urn:oid:1.3.6.1.4.1.7135.1.2.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="mailForwardingAddress" Name="urn:oid:2.16.840.1.113730.3.1.17" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="departmentNumber" Name="urn:oid:2.16.840.1.113730.3.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="preferredLanguage" Name="urn:oid:2.16.840.1.113730.3.1.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="o" Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="ou" Name="urn:oid:2.5.4.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="title" Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="postalAddress" Name="urn:oid:2.5.4.16" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="telephoneNumber" Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="facsimileTelephoneNumber" Name="urn:oid:2.5.4.23" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="userCertificate" Name="urn:oid:2.5.4.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> <ns0:RequestedAttribute FriendlyName="l" Name="urn:oid:2.5.4.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /> </ns0:AttributeConsumingService> </ns0:SPSSODescriptor> <ns0:Organization> <ns0:OrganizationName xml:lang="en">GIP RENATER</ns0:OrganizationName> <ns0:OrganizationDisplayName xml:lang="en">GIP RENATER</ns0:OrganizationDisplayName> <ns0:OrganizationURL xml:lang="en">http://www.renater.fr</ns0:OrganizationURL> </ns0:Organization> <ns0:ContactPerson contactType="technical"> <ns0:EmailAddress>mailto:equipe-federation@listes.renater.fr</ns0:EmailAddress> </ns0:ContactPerson> </ns0:EntityDescriptor>