Merge remote-tracking branch 'origin/moonshot' into HEAD

diff --git a/.gitignore b/.gitignore
index 4129942..6c1afe5 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -38,6 +38,11 @@
 /ipch
 /build-aux
 /build
+/config.cache
+/opensaml-uninstalled.pc
+/opensaml-uninstalled.sh
+/opensaml.pc
+/opensaml.pc.in
 
 # /doc/
 /doc/api

diff --git a/config_win32.h b/config_win32.h
index 8084872..e32e925 100644 (file)
--- a/config_win32.h
+++ b/config_win32.h
@@ -87,13 +87,13 @@
 #define PACKAGE_NAME "opensaml"
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING "opensaml 2.5"
+#define PACKAGE_STRING "opensaml 2.5.0"
 
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME "opensaml"
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "2.5"
+#define PACKAGE_VERSION "2.5.0"
 
 /* Define to the necessary symbol if this constant uses a non-standard name on
    your system. */
@@ -106,7 +106,7 @@
 /* #undef TM_IN_SYS_TIME */
 
 /* Version number of package */
-#define VERSION "2.5"
+#define VERSION "2.5.0"
 
 /* Define to empty if `const' does not conform to ANSI C. */
 /* #undef const */

diff --git a/configure.ac b/configure.ac
index 9a19812..b66a34d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.50])
-AC_INIT([opensaml],[2.5],[https://issues.shibboleth.net/],[opensaml])
+AC_INIT([opensaml],[2.5.0],[https://issues.shibboleth.net/],[opensaml])
 AC_CONFIG_SRCDIR(saml)
 AC_CONFIG_AUX_DIR(build-aux)
 AC_CONFIG_MACRO_DIR(m4)
@@ -146,6 +146,7 @@ BOOST_REQUIRE
 BOOST_BIND
 BOOST_LAMBDA
 BOOST_PTR_CONTAINER
+BOOST_SMART_PTR
 BOOST_STRING_ALGO
 CPPFLAGS="$BOOST_CPPFLAGS $CPPFLAGS"
 

diff --git a/cpp-opensaml2.sln b/cpp-opensaml2.sln
index abf15c9..d58a919 100644 (file)
--- a/cpp-opensaml2.sln
+++ b/cpp-opensaml2.sln
@@ -8,6 +8,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Schemas", "Schemas", "{5548
                schemas\cs-sstc-schema-protocol-01.xsd = schemas\cs-sstc-schema-protocol-01.xsd\r
                schemas\cs-sstc-schema-protocol-1.1.xsd = schemas\cs-sstc-schema-protocol-1.1.xsd\r
                schemas\Makefile.am = schemas\Makefile.am\r
+               schemas\saml-async-slo-v1.0.xsd = schemas\saml-async-slo-v1.0.xsd\r
                schemas\saml-schema-assertion-2.0.xsd = schemas\saml-schema-assertion-2.0.xsd\r
                schemas\saml-schema-authn-context-2.0.xsd = schemas\saml-schema-authn-context-2.0.xsd\r
                schemas\saml-schema-authn-context-auth-telephony-2.0.xsd = schemas\saml-schema-authn-context-auth-telephony-2.0.xsd\r

diff --git a/opensaml.spec.in b/opensaml.spec.in
index e2c2d2a..b7c3d27 100644 (file)
--- a/opensaml.spec.in
+++ b/opensaml.spec.in
@@ -1,9 +1,9 @@
 Name:          @PACKAGE_NAME@
 Version:       @PACKAGE_VERSION@
 Release:       1
-Summary:    OpenSAML SAML library
+Summary:       OpenSAML SAML library
 Group:         Development/Libraries/C and C++
-Vendor:                Internet2
+Vendor:                Shibboleth Consortium
 License:       Apache 2.0
 URL:           http://www.opensaml.org/
 Source0:       %{name}-%{version}.tar.gz
@@ -16,7 +16,7 @@ BuildRequires:  libxerces-c-devel >= 2.8.0
 BuildRequires:  libxml-security-c-devel >= 1.4.0
 BuildRequires:  libxmltooling-devel >= 1.4
 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
-%{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
+%{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
 BuildRequires:  gcc-c++, boost-devel >= 1.32.0
 %if 0%{?suse_version} > 1000
 BuildRequires: pkg-config
@@ -75,7 +75,7 @@ BuildRequires:  libxerces-c-devel >= 2.8.0
 Requires: libxml-security-c-devel >= 1.4.0
 Requires: libxmltooling-devel >= 1.4
 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
-%{!?_with_log4cpp:Requires: liblog4shib-devel}
+%{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
 
 %description -n libsaml-devel
 OpenSAML is an open source implementation of the OASIS Security Assertion

diff --git a/saml/Assertion.h b/saml/Assertion.h
index 2f1d147..5172dbd 100644 (file)
--- a/saml/Assertion.h
+++ b/saml/Assertion.h
@@ -29,20 +29,6 @@
 
 #include <saml/RootObject.h>
 
-namespace opensaml {
-
-    /**
-     * Base class for SAML assertions.
-     * Currently just a marker interface.
-     */
-    class SAML_API Assertion : public virtual RootObject
-    {
-    public:
-        virtual ~Assertion();
-    protected:
-        Assertion();
-    };
-
-};
+// Moved declaration into RootObject.h header.
 
 #endif /* __saml_assertion_h__ */

diff --git a/saml/Makefile.am b/saml/Makefile.am
index 1dab792..d138a3e 100644 (file)
--- a/saml/Makefile.am
+++ b/saml/Makefile.am
@@ -87,6 +87,7 @@ saml2mdinclude_HEADERS = \
        saml2/metadata/DiscoverableMetadataProvider.h \
        saml2/metadata/DynamicMetadataProvider.h \
        saml2/metadata/EndpointManager.h \
+    saml2/metadata/EntityMatcher.h \
        saml2/metadata/Metadata.h \
        saml2/metadata/MetadataCredentialContext.h \
        saml2/metadata/MetadataCredentialCriteria.h \
@@ -146,6 +147,8 @@ libsaml_la_SOURCES = \
        saml2/metadata/impl/ChainingMetadataProvider.cpp \
        saml2/metadata/impl/DiscoverableMetadataProvider.cpp \
        saml2/metadata/impl/DynamicMetadataProvider.cpp \
+    saml2/metadata/impl/EntityAttributesEntityMatcher.cpp \
+    saml2/metadata/impl/EntityAttributesMetadataFilter.cpp \
        saml2/metadata/impl/EntityRoleMetadataFilter.cpp \
        saml2/metadata/impl/FolderMetadataProvider.cpp \
        saml2/metadata/impl/MetadataCredentialContext.cpp \
@@ -153,6 +156,7 @@ libsaml_la_SOURCES = \
        saml2/metadata/impl/MetadataImpl.cpp \
        saml2/metadata/impl/MetadataProvider.cpp \
        saml2/metadata/impl/MetadataSchemaValidators.cpp \
+    saml2/metadata/impl/NameEntityMatcher.cpp \
        saml2/metadata/impl/NullMetadataProvider.cpp \
        saml2/metadata/impl/ObservableMetadataProvider.cpp \
        saml2/metadata/impl/SignatureMetadataFilter.cpp \

diff --git a/saml/RootObject.h b/saml/RootObject.h
index 5db45cd..4c50b45 100644 (file)
--- a/saml/RootObject.h
+++ b/saml/RootObject.h
@@ -69,6 +69,58 @@ namespace opensaml {
         RootObject();
     };
 
+    /**
+     * Base class for SAML assertions.
+     * Currently just a marker interface.
+     */
+    class SAML_API Assertion : public virtual RootObject
+    {
+    public:
+        virtual ~Assertion();
+    protected:
+        Assertion();
+    };
+
+    /**
+     * Base class for SAML status codes.
+     */
+    class SAML_API Status : public virtual xmltooling::XMLObject
+    {
+    public:
+        virtual ~Status();
+
+        /**
+         * Returns a string representation of the top-level status code.
+         *
+         * @return string representation of top-level status code
+         */
+        virtual const XMLCh* getTopStatus() const=0;
+
+        /**
+         * Returns a string representation of the second-level status code, if any.
+         *
+         * @return string representation of second-level status code, or nullptr
+         */
+        virtual const XMLCh* getSubStatus() const=0;
+
+        /**
+         * Returns true iff status information beyond the second level exists.
+         *
+         * @return indicator of three or more status codes
+         */
+        virtual bool hasAdditionalStatus() const=0;
+
+        /**
+         * Returns the message contained in the status, if any.
+         *
+         * @return status message, or nullptr
+         */
+        virtual const XMLCh* getMessage() const=0;
+
+    protected:
+        Status();
+    };
+
 };
 
 #endif /* __saml_root_h__ */

diff --git a/saml/SAMLConfig.cpp b/saml/SAMLConfig.cpp
index d18d562..3470e06 100644 (file)
--- a/saml/SAMLConfig.cpp
+++ b/saml/SAMLConfig.cpp
@@ -48,6 +48,7 @@
 #include "saml1/core/Assertions.h"
 #include "saml1/core/Protocols.h"
 #include "saml2/core/Protocols.h"
+#include "saml2/metadata/EntityMatcher.h"
 #include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/MetadataFilter.h"
 #include "saml2/metadata/MetadataProvider.h"
@@ -68,6 +69,7 @@
 #include <xsec/enc/XSECCryptoException.hpp>
 #include <xsec/enc/XSECCryptoProvider.hpp>
 #include <xsec/utils/XSECPlatformUtils.hpp>
+#include <xercesc/util/XMLStringTokenizer.hpp>
 
 using namespace opensaml;
 using namespace xmlsignature;
@@ -140,7 +142,6 @@ SAMLInternalConfig::SAMLInternalConfig() : m_initCount(0), m_lock(Mutex::create(
 
 SAMLInternalConfig::~SAMLInternalConfig()
 {
-    delete m_lock;
 }
 
 bool SAMLInternalConfig::init(bool initXMLTooling)
@@ -186,11 +187,15 @@ bool SAMLInternalConfig::init(bool initXMLTooling)
     saml2md::registerMetadataClasses();
     saml2md::registerMetadataProviders();
     saml2md::registerMetadataFilters();
+    saml2md::registerEntityMatchers();
     registerSAMLArtifacts();
     registerMessageEncoders();
     registerMessageDecoders();
     registerSecurityPolicyRules();
 
+    m_contactPriority.push_back(saml2md::ContactPerson::CONTACT_SUPPORT);
+    m_contactPriority.push_back(saml2md::ContactPerson::CONTACT_TECHNICAL);
+
     log.info("%s library initialization complete", PACKAGE_STRING);
     ++m_initCount;
     return true;
@@ -215,6 +220,7 @@ void SAMLInternalConfig::term(bool termXMLTooling)
     MessageEncoderManager.deregisterFactories();
     SecurityPolicyRuleManager.deregisterFactories();
     SAMLArtifactManager.deregisterFactories();
+    EntityMatcherManager.deregisterFactories();
     MetadataFilterManager.deregisterFactories();
     MetadataProviderManager.deregisterFactories();
 
@@ -265,6 +271,40 @@ string SAMLInternalConfig::hashSHA1(const char* s, bool toHex)
     return SecurityHelper::doHash("SHA1", s, strlen(s), toHex);
 }
 
+void SAMLInternalConfig::setContactPriority(const XMLCh* contactTypes)
+{
+    const XMLCh* ctype;
+    m_contactPriority.clear();
+    XMLStringTokenizer tokens(contactTypes);
+    while (tokens.hasMoreTokens()) {
+        ctype = tokens.nextToken();
+        if (ctype && *ctype)
+            m_contactPriority.push_back(ctype);
+    }
+}
+
+using namespace saml2md;
+
+const ContactPerson* SAMLInternalConfig::getContactPerson(const EntityDescriptor& entity) const
+{
+    for (vector<xstring>::const_iterator ctype = m_contactPriority.begin(); ctype != m_contactPriority.end(); ++ctype) {
+        const ContactPerson* cp = find_if(entity.getContactPersons(), *ctype == lambda::bind(&ContactPerson::getContactType, _1));
+        if (cp)
+            return cp;
+    }
+    return nullptr;
+}
+
+const ContactPerson* SAMLInternalConfig::getContactPerson(const RoleDescriptor& role) const
+{
+    for (vector<xstring>::const_iterator ctype = m_contactPriority.begin(); ctype != m_contactPriority.end(); ++ctype) {
+        const ContactPerson* cp = find_if(role.getContactPersons(), *ctype == lambda::bind(&ContactPerson::getContactType, _1));
+        if (cp)
+            return cp;
+    }
+    return getContactPerson(*(dynamic_cast<const EntityDescriptor*>(role.getParent())));
+}
+
 SignableObject::SignableObject()
 {
 }
@@ -289,8 +329,13 @@ Assertion::~Assertion()
 {
 }
 
-using namespace saml2p;
-using namespace saml2md;
+Status::Status()
+{
+}
+
+Status::~Status()
+{
+}
 
 void opensaml::annotateException(XMLToolingException* e, const EntityDescriptor* entity, const Status* status, bool rethrow)
 {
@@ -317,30 +362,32 @@ void opensaml::annotateException(XMLToolingException* e, const RoleDescriptor* r
         auto_ptr_char id(dynamic_cast<EntityDescriptor*>(role->getParent())->getEntityID());
         e->addProperty("entityID",id.get());
 
-        const vector<ContactPerson*>& contacts=role->getContactPersons();
-        for (vector<ContactPerson*>::const_iterator c=contacts.begin(); c!=contacts.end(); ++c) {
-            const XMLCh* ctype=(*c)->getContactType();
-            if (ctype && (XMLString::equals(ctype,ContactPerson::CONTACT_SUPPORT)
-                    || XMLString::equals(ctype,ContactPerson::CONTACT_TECHNICAL))) {
-                GivenName* fname=(*c)->getGivenName();
-                SurName* lname=(*c)->getSurName();
-                auto_ptr_char first(fname ? fname->getName() : nullptr);
-                auto_ptr_char last(lname ? lname->getName() : nullptr);
-                if (first.get() && last.get()) {
-                    string contact=string(first.get()) + ' ' + last.get();
-                    e->addProperty("contactName",contact.c_str());
-                }
-                else if (first.get())
-                    e->addProperty("contactName",first.get());
-                else if (last.get())
-                    e->addProperty("contactName",last.get());
-                const vector<EmailAddress*>& emails=const_cast<const ContactPerson*>(*c)->getEmailAddresss();
-                if (!emails.empty()) {
-                    auto_ptr_char email(emails.front()->getAddress());
-                    if (email.get())
-                        e->addProperty("contactEmail",email.get());
+        const ContactPerson* cp = SAMLConfig::getConfig().getContactPerson(*role);
+        if (cp) {
+            GivenName* fname = cp->getGivenName();
+            SurName* lname = cp->getSurName();
+            auto_ptr_char first(fname ? fname->getName() : nullptr);
+            auto_ptr_char last(lname ? lname->getName() : nullptr);
+            if (first.get() && last.get()) {
+                string contact=string(first.get()) + ' ' + last.get();
+                e->addProperty("contactName", contact.c_str());
+            }
+            else if (first.get())
+                e->addProperty("contactName", first.get());
+            else if (last.get())
+                e->addProperty("contactName", last.get());
+            const vector<EmailAddress*>& emails=cp->getEmailAddresss();
+            if (!emails.empty()) {
+                auto_ptr_char email(emails.front()->getAddress());
+                if (email.get()) {
+                    if (strstr(email.get(), "mailto:") == email.get()) {
+                        e->addProperty("contactEmail", email.get());
+                    }
+                    else {
+                        string addr = string("mailto:") + email.get();
+                        e->addProperty("contactEmail", addr.c_str());
+                    }
                 }
-                break;
             }
         }
 
@@ -349,18 +396,18 @@ void opensaml::annotateException(XMLToolingException* e, const RoleDescriptor* r
             e->addProperty("errorURL",eurl.get());
         }
     }
-    
+
     if (status) {
-        auto_ptr_char sc(status->getStatusCode() ? status->getStatusCode()->getValue() : nullptr);
+        auto_ptr_char sc(status->getTopStatus());
         if (sc.get() && *sc.get())
             e->addProperty("statusCode", sc.get());
-        if (status->getStatusCode()->getStatusCode()) {
-            auto_ptr_char sc2(status->getStatusCode()->getStatusCode()->getValue());
+        if (status->getSubStatus()) {
+            auto_ptr_char sc2(status->getSubStatus());
             if (sc2.get() && *sc.get())
                 e->addProperty("statusCode2", sc2.get());
         }
-        if (status->getStatusMessage()) {
-            auto_ptr_char msg(status->getStatusMessage()->getMessage());
+        if (status->getMessage()) {
+            auto_ptr_char msg(status->getMessage());
             if (msg.get() && *msg.get())
                 e->addProperty("statusMessage", msg.get());
         }

diff --git a/saml/SAMLConfig.h b/saml/SAMLConfig.h
index c1548f4..b1b3a43 100644 (file)
--- a/saml/SAMLConfig.h
+++ b/saml/SAMLConfig.h
@@ -46,8 +46,12 @@ namespace opensaml {
     class SAML_API SecurityPolicyRule;
 
     namespace saml2md {
+        class SAML_API ContactPerson;
+        class SAML_API EntityDescriptor;
+        class SAML_API EntityMatcher;
         class SAML_API MetadataProvider;
         class SAML_API MetadataFilter;
+        class SAML_API RoleDescriptor;
     };
 
 #if defined (_MSC_VER)
@@ -147,6 +151,29 @@ namespace opensaml {
          */
         virtual std::string hashSHA1(const char* s, bool toHex=false)=0;
 
+        /**
+         * Sets the order of contact types to use in annotating exceptions with contact information.
+         *
+         * @param contactTypes  whitespace-delimited list of contact types
+         */
+        virtual void setContactPriority(const XMLCh* contactTypes)=0;
+
+        /**
+         * Returns the appropriate contact to use for the entity.
+         *
+         * @param entity    the entity to search
+         * @return  a contact to use, or nullptr
+         */
+        virtual const saml2md::ContactPerson* getContactPerson(const saml2md::EntityDescriptor& entity) const=0;
+
+        /**
+         * Returns the appropriate contact to use for the role.
+         *
+         * @param entity    the role to search
+         * @return  a contact to use, or nullptr
+         */
+        virtual const saml2md::ContactPerson* getContactPerson(const saml2md::RoleDescriptor& role) const=0;
+
         /** Manages factories for MessageDecoder plugins. */
         xmltooling::PluginManager< MessageDecoder,std::string,std::pair<const xercesc::DOMElement*,const XMLCh*> > MessageDecoderManager;
 
@@ -165,6 +192,9 @@ namespace opensaml {
         /** Manages factories for MetadataFilter plugins. */
         xmltooling::PluginManager<saml2md::MetadataFilter,std::string,const xercesc::DOMElement*> MetadataFilterManager;
 
+        /** Manages factories for EntityMatcher plugins. */
+        xmltooling::PluginManager<saml2md::EntityMatcher,std::string,const xercesc::DOMElement*> EntityMatcherManager;
+
     protected:
         SAMLConfig();
         

diff --git a/saml/binding/impl/ArtifactMap.cpp b/saml/binding/impl/ArtifactMap.cpp
index 6dd3fbb..641acfa 100644 (file)
--- a/saml/binding/impl/ArtifactMap.cpp
+++ b/saml/binding/impl/ArtifactMap.cpp
@@ -106,7 +106,7 @@ void ArtifactMappings::removeMapping(const map<string,Mapping>::iterator& i)
 
 void ArtifactMappings::storeContent(XMLObject* content, const SAMLArtifact* artifact, const char* relyingParty, int TTL)
 {
-    Lock wrapper(m_lock.get());
+    Lock wrapper(m_lock);
 
     // Garbage collect any expired artifacts.
     time_t now = time(nullptr);
@@ -129,7 +129,7 @@ void ArtifactMappings::storeContent(XMLObject* content, const SAMLArtifact* arti
 XMLObject* ArtifactMappings::retrieveContent(const SAMLArtifact* artifact, const char* relyingParty)
 {
     Category& log=Category::getInstance(SAML_LOGCAT".ArtifactMap");
-    Lock wrapper(m_lock.get());
+    Lock wrapper(m_lock);
 
     map<string,Mapping>::iterator i = m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle()));
     if (i == m_artMap.end())

diff --git a/saml/exceptions.h b/saml/exceptions.h
index 7048c55..c01a512 100644 (file)
--- a/saml/exceptions.h
+++ b/saml/exceptions.h
@@ -32,9 +32,8 @@
 
 namespace opensaml {
     
-    namespace saml2p {
-        class SAML_API Status;
-    };
+    class SAML_API Status;
+
     namespace saml2md {
         class SAML_API EntityDescriptor;
         class SAML_API RoleDescriptor;
@@ -68,7 +67,7 @@ namespace opensaml {
     void SAML_API annotateException(
         xmltooling::XMLToolingException* e,
         const saml2md::EntityDescriptor* entity,
-        const saml2p::Status* status=nullptr,
+        const Status* status=nullptr,
         bool rethrow=true
         );
     
@@ -93,9 +92,10 @@ namespace opensaml {
     void SAML_API annotateException(
         xmltooling::XMLToolingException* e,
         const saml2md::RoleDescriptor* role,
-        const saml2p::Status* status=nullptr,
+        const Status* status=nullptr,
         bool rethrow=true
         );
+
 };
 
 #endif /* __saml_exceptions_h__ */

diff --git a/saml/internal.h b/saml/internal.h
index 5d66226..774f7fe 100644 (file)
--- a/saml/internal.h
+++ b/saml/internal.h
@@ -45,6 +45,9 @@
 #include "SAMLConfig.h"
 
 #include <limits.h>
+#include <vector>
+#include <boost/scoped_ptr.hpp>
+#include <xmltooling/unicode.h>
 
 using namespace xercesc;
 
@@ -108,10 +111,14 @@ namespace opensaml {
         void generateRandomBytes(std::string& buf, unsigned int len);
         XMLCh* generateIdentifier();
         std::string hashSHA1(const char* data, bool toHex=false);
+        void setContactPriority(const XMLCh*);
+        const saml2md::ContactPerson* getContactPerson(const saml2md::EntityDescriptor&) const;
+        const saml2md::ContactPerson* getContactPerson(const saml2md::RoleDescriptor&) const;
 
     private:
         int m_initCount;
-        xmltooling::Mutex* m_lock;
+        boost::scoped_ptr<xmltooling::Mutex> m_lock;
+        std::vector<xmltooling::xstring> m_contactPriority;
     };
     /// @endcond
 

diff --git a/saml/profile/impl/ConditionsRule.cpp b/saml/profile/impl/ConditionsRule.cpp
index 3c36517..a390c2c 100644 (file)
--- a/saml/profile/impl/ConditionsRule.cpp
+++ b/saml/profile/impl/ConditionsRule.cpp
@@ -99,7 +99,7 @@ ConditionsRule::ConditionsRule(const DOMElement* e) : m_doc(nullptr)
                 log.info("building SecurityPolicyRule of type %s", t.c_str());
                 m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(t.c_str(), e));
             }
-            catch (exception& ex) {
+            catch (std::exception& ex) {
                 log.crit("error building SecurityPolicyRule: %s", ex.what());
             }
         }

diff --git a/saml/saml.rc b/saml/saml.rc
index b923f4b..cfc92b9 100644 (file)
--- a/saml/saml.rc
+++ b/saml/saml.rc
@@ -45,15 +45,15 @@ BEGIN
         BLOCK "040904b0"\r
         BEGIN\r
             VALUE "Comments", "\0"\r
-            VALUE "CompanyName", "Internet2\0"\r
-            VALUE "FileDescription", "OpenSAML 2.5 Library\0"\r
+            VALUE "CompanyName", "Shibboleth Consortium\0"\r
+            VALUE "FileDescription", "OpenSAML Library\0"\r
             VALUE "FileVersion", "2, 5, 0, 0\0"\r
 #ifdef _DEBUG\r
             VALUE "InternalName", "saml2_5D\0"\r
 #else\r
             VALUE "InternalName", "saml2_5\0"\r
 #endif\r
-            VALUE "LegalCopyright", "Copyright © 2011 UCAID\0"\r
+            VALUE "LegalCopyright", "Copyright © 2012 UCAID\0"\r
             VALUE "LegalTrademarks", "\0"\r
 #ifdef _DEBUG\r
             VALUE "OriginalFilename", "saml2_5D.dll\0"\r
@@ -61,7 +61,7 @@ BEGIN
             VALUE "OriginalFilename", "saml2_5.dll\0"\r
 #endif\r
             VALUE "PrivateBuild", "\0"\r
-            VALUE "ProductName", "OpenSAML 2.5\0"\r
+            VALUE "ProductName", "OpenSAML 2.5.0\0"\r
             VALUE "ProductVersion", "2, 5, 0, 0\0"\r
             VALUE "SpecialBuild", "\0"\r
         END\r

diff --git a/saml/saml.vcxproj b/saml/saml.vcxproj
index 0605a5b..f5db90f 100644 (file)
--- a/saml/saml.vcxproj
+++ b/saml/saml.vcxproj
@@ -177,7 +177,10 @@
   </ItemDefinitionGroup>\r
   <ItemGroup>\r
     <ClCompile Include="saml2\metadata\impl\DiscoverableMetadataProvider.cpp" />\r
+    <ClCompile Include="saml2\metadata\impl\EntityAttributesEntityMatcher.cpp" />\r
+    <ClCompile Include="saml2\metadata\impl\EntityAttributesMetadataFilter.cpp" />\r
     <ClCompile Include="saml2\metadata\impl\FolderMetadataProvider.cpp" />\r
+    <ClCompile Include="saml2\metadata\impl\NameEntityMatcher.cpp" />\r
     <ClCompile Include="SAMLConfig.cpp" />\r
     <ClCompile Include="util\CommonDomainCookie.cpp" />\r
     <ClCompile Include="util\SAMLConstants.cpp" />\r
@@ -283,6 +286,7 @@
     <ClInclude Include="internal.h" />\r
     <ClInclude Include="RootObject.h" />\r
     <ClInclude Include="saml2\metadata\DiscoverableMetadataProvider.h" />\r
+    <ClInclude Include="saml2\metadata\EntityMatcher.h" />\r
     <ClInclude Include="SAMLConfig.h" />\r
     <ClInclude Include="version.h" />\r
     <ClInclude Include="util\CommonDomainCookie.h" />\r

diff --git a/saml/saml.vcxproj.filters b/saml/saml.vcxproj.filters
index bc1143d..93a3dfd 100644 (file)
--- a/saml/saml.vcxproj.filters
+++ b/saml/saml.vcxproj.filters
@@ -366,6 +366,15 @@
     <ClCompile Include="saml2\metadata\impl\FolderMetadataProvider.cpp">\r
       <Filter>Source Files\saml2\metadata\impl</Filter>\r
     </ClCompile>\r
+    <ClCompile Include="saml2\metadata\impl\EntityAttributesMetadataFilter.cpp">\r
+      <Filter>Source Files\saml2\metadata\impl</Filter>\r
+    </ClCompile>\r
+    <ClCompile Include="saml2\metadata\impl\NameEntityMatcher.cpp">\r
+      <Filter>Source Files\saml2\metadata\impl</Filter>\r
+    </ClCompile>\r
+    <ClCompile Include="saml2\metadata\impl\EntityAttributesEntityMatcher.cpp">\r
+      <Filter>Source Files\saml2\metadata\impl</Filter>\r
+    </ClCompile>\r
   </ItemGroup>\r
   <ItemGroup>\r
     <ClInclude Include="Assertion.h">\r
@@ -512,6 +521,9 @@
     <ClInclude Include="saml2\metadata\DiscoverableMetadataProvider.h">\r
       <Filter>Header Files\saml2\metadata</Filter>\r
     </ClInclude>\r
+    <ClInclude Include="saml2\metadata\EntityMatcher.h">\r
+      <Filter>Header Files\saml2\metadata</Filter>\r
+    </ClInclude>\r
   </ItemGroup>\r
   <ItemGroup>\r
     <ResourceCompile Include="saml.rc">\r

diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
index 513eb7e..0e23b88 100644 (file)
--- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp
+++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
@@ -92,7 +92,7 @@ Response* SAML1SOAPClient::receiveSAML()
                     if (code && *code != StatusCode::SUCCESS && handleError(*status)) {
                         BindingException ex("SAML Response contained an error.");
                         if (m_soaper.getPolicy().getIssuerMetadata())
-                            annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
+                            annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata(), status);   // throws it
                         else
                             ex.raise();
                     }
@@ -114,7 +114,7 @@ Response* SAML1SOAPClient::receiveSAML()
     return nullptr;
 }
 
-bool SAML1SOAPClient::handleError(const Status& status)
+bool SAML1SOAPClient::handleError(const saml1p::Status& status)
 {
     const xmltooling::QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : nullptr;
     auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : nullptr));

diff --git a/saml/saml1/core/Protocols.h b/saml/saml1/core/Protocols.h
index 8258bb3..6f44fa9 100644 (file)
--- a/saml/saml1/core/Protocols.h
+++ b/saml/saml1/core/Protocols.h
@@ -141,7 +141,7 @@ namespace opensaml {
             static const XMLCh TYPE_NAME[];
         END_XMLOBJECT;
 
-        BEGIN_XMLOBJECT(SAML_API,Status,xmltooling::XMLObject,SAML 1.x Status element);
+        BEGIN_XMLOBJECT(SAML_API,Status,opensaml::Status,SAML 1.x Status element);
             DECL_TYPED_CHILD(StatusCode);
             DECL_TYPED_CHILD(StatusMessage);
             DECL_TYPED_CHILD(StatusDetail);

diff --git a/saml/saml1/core/impl/AssertionsImpl.cpp b/saml/saml1/core/impl/AssertionsImpl.cpp
index 2e9d55f..035cf3c 100644 (file)
--- a/saml/saml1/core/impl/AssertionsImpl.cpp
+++ b/saml/saml1/core/impl/AssertionsImpl.cpp
@@ -41,10 +41,13 @@
 
 #include <ctime>
 #include <limits.h>
+#include <boost/lexical_cast.hpp>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/if.hpp>
+#include <boost/lambda/lambda.hpp>
 #include <xercesc/util/XMLUniDefs.hpp>
 
 using namespace opensaml::saml1;
-using namespace xmlsignature;
 using namespace xmltooling;
 using namespace std;
 using xmlconstants::XMLSIG_NS;
@@ -69,8 +72,7 @@ namespace opensaml {
             virtual ~ConditionImpl() {}
 
             ConditionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             ConditionImpl(const ConditionImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
@@ -87,17 +89,11 @@ namespace opensaml {
             virtual ~AudienceRestrictionConditionImpl() {}
 
             AudienceRestrictionConditionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             AudienceRestrictionConditionImpl(const AudienceRestrictionConditionImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                VectorOf(Audience) v=getAudiences();
-                for (vector<Audience*>::const_iterator i=src.m_Audiences.begin(); i!=src.m_Audiences.end(); i++) {
-                    if (*i) {
-                        v.push_back((*i)->cloneAudience());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(Audience);
             }
 
             IMPL_XMLOBJECT_CLONE2(AudienceRestrictionCondition,Condition);
@@ -120,12 +116,10 @@ namespace opensaml {
             virtual ~DoNotCacheConditionImpl() {}
 
             DoNotCacheConditionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             DoNotCacheConditionImpl(const DoNotCacheConditionImpl& src)
-                : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
-            }
+                : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {}
 
             IMPL_XMLOBJECT_CLONE2(DoNotCacheCondition,Condition);
         };
@@ -154,30 +148,13 @@ namespace opensaml {
             ConditionsImpl(const ConditionsImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setNotBefore(src.getNotBefore());
-                setNotOnOrAfter(src.getNotOnOrAfter());
-
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AudienceRestrictionCondition* arc=dynamic_cast<AudienceRestrictionCondition*>(*i);
-                        if (arc) {
-                            getAudienceRestrictionConditions().push_back(arc->cloneAudienceRestrictionCondition());
-                            continue;
-                        }
-
-                        DoNotCacheCondition* dncc=dynamic_cast<DoNotCacheCondition*>(*i);
-                        if (dncc) {
-                            getDoNotCacheConditions().push_back(dncc->cloneDoNotCacheCondition());
-                            continue;
-                        }
-
-                        Condition* c=dynamic_cast<Condition*>(*i);
-                        if (c) {
-                            getConditions().push_back(c->cloneCondition());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_ATTRIB(NotBefore);
+                IMPL_CLONE_ATTRIB(NotOnOrAfter);
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AudienceRestrictionCondition);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(DoNotCacheCondition);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Condition);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(Conditions);
@@ -230,8 +207,8 @@ namespace opensaml {
             NameIdentifierImpl(const NameIdentifierImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setFormat(src.getFormat());
-                setNameQualifier(src.getNameQualifier());
+                IMPL_CLONE_ATTRIB(Format);
+                IMPL_CLONE_ATTRIB(NameQualifier);
             }
 
             IMPL_XMLOBJECT_CLONE(NameIdentifier);
@@ -256,11 +233,9 @@ namespace opensaml {
             virtual ~SubjectConfirmationDataImpl() {}
 
             SubjectConfirmationDataImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-            SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {
-            }
+            SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(SubjectConfirmationData);
         };
@@ -292,26 +267,20 @@ namespace opensaml {
             SubjectConfirmationImpl(const SubjectConfirmationImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getSubjectConfirmationData())
-                    setSubjectConfirmationData(src.getSubjectConfirmationData()->clone());
-                if (src.getKeyInfo())
-                    setKeyInfo(src.getKeyInfo()->cloneKeyInfo());
-                for (vector<ConfirmationMethod*>::const_iterator i=src.m_ConfirmationMethods.begin(); i!=src.m_ConfirmationMethods.end(); i++) {
-                    if (*i) {
-                        getConfirmationMethods().push_back((*i)->cloneConfirmationMethod());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(ConfirmationMethod);
+                IMPL_CLONE_XMLOBJECT_CHILD(SubjectConfirmationData);
+                IMPL_CLONE_TYPED_CHILD(KeyInfo);
             }
 
             IMPL_XMLOBJECT_CLONE(SubjectConfirmation);
             IMPL_TYPED_CHILDREN(ConfirmationMethod,m_pos_SubjectConfirmationData);
             IMPL_XMLOBJECT_CHILD(SubjectConfirmationData);
-            IMPL_TYPED_CHILD(KeyInfo);
+            IMPL_TYPED_FOREIGN_CHILD(KeyInfo,xmlsignature);
 
         protected:
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
                 PROC_TYPED_CHILDREN(ConfirmationMethod,SAML1_NS,false);
-                PROC_TYPED_CHILD(KeyInfo,XMLSIG_NS,false);
+                PROC_TYPED_FOREIGN_CHILD(KeyInfo,xmlsignature,XMLSIG_NS,false);
 
                 // Anything else we'll assume is the data.
                 if (getSubjectConfirmationData())
@@ -347,10 +316,8 @@ namespace opensaml {
             SubjectImpl(const SubjectImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getNameIdentifier())
-                    setNameIdentifier(src.getNameIdentifier()->cloneNameIdentifier());
-                if (src.getSubjectConfirmation())
-                    setSubjectConfirmation(src.getSubjectConfirmation()->cloneSubjectConfirmation());
+                IMPL_CLONE_TYPED_CHILD(NameIdentifier);
+                IMPL_CLONE_TYPED_CHILD(SubjectConfirmation);
             }
 
             IMPL_XMLOBJECT_CLONE(Subject);
@@ -371,8 +338,7 @@ namespace opensaml {
             virtual ~StatementImpl() {}
 
             StatementImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             StatementImpl(const StatementImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
@@ -409,8 +375,7 @@ namespace opensaml {
             }
 
             void _clone(const SubjectStatementImpl& src) {
-                if (src.getSubject())
-                    setSubject(src.getSubject()->cloneSubject());
+                IMPL_CLONE_TYPED_CHILD(Subject);
             }
 
             Statement* cloneStatement() const {
@@ -454,8 +419,8 @@ namespace opensaml {
             SubjectLocalityImpl(const SubjectLocalityImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setIPAddress(src.getIPAddress());
-                setDNSAddress(src.getDNSAddress());
+                IMPL_CLONE_ATTRIB(IPAddress);
+                IMPL_CLONE_ATTRIB(DNSAddress);
             }
 
             IMPL_XMLOBJECT_CLONE(SubjectLocality);
@@ -500,9 +465,9 @@ namespace opensaml {
             AuthorityBindingImpl(const AuthorityBindingImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setAuthorityKind(src.getAuthorityKind());
-                setLocation(src.getLocation());
-                setBinding(src.getBinding());
+                IMPL_CLONE_ATTRIB(AuthorityKind);
+                IMPL_CLONE_ATTRIB(Location);
+                IMPL_CLONE_ATTRIB(Binding);
             }
 
             IMPL_XMLOBJECT_CLONE(AuthorityBinding);
@@ -552,15 +517,10 @@ namespace opensaml {
 
             void _clone(const AuthenticationStatementImpl& src) {
                 SubjectStatementImpl::_clone(src);
-                setAuthenticationMethod(src.getAuthenticationMethod());
-                setAuthenticationInstant(src.getAuthenticationInstant());
-                if (src.getSubjectLocality())
-                    setSubjectLocality(src.getSubjectLocality()->cloneSubjectLocality());
-                for (vector<AuthorityBinding*>::const_iterator i=src.m_AuthorityBindings.begin(); i!=src.m_AuthorityBindings.end(); i++) {
-                    if (*i) {
-                        getAuthorityBindings().push_back((*i)->cloneAuthorityBinding());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(AuthenticationMethod);
+                IMPL_CLONE_ATTRIB(AuthenticationInstant);
+                IMPL_CLONE_TYPED_CHILD(SubjectLocality);
+                IMPL_CLONE_TYPED_CHILDREN(AuthorityBinding);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AuthenticationStatement);
@@ -601,12 +561,11 @@ namespace opensaml {
             }
 
             ActionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                    : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(nullptr) {
-            }
+                    : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(nullptr) {}
 
             ActionImpl(const ActionImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src), m_Namespace(nullptr) {
-                setNamespace(src.getNamespace());
+                IMPL_CLONE_ATTRIB(Namespace);
             }
 
             IMPL_XMLOBJECT_CLONE(Action);
@@ -632,26 +591,14 @@ namespace opensaml {
             virtual ~EvidenceImpl() {}
 
             EvidenceImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             EvidenceImpl(const EvidenceImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AssertionIDReference* ref=dynamic_cast<AssertionIDReference*>(*i);
-                        if (ref) {
-                            getAssertionIDReferences().push_back(ref->cloneAssertionIDReference());
-                            continue;
-                        }
-
-                        Assertion* assertion=dynamic_cast<Assertion*>(*i);
-                        if (assertion) {
-                            getAssertions().push_back(assertion->cloneAssertion());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AssertionIDReference);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Assertion);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(Evidence);
@@ -696,22 +643,17 @@ namespace opensaml {
 
             void _clone(const AuthorizationDecisionStatementImpl& src) {
                 SubjectStatementImpl::_clone(src);
-                setResource(src.getResource());
-                setDecision(src.getDecision());
-                if (src.getEvidence())
-                    setEvidence(src.getEvidence()->cloneEvidence());
-                for (vector<Action*>::const_iterator i=src.m_Actions.begin(); i!=src.m_Actions.end(); i++) {
-                    if (*i) {
-                        getActions().push_back((*i)->cloneAction());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Resource);
+                IMPL_CLONE_ATTRIB(Decision);
+                IMPL_CLONE_TYPED_CHILDREN(Action);
+                IMPL_CLONE_TYPED_CHILD(Evidence);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AuthorizationDecisionStatement);
             IMPL_STRING_ATTRIB(Resource);
             IMPL_STRING_ATTRIB(Decision);
-            IMPL_TYPED_CHILD(Evidence);
             IMPL_TYPED_CHILDREN(Action, m_pos_Evidence);
+            IMPL_TYPED_CHILD(Evidence);
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
@@ -757,8 +699,8 @@ namespace opensaml {
             AttributeDesignatorImpl(const AttributeDesignatorImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setAttributeName(src.getAttributeName());
-                setAttributeNamespace(src.getAttributeNamespace());
+                IMPL_CLONE_ATTRIB(AttributeName);
+                IMPL_CLONE_ATTRIB(AttributeNamespace);
             }
 
             IMPL_XMLOBJECT_CLONE(AttributeDesignator);
@@ -800,13 +742,9 @@ namespace opensaml {
             AttributeImpl(const AttributeImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setAttributeName(src.getAttributeName());
-                setAttributeNamespace(src.getAttributeNamespace());
-                for (vector<XMLObject*>::const_iterator i=src.m_AttributeValues.begin(); i!=src.m_AttributeValues.end(); i++) {
-                    if (*i) {
-                        getAttributeValues().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(AttributeName);
+                IMPL_CLONE_ATTRIB(AttributeNamespace);
+                IMPL_CLONE_XMLOBJECT_CHILDREN(AttributeValue);
             }
 
             IMPL_XMLOBJECT_CLONE2(Attribute,AttributeDesignator);
@@ -836,8 +774,7 @@ namespace opensaml {
             virtual ~AttributeValueImpl() {}
 
             AttributeValueImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             AttributeValueImpl(const AttributeValueImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
@@ -850,19 +787,13 @@ namespace opensaml {
             virtual ~AttributeStatementImpl() {}
 
             AttributeStatementImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-            AttributeStatementImpl(const AttributeStatementImpl& src) : AbstractXMLObject(src), SubjectStatementImpl(src) {
-            }
+            AttributeStatementImpl(const AttributeStatementImpl& src) : AbstractXMLObject(src), SubjectStatementImpl(src) {}
 
             void _clone(const AttributeStatementImpl& src) {
                 SubjectStatementImpl::_clone(src);
-                for (vector<Attribute*>::const_iterator i=src.m_Attributes.begin(); i!=src.m_Attributes.end(); i++) {
-                    if (*i) {
-                        getAttributes().push_back((*i)->cloneAttribute());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(Attribute);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AttributeStatement);
@@ -885,30 +816,15 @@ namespace opensaml {
             virtual ~AdviceImpl() {}
 
             AdviceImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             AdviceImpl(const AdviceImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AssertionIDReference* ref=dynamic_cast<AssertionIDReference*>(*i);
-                        if (ref) {
-                            getAssertionIDReferences().push_back(ref->cloneAssertionIDReference());
-                            continue;
-                        }
-
-                        Assertion* assertion=dynamic_cast<Assertion*>(*i);
-                        if (assertion) {
-                            getAssertions().push_back(assertion->cloneAssertion());
-                            continue;
-                        }
-
-                        if (*i) {
-                            getUnknownXMLObjects().push_back((*i)->clone());
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AssertionIDReference);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Assertion);
+                    IMPL_CLONE_XMLOBJECT_CHILD_IN_BAG(UnknownXMLObject);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(Advice);
@@ -972,62 +888,33 @@ namespace opensaml {
             AssertionImpl(const AssertionImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setMinorVersion(src.m_MinorVersion);
-                setAssertionID(src.getAssertionID());
-                setIssuer(src.getIssuer());
-                setIssueInstant(src.getIssueInstant());
-                if (src.getConditions())
-                    setConditions(src.getConditions()->cloneConditions());
-                if (src.getAdvice())
-                    setAdvice(src.getAdvice()->cloneAdvice());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AuthenticationStatement* authst=dynamic_cast<AuthenticationStatement*>(*i);
-                        if (authst) {
-                            getAuthenticationStatements().push_back(authst->cloneAuthenticationStatement());
-                            continue;
-                        }
-
-                        AttributeStatement* attst=dynamic_cast<AttributeStatement*>(*i);
-                        if (attst) {
-                            getAttributeStatements().push_back(attst->cloneAttributeStatement());
-                            continue;
-                        }
-
-                        AuthorizationDecisionStatement* authzst=dynamic_cast<AuthorizationDecisionStatement*>(*i);
-                        if (authzst) {
-                            getAuthorizationDecisionStatements().push_back(authzst->cloneAuthorizationDecisionStatement());
-                            continue;
-                        }
-
-                        SubjectStatement* subst=dynamic_cast<SubjectStatement*>(*i);
-                        if (subst) {
-                            getSubjectStatements().push_back(subst->cloneSubjectStatement());
-                            continue;
-                        }
-
-                        Statement* st=dynamic_cast<Statement*>(*i);
-                        if (st) {
-                            getStatements().push_back(st->cloneStatement());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_INTEGER_ATTRIB(MinorVersion);
+                IMPL_CLONE_ATTRIB(AssertionID);
+                IMPL_CLONE_ATTRIB(Issuer);
+                IMPL_CLONE_ATTRIB(IssueInstant);
+                IMPL_CLONE_TYPED_CHILD(Conditions);
+                IMPL_CLONE_TYPED_CHILD(Advice);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AuthenticationStatement);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AttributeStatement);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AuthorizationDecisionStatement);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(SubjectStatement);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Statement);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -1093,7 +980,7 @@ namespace opensaml {
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
                 PROC_TYPED_CHILD(Conditions,SAML1_NS,false);
                 PROC_TYPED_CHILD(Advice,SAML1_NS,false);
-                PROC_TYPED_CHILD(Signature,XMLSIG_NS,false);
+                PROC_TYPED_FOREIGN_CHILD(Signature,xmlsignature,XMLSIG_NS,false);
                 PROC_TYPED_CHILDREN(AuthenticationStatement,SAML1_NS,false);
                 PROC_TYPED_CHILDREN(AttributeStatement,SAML1_NS,false);
                 PROC_TYPED_CHILDREN(AuthorizationDecisionStatement,SAML1_NS,false);

diff --git a/saml/saml1/core/impl/ProtocolsImpl.cpp b/saml/saml1/core/impl/ProtocolsImpl.cpp
index 67a86ec..684c1e2 100644 (file)
--- a/saml/saml1/core/impl/ProtocolsImpl.cpp
+++ b/saml/saml1/core/impl/ProtocolsImpl.cpp
@@ -40,11 +40,13 @@
 #include <xmltooling/util/XMLHelper.h>
 
 #include <ctime>
+#include <boost/lexical_cast.hpp>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/if.hpp>
+#include <boost/lambda/lambda.hpp>
 #include <xercesc/util/XMLUniDefs.hpp>
 
 using namespace opensaml::saml1p;
-using namespace opensaml::saml1;
-using namespace xmlsignature;
 using namespace xmltooling;
 using namespace std;
 using xmlconstants::XMLSIG_NS;
@@ -77,12 +79,11 @@ namespace opensaml {
             }
 
             RespondWithImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_qname(nullptr) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_qname(nullptr) {}
 
             RespondWithImpl(const RespondWithImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src), m_qname(nullptr) {
-                setQName(src.getQName());
+                IMPL_CLONE_ATTRIB(QName);   // not really an attribute, but it gets the job done
             }
 
             xmltooling::QName* getQName() const {
@@ -112,8 +113,7 @@ namespace opensaml {
             virtual ~QueryImpl() {}
 
             QueryImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             QueryImpl(const QueryImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
@@ -151,8 +151,7 @@ namespace opensaml {
             }
 
             void _clone(const SubjectQueryImpl& src) {
-                if (src.getSubject())
-                    setSubject(src.getSubject()->cloneSubject());
+                IMPL_CLONE_TYPED_CHILD(Subject);
             }
 
             SubjectQuery* cloneSubjectQuery() const {
@@ -163,11 +162,11 @@ namespace opensaml {
                 return dynamic_cast<Query*>(clone());
             }
 
-            IMPL_TYPED_CHILD(Subject);
+            IMPL_TYPED_FOREIGN_CHILD(Subject,saml1);
 
         protected:
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
-                PROC_TYPED_CHILD(Subject,SAML1_NS,true);
+                PROC_TYPED_FOREIGN_CHILD(Subject,saml1,SAML1_NS,true);
                 AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
             }
         };
@@ -194,7 +193,7 @@ namespace opensaml {
 
             void _clone(const AuthenticationQueryImpl& src) {
                 SubjectQueryImpl::_clone(src);
-                setAuthenticationMethod(src.getAuthenticationMethod());
+                IMPL_CLONE_ATTRIB(AuthenticationMethod);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AuthenticationQuery);
@@ -234,17 +233,13 @@ namespace opensaml {
 
             void _clone(const AttributeQueryImpl& src) {
                 SubjectQueryImpl::_clone(src);
-                setResource(src.getResource());
-                for (vector<AttributeDesignator*>::const_iterator i=src.m_AttributeDesignators.begin(); i!=src.m_AttributeDesignators.end(); i++) {
-                    if (*i) {
-                        getAttributeDesignators().push_back((*i)->cloneAttributeDesignator());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Resource);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(AttributeDesignator,saml1);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AttributeQuery);
             IMPL_STRING_ATTRIB(Resource);
-            IMPL_TYPED_CHILDREN(AttributeDesignator,m_children.end());
+            IMPL_TYPED_FOREIGN_CHILDREN(AttributeDesignator,saml1,m_children.end());
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
@@ -253,7 +248,7 @@ namespace opensaml {
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
-                PROC_TYPED_CHILDREN(AttributeDesignator,SAML1_NS,true);
+                PROC_TYPED_FOREIGN_CHILDREN(AttributeDesignator,saml1,SAML1_NS,true);
                 SubjectQueryImpl::processChildElement(childXMLObject,root);
             }
 
@@ -289,20 +284,15 @@ namespace opensaml {
 
             void _clone(const AuthorizationDecisionQueryImpl& src) {
                 SubjectQueryImpl::_clone(src);
-                setResource(src.getResource());
-                if (src.getEvidence())
-                    setEvidence(src.getEvidence()->cloneEvidence());
-                for (vector<Action*>::const_iterator i=src.m_Actions.begin(); i!=src.m_Actions.end(); i++) {
-                    if (*i) {
-                        getActions().push_back((*i)->cloneAction());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Resource);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(Action,saml1);
+                IMPL_CLONE_TYPED_CHILD(Evidence);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AuthorizationDecisionQuery);
             IMPL_STRING_ATTRIB(Resource);
-            IMPL_TYPED_CHILD(Evidence);
-            IMPL_TYPED_CHILDREN(Action, m_pos_Evidence);
+            IMPL_TYPED_FOREIGN_CHILDREN(Action,saml1,m_pos_Evidence);
+            IMPL_TYPED_FOREIGN_CHILD(Evidence,saml1);
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
@@ -311,8 +301,8 @@ namespace opensaml {
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
-                PROC_TYPED_CHILD(Evidence,SAML1_NS,false);
-                PROC_TYPED_CHILDREN(Action,SAML1_NS,false);
+                PROC_TYPED_FOREIGN_CHILD(Evidence,saml1,SAML1_NS,false);
+                PROC_TYPED_FOREIGN_CHILDREN(Action,saml1,SAML1_NS,false);
                 SubjectQueryImpl::processChildElement(childXMLObject,root);
             }
 
@@ -363,27 +353,22 @@ namespace opensaml {
 
         protected:
             void _clone(const RequestAbstractTypeImpl& src) {
-                setMinorVersion(src.m_MinorVersion);
-                setRequestID(src.getRequestID());
-                setIssueInstant(src.getIssueInstant());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                for (vector<RespondWith*>::const_iterator i=src.m_RespondWiths.begin(); i!=src.m_RespondWiths.end(); i++) {
-                    if (*i) {
-                        getRespondWiths().push_back((*i)->cloneRespondWith());
-                    }
-                }
+                IMPL_CLONE_INTEGER_ATTRIB(MinorVersion);
+                IMPL_CLONE_ATTRIB(RequestID);
+                IMPL_CLONE_ATTRIB(IssueInstant);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILDREN(RespondWith);
             }
 
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
 
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -443,7 +428,7 @@ namespace opensaml {
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
                 PROC_TYPED_CHILDREN(RespondWith,SAML1P_NS,false);
-                PROC_TYPED_CHILD(Signature,XMLSIG_NS,false);
+                PROC_TYPED_FOREIGN_CHILD(Signature,xmlsignature,XMLSIG_NS,false);
                 AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
             }
 
@@ -494,18 +479,9 @@ namespace opensaml {
 
             void _clone(const RequestImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                if (src.getQuery())
-                    setQuery(src.getQuery()->cloneQuery());
-                for (vector<AssertionIDReference*>::const_iterator i=src.m_AssertionIDReferences.begin(); i!=src.m_AssertionIDReferences.end(); i++) {
-                    if (*i) {
-                        getAssertionIDReferences().push_back((*i)->cloneAssertionIDReference());
-                    }
-                }
-                for (vector<AssertionArtifact*>::const_iterator i=src.m_AssertionArtifacts.begin(); i!=src.m_AssertionArtifacts.end(); i++) {
-                    if (*i) {
-                        getAssertionArtifacts().push_back((*i)->cloneAssertionArtifact());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(Query);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(AssertionIDReference,saml1);
+                IMPL_CLONE_TYPED_CHILDREN(AssertionArtifact);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(Request);
@@ -537,13 +513,13 @@ namespace opensaml {
                 setQuery(q);
             }
 
-            IMPL_TYPED_CHILDREN(AssertionIDReference, m_children.end());
-            IMPL_TYPED_CHILDREN(AssertionArtifact, m_children.end());
+            IMPL_TYPED_FOREIGN_CHILDREN(AssertionIDReference,saml1,m_children.end());
+            IMPL_TYPED_CHILDREN(AssertionArtifact,m_children.end());
 
         protected:
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
                 PROC_TYPED_CHILD(Query,SAML1P_NS,true);
-                PROC_TYPED_CHILDREN(AssertionIDReference,SAML1_NS,false);
+                PROC_TYPED_FOREIGN_CHILDREN(AssertionIDReference,saml1,SAML1_NS,false);
                 PROC_TYPED_CHILDREN(AssertionArtifact,SAML1P_NS,false);
                 RequestAbstractTypeImpl::processChildElement(childXMLObject,root);
             }
@@ -575,9 +551,8 @@ namespace opensaml {
             StatusCodeImpl(const StatusCodeImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setValue(src.getValue());
-                if (src.getStatusCode())
-                    setStatusCode(src.getStatusCode()->cloneStatusCode());
+                IMPL_CLONE_ATTRIB(Value);
+                IMPL_CLONE_TYPED_CHILD(StatusCode);
             }
 
             IMPL_XMLOBJECT_CLONE(StatusCode);
@@ -609,16 +584,11 @@ namespace opensaml {
             virtual ~StatusDetailImpl() {}
 
             StatusDetailImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             StatusDetailImpl(const StatusDetailImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                    if (*i) {
-                        getUnknownXMLObjects().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
             }
 
             IMPL_XMLOBJECT_CLONE(StatusDetail);
@@ -661,12 +631,9 @@ namespace opensaml {
             StatusImpl(const StatusImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getStatusCode())
-                    setStatusCode(src.getStatusCode()->cloneStatusCode());
-                if (src.getStatusMessage())
-                    setStatusMessage(src.getStatusMessage()->cloneStatusMessage());
-                if (src.getStatusDetail())
-                    setStatusDetail(src.getStatusDetail()->cloneStatusDetail());
+                IMPL_CLONE_TYPED_CHILD(StatusCode);
+                IMPL_CLONE_TYPED_CHILD(StatusMessage);
+                IMPL_CLONE_TYPED_CHILD(StatusDetail);
             }
 
             IMPL_XMLOBJECT_CLONE(Status);
@@ -674,6 +641,24 @@ namespace opensaml {
             IMPL_TYPED_CHILD(StatusMessage);
             IMPL_TYPED_CHILD(StatusDetail);
 
+            // Base class methods.
+            const XMLCh* getTopStatus() const {
+                const xmltooling::QName* code = getStatusCode() ? getStatusCode()->getValue() : nullptr;
+                return code ? code->getLocalPart() : nullptr;
+            }
+            const XMLCh* getSubStatus() const {
+                const StatusCode* sc = getStatusCode() ? getStatusCode()->getStatusCode() : nullptr;
+                if (sc)
+                    return sc->getValue() ? sc->getValue()->getLocalPart() : nullptr;
+                return nullptr;
+            }
+            bool hasAdditionalStatus() const {
+                return (getStatusCode() && getStatusCode()->getStatusCode() && getStatusCode()->getStatusCode()->getStatusCode());
+            }
+            const XMLCh* getMessage() const {
+                return getStatusMessage() ? getStatusMessage()->getMessage() : nullptr;
+            }
+
         protected:
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
                 PROC_TYPED_CHILD(StatusCode,SAML1P_NS,false);
@@ -728,23 +713,22 @@ namespace opensaml {
             // Need customized setter.
         protected:
             void _clone(const ResponseAbstractTypeImpl& src) {
-                setMinorVersion(src.m_MinorVersion);
-                setResponseID(src.getResponseID());
-                setInResponseTo(src.getInResponseTo());
-                setIssueInstant(src.getIssueInstant());
-                setRecipient(src.getRecipient());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
+                IMPL_CLONE_INTEGER_ATTRIB(MinorVersion);
+                IMPL_CLONE_ATTRIB(ResponseID);
+                IMPL_CLONE_ATTRIB(InResponseTo);
+                IMPL_CLONE_ATTRIB(IssueInstant);
+                IMPL_CLONE_ATTRIB(Recipient);
+                IMPL_CLONE_TYPED_CHILD(Signature);
             }
 
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -806,7 +790,7 @@ namespace opensaml {
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
-                PROC_TYPED_CHILD(Signature,XMLSIG_NS,false);
+                PROC_TYPED_FOREIGN_CHILD(Signature,xmlsignature,XMLSIG_NS,false);
                 AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
             }
 
@@ -859,13 +843,8 @@ namespace opensaml {
 
             void _clone(const ResponseImpl& src) {
                 ResponseAbstractTypeImpl::_clone(src);
-                if (src.getStatus())
-                    setStatus(src.getStatus()->cloneStatus());
-                for (vector<saml1::Assertion*>::const_iterator i=src.m_Assertions.begin(); i!=src.m_Assertions.end(); i++) {
-                    if (*i) {
-                        getAssertions().push_back((*i)->cloneAssertion());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(Status);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(Assertion,saml1);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(Response);

diff --git a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
index dafe381..313df44 100644 (file)
--- a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
@@ -33,6 +33,7 @@
 #include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/MetadataProvider.h"
 
+#include <boost/scoped_ptr.hpp>
 #include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
 #include <xmltooling/io/HTTPRequest.h>
@@ -45,6 +46,7 @@ using namespace opensaml::saml2;
 using namespace opensaml;
 using namespace xmltooling::logging;
 using namespace xmltooling;
+using namespace boost;
 using namespace std;
 
 namespace opensaml {
@@ -95,7 +97,7 @@ XMLObject* SAML2ArtifactDecoder::decode(
         throw BindingException("Artifact binding requires ArtifactResolver and MetadataProvider implementations be supplied.");
 
     // Import the artifact.
-    auto_ptr<SAMLArtifact> artifact;
+    scoped_ptr<SAMLArtifact> artifact;
     try {
         log.debug("processing encoded artifact (%s)", SAMLart);
 

diff --git a/saml/saml2/binding/impl/SAML2ECPDecoder.cpp b/saml/saml2/binding/impl/SAML2ECPDecoder.cpp
index c0ed8ea..fbc47a1 100644 (file)
--- a/saml/saml2/binding/impl/SAML2ECPDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2ECPDecoder.cpp
@@ -80,13 +80,13 @@ XMLObject* SAML2ECPDecoder::decode(
     Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML2ECP");
 
     log.debug("validating input");
-    const HTTPRequest* httpRequest=dynamic_cast<const HTTPRequest*>(&genericRequest);
-    if (!httpRequest)
-        throw BindingException("Unable to cast request object to HTTPRequest type.");
-    string s = genericRequest.getContentType();
-    if (s.find("application/vnd.paos+xml") == string::npos) {
-        log.warn("ignoring incorrect content type (%s)", s.c_str() ? s.c_str() : "none");
-        throw BindingException("Invalid content type for PAOS message.");
+    const HTTPRequest* httpRequest = dynamic_cast<const HTTPRequest*>(&genericRequest);
+    if (httpRequest) {
+        string s = httpRequest->getContentType();
+        if (s.find("application/vnd.paos+xml") == string::npos) {
+            log.warn("ignoring incorrect content type (%s)", s.c_str() ? s.c_str() : "none");
+            throw BindingException("Invalid content type for PAOS message.");
+        }
     }
 
     const char* data = genericRequest.getRequestBody();
@@ -119,17 +119,19 @@ XMLObject* SAML2ECPDecoder::decode(
             extractMessageDetails(*response, genericRequest, samlconstants::SAML20P_NS, policy);
             policy.evaluate(*response, &genericRequest);
 
-            // Check destination URL.
-            auto_ptr_char dest(response->getDestination());
-            const char* dest2 = httpRequest->getRequestURL();
-            const char* delim = strchr(dest2, '?');
-            if (response->getSignature() && (!dest.get() || !*(dest.get()))) {
-                log.error("signed SAML message missing Destination attribute");
-                throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
-            }
-            else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2)))) {
-                log.error("PAOS response targeted at (%s), but delivered to (%s)", dest.get(), dest2);
-                throw BindingException("SAML message delivered with PAOS to incorrect server URL.");
+            // Check destination URL if this is HTTP.
+            if (httpRequest) {
+                auto_ptr_char dest(response->getDestination());
+                const char* dest2 = httpRequest->getRequestURL();
+                const char* delim = strchr(dest2, '?');
+                if (response->getSignature() && (!dest.get() || !*(dest.get()))) {
+                    log.error("signed SAML message missing Destination attribute");
+                    throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
+                }
+                else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(), dest2)))) {
+                    log.error("PAOS response targeted at (%s), but delivered to (%s)", dest.get(), dest2);
+                    throw BindingException("SAML message delivered with PAOS to incorrect server URL.");
+                }
             }
 
             // Check for RelayState header.

diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
index a9c78f2..d010275 100644 (file)
--- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp
+++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
@@ -119,7 +119,7 @@ StatusResponseType* SAML2SOAPClient::receiveSAML()
     return nullptr;
 }
 
-bool SAML2SOAPClient::handleError(const Status& status)
+bool SAML2SOAPClient::handleError(const saml2p::Status& status)
 {
     auto_ptr_char code((status.getStatusCode() ? status.getStatusCode()->getValue() : nullptr));
     auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : nullptr));

diff --git a/saml/saml2/core/Assertions.h b/saml/saml2/core/Assertions.h
index 7474992..c878449 100644 (file)
--- a/saml/saml2/core/Assertions.h
+++ b/saml/saml2/core/Assertions.h
@@ -133,13 +133,23 @@ namespace opensaml {
              * <p>The object returned will be unmarshalled around the decrypted DOM element in a
              * new Document owned by the object.
              *
+             * <p>The final boolean parameter is used to enforce a requirement for an authenticated cipher
+             * suite such as AES-GCM or similar. These ciphers include an HMAC or equivalent step that
+             * prevents tampering. Newer applications should set this parameter to true unless the ciphertext
+             * has been independently authenticated, and even in such a case, it is rarely possible to prevent
+             * chosen ciphertext attacks by trusted signers.
+             *
              * @param credResolver  locked resolver supplying decryption keys
              * @param recipient     identifier naming the recipient (the entity performing the decryption)
              * @param criteria      optional external criteria to use with resolver
+             * @param requireAuthenticatedCipher    true iff the bulk data encryption algorithm must be an authenticated cipher
              * @return  the decrypted and unmarshalled object
              */
             virtual xmltooling::XMLObject* decrypt(
-                const xmltooling::CredentialResolver& credResolver, const XMLCh* recipient, xmltooling::CredentialCriteria* criteria=nullptr
+                const xmltooling::CredentialResolver& credResolver,
+                const XMLCh* recipient,
+                xmltooling::CredentialCriteria* criteria=nullptr,
+                bool requireAuthenticatedCipher=false
                 ) const;
         END_XMLOBJECT;
 

diff --git a/saml/saml2/core/Protocols.h b/saml/saml2/core/Protocols.h
index d634165..52e65a7 100644 (file)
--- a/saml/saml2/core/Protocols.h
+++ b/saml/saml2/core/Protocols.h
@@ -50,6 +50,11 @@ namespace opensaml {
 
         DECL_XMLOBJECT_SIMPLE(SAML_API,RespondTo,Name,SAML 2.0 third-party request RespondTo extension element);
 
+        BEGIN_XMLOBJECT(SAML_API,Asynchronous,xmltooling::XMLObject,SAML 2.0 Asynchronous logout extension element);
+            /** AsynchronousType local name */
+            static const XMLCh TYPE_NAME[];
+        END_XMLOBJECT;
+
         BEGIN_XMLOBJECT(SAML_API,Extensions,xmltooling::ElementExtensibleXMLObject,SAML 2.0 protocol Extensions element);
             /** ExtensionsType local name */
             static const XMLCh TYPE_NAME[];
@@ -135,7 +140,7 @@ namespace opensaml {
             static const XMLCh TYPE_NAME[];
         END_XMLOBJECT;
 
-        BEGIN_XMLOBJECT(SAML_API,Status,xmltooling::XMLObject,SAML 2.0 Status element);
+        BEGIN_XMLOBJECT(SAML_API,Status,opensaml::Status,SAML 2.0 Status element);
             DECL_TYPED_CHILD(StatusCode);
             DECL_TYPED_CHILD(StatusMessage);
             DECL_TYPED_CHILD(StatusDetail);
@@ -393,6 +398,8 @@ namespace opensaml {
         
         DECL_XMLOBJECTBUILDER(SAML_API,RespondTo,samlconstants::SAML20P_THIRDPARTY_EXT_NS,samlconstants::SAML20P_THIRDPARTY_EXT_PREFIX);
 
+        DECL_XMLOBJECTBUILDER(SAML_API,Asynchronous,samlconstants::SAML20P_ASYNCSLO_EXT_NS,samlconstants::SAML20P_ASYNCSLO_EXT_PREFIX);
+
         /**
          * Registers builders and validators for SAML 2.0 Protocol classes into the runtime.
          */

diff --git a/saml/saml2/core/impl/Assertions.cpp b/saml/saml2/core/impl/Assertions.cpp
index 4ed2efd..4a163d5 100644 (file)
--- a/saml/saml2/core/impl/Assertions.cpp
+++ b/saml/saml2/core/impl/Assertions.cpp
@@ -241,12 +241,14 @@ void EncryptedElementType::encrypt(
     }
 }
 
-XMLObject* EncryptedElementType::decrypt(const CredentialResolver& credResolver, const XMLCh* recipient, CredentialCriteria* criteria) const
+XMLObject* EncryptedElementType::decrypt(
+    const CredentialResolver& credResolver, const XMLCh* recipient, CredentialCriteria* criteria, bool requireAuthenticatedCipher
+    ) const
 {
     if (!getEncryptedData())
         throw DecryptionException("No encrypted data present.");
     opensaml::EncryptedKeyResolver ekr(*this);
-    Decrypter decrypter(&credResolver, criteria, &ekr);
+    Decrypter decrypter(&credResolver, criteria, &ekr, requireAuthenticatedCipher);
     DOMDocumentFragment* frag = decrypter.decryptData(*getEncryptedData(), recipient);
     if (frag->hasChildNodes() && frag->getFirstChild()==frag->getLastChild()) {
         DOMNode* plaintext=frag->getFirstChild();

diff --git a/saml/saml2/core/impl/Assertions20Impl.cpp b/saml/saml2/core/impl/Assertions20Impl.cpp
index e472d6d..efdb49f 100644 (file)
--- a/saml/saml2/core/impl/Assertions20Impl.cpp
+++ b/saml/saml2/core/impl/Assertions20Impl.cpp
@@ -41,11 +41,12 @@
 #include <xmltooling/util/XMLHelper.h>
 
 #include <ctime>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/if.hpp>
+#include <boost/lambda/lambda.hpp>
 #include <xercesc/util/XMLUniDefs.hpp>
 
 using namespace opensaml::saml2;
-using namespace xmlencryption;
-using namespace xmlsignature;
 using namespace xmltooling;
 using namespace std;
 using xmlconstants::XSI_NS;
@@ -105,10 +106,10 @@ namespace opensaml {
             }
 
             void _clone(const NameIDTypeImpl& src) {
-                setNameQualifier(src.getNameQualifier());
-                setSPNameQualifier(src.getSPNameQualifier());
-                setFormat(src.getFormat());
-                setSPProvidedID(src.getSPProvidedID());
+                IMPL_CLONE_ATTRIB(NameQualifier);
+                IMPL_CLONE_ATTRIB(SPNameQualifier);
+                IMPL_CLONE_ATTRIB(Format);
+                IMPL_CLONE_ATTRIB(SPProvidedID);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(NameIDType);
@@ -142,8 +143,7 @@ namespace opensaml {
             NameIDImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-            NameIDImpl(const NameIDImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {
-            }
+            NameIDImpl(const NameIDImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(NameID);
         };
@@ -156,14 +156,11 @@ namespace opensaml {
             IssuerImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-            IssuerImpl(const IssuerImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {
-            }
+            IssuerImpl(const IssuerImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(Issuer);
         };
 
-        //TODO unit test for this
-        //  - need to test encryption/decryption too, or already done in xmltooling ?
         class SAML_DLLLOCAL EncryptedElementTypeImpl : public virtual EncryptedElementType,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
@@ -195,13 +192,8 @@ namespace opensaml {
             }
 
             void _clone(const EncryptedElementTypeImpl& src) {
-                if (src.getEncryptedData())
-                    setEncryptedData(src.getEncryptedData()->cloneEncryptedData());
-                for (vector<EncryptedKey*>::const_iterator i=src.m_EncryptedKeys.begin(); i!=src.m_EncryptedKeys.end(); i++) {
-                    if (*i) {
-                        getEncryptedKeys().push_back((*i)->cloneEncryptedKey());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(EncryptedData);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(EncryptedElementType);
@@ -224,8 +216,7 @@ namespace opensaml {
             EncryptedIDImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-            EncryptedIDImpl(const EncryptedIDImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {
-            }
+            EncryptedIDImpl(const EncryptedIDImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(EncryptedID);
         };
@@ -236,8 +227,7 @@ namespace opensaml {
             virtual ~ConditionImpl() {}
 
             ConditionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             ConditionImpl(const ConditionImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
@@ -254,16 +244,11 @@ namespace opensaml {
             virtual ~AudienceRestrictionImpl() {}
 
             AudienceRestrictionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             AudienceRestrictionImpl(const AudienceRestrictionImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (vector<Audience*>::const_iterator i=src.m_Audiences.begin(); i!=src.m_Audiences.end(); i++) {
-                    if (*i) {
-                        getAudiences().push_back((*i)->cloneAudience());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(Audience);
             }
 
             IMPL_XMLOBJECT_CLONE2(AudienceRestriction,Condition);
@@ -286,12 +271,10 @@ namespace opensaml {
             virtual ~OneTimeUseImpl() {}
 
             OneTimeUseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             OneTimeUseImpl(const OneTimeUseImpl& src)
-                : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
-            }
+                : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {}
 
             IMPL_XMLOBJECT_CLONE2(OneTimeUse,Condition);
         };
@@ -308,17 +291,12 @@ namespace opensaml {
             }
 
             ProxyRestrictionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Count(nullptr) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Count(nullptr) {}
 
             ProxyRestrictionImpl(const ProxyRestrictionImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src), m_Count(nullptr) {
-                setCount(src.m_Count);
-                for (vector<Audience*>::const_iterator i=src.m_Audiences.begin(); i!=src.m_Audiences.end(); i++) {
-                    if (*i) {
-                        getAudiences().push_back((*i)->cloneAudience());
-                    }
-                }
+                IMPL_CLONE_INTEGER_ATTRIB(Count);
+                IMPL_CLONE_TYPED_CHILDREN(Audience);
             }
 
             IMPL_XMLOBJECT_CLONE2(ProxyRestriction,Condition);
@@ -377,14 +355,11 @@ namespace opensaml {
             DelegateImpl(const DelegateImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setConfirmationMethod(src.getConfirmationMethod());
-                setDelegationInstant(src.getDelegationInstant());
-                if (src.getBaseID())
-                    setBaseID(src.getBaseID()->cloneBaseID());
-                if (src.getNameID())
-                    setNameID(src.getNameID()->cloneNameID());
-                if (src.getEncryptedID())
-                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
+                IMPL_CLONE_ATTRIB(ConfirmationMethod);
+                IMPL_CLONE_ATTRIB(DelegationInstant);
+                IMPL_CLONE_TYPED_CHILD(BaseID);
+                IMPL_CLONE_TYPED_CHILD(NameID);
+                IMPL_CLONE_TYPED_CHILD(EncryptedID);
             }
 
             IMPL_XMLOBJECT_CLONE(Delegate);
@@ -424,16 +399,11 @@ namespace opensaml {
             virtual ~DelegationRestrictionTypeImpl() {}
 
             DelegationRestrictionTypeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             DelegationRestrictionTypeImpl(const DelegationRestrictionTypeImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (vector<Delegate*>::const_iterator i=src.m_Delegates.begin(); i!=src.m_Delegates.end(); i++) {
-                    if (*i) {
-                        getDelegates().push_back((*i)->cloneDelegate());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(Delegate);
             }
 
             IMPL_XMLOBJECT_CLONE2(DelegationRestrictionType,Condition);
@@ -470,36 +440,15 @@ namespace opensaml {
             ConditionsImpl(const ConditionsImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setNotBefore(src.getNotBefore());
-                setNotOnOrAfter(src.getNotOnOrAfter());
-
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AudienceRestriction* arc=dynamic_cast<AudienceRestriction*>(*i);
-                        if (arc) {
-                            getAudienceRestrictions().push_back(arc->cloneAudienceRestriction());
-                            continue;
-                        }
-
-                        OneTimeUse* dncc=dynamic_cast<OneTimeUse*>(*i);
-                        if (dncc) {
-                            getOneTimeUses().push_back(dncc->cloneOneTimeUse());
-                            continue;
-                        }
-
-                        ProxyRestriction* prc=dynamic_cast<ProxyRestriction*>(*i);
-                        if (prc) {
-                            getProxyRestrictions().push_back(prc->cloneProxyRestriction());
-                            continue;
-                        }
-
-                        Condition* c=dynamic_cast<Condition*>(*i);
-                        if (c) {
-                            getConditions().push_back(c->cloneCondition());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_ATTRIB(NotBefore);
+                IMPL_CLONE_ATTRIB(NotOnOrAfter);
+
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AudienceRestriction);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(OneTimeUse);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(ProxyRestriction);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Condition);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(Conditions);
@@ -562,11 +511,11 @@ namespace opensaml {
             }
 
             void _clone(const SubjectConfirmationDataTypeImpl& src) {
-                setNotBefore(src.getNotBefore());
-                setNotOnOrAfter(src.getNotOnOrAfter());
-                setRecipient(src.getRecipient());
-                setInResponseTo(src.getInResponseTo());
-                setAddress(src.getAddress());
+                IMPL_CLONE_ATTRIB(NotBefore);
+                IMPL_CLONE_ATTRIB(NotOnOrAfter);
+                IMPL_CLONE_ATTRIB(Recipient);
+                IMPL_CLONE_ATTRIB(InResponseTo);
+                IMPL_CLONE_ATTRIB(Address);
             }
 
             SubjectConfirmationDataType* cloneSubjectConfirmationDataType() const {
@@ -604,12 +553,10 @@ namespace opensaml {
             virtual ~SubjectConfirmationDataImpl() {}
 
             SubjectConfirmationDataImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src)
-                : AbstractXMLObject(src), SubjectConfirmationDataTypeImpl(src), AnyElementImpl(src) {
-            }
+                : AbstractXMLObject(src), SubjectConfirmationDataTypeImpl(src), AnyElementImpl(src) {}
 
             void _clone(const SubjectConfirmationDataImpl& src) {
                 SubjectConfirmationDataTypeImpl::_clone(src);
@@ -672,25 +619,19 @@ namespace opensaml {
             virtual ~KeyInfoConfirmationDataTypeImpl() {}
 
             KeyInfoConfirmationDataTypeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             KeyInfoConfirmationDataTypeImpl(const KeyInfoConfirmationDataTypeImpl& src)
                 : AbstractXMLObject(src), SubjectConfirmationDataTypeImpl(src), AbstractComplexElement(src),
-                    AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
-            }
+                    AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {}
 
             void _clone(const KeyInfoConfirmationDataTypeImpl& src) {
                 SubjectConfirmationDataTypeImpl::_clone(src);
-                for (vector<KeyInfo*>::const_iterator i=src.m_KeyInfos.begin(); i!=src.m_KeyInfos.end(); ++i) {
-                    if (*i) {
-                        getKeyInfos().push_back((*i)->cloneKeyInfo());
-                    }
-                }
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(KeyInfoConfirmationDataType);
-            IMPL_TYPED_CHILDREN(KeyInfo,m_children.end());
+            IMPL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature,m_children.end());
 
         public:
             void setAttribute(const xmltooling::QName& qualifiedName, const XMLCh* value, bool ID=false) {
@@ -726,7 +667,7 @@ namespace opensaml {
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
-                PROC_TYPED_CHILDREN(KeyInfo,XMLSIG_NS,false);
+                PROC_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature,XMLSIG_NS,false);
                 AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
             }
 
@@ -773,15 +714,11 @@ namespace opensaml {
             SubjectConfirmationImpl(const SubjectConfirmationImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setMethod(src.getMethod());
-                if (src.getBaseID())
-                    setBaseID(src.getBaseID()->cloneBaseID());
-                if (src.getNameID())
-                    setNameID(src.getNameID()->cloneNameID());
-                if (src.getEncryptedID())
-                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
-                if (src.getSubjectConfirmationData())
-                    setSubjectConfirmationData(src.getSubjectConfirmationData()->clone());
+                IMPL_CLONE_ATTRIB(Method);
+                IMPL_CLONE_TYPED_CHILD(BaseID);
+                IMPL_CLONE_TYPED_CHILD(NameID);
+                IMPL_CLONE_TYPED_CHILD(EncryptedID);
+                IMPL_CLONE_XMLOBJECT_CHILD(SubjectConfirmationData);
             }
 
             IMPL_XMLOBJECT_CLONE(SubjectConfirmation);
@@ -841,17 +778,10 @@ namespace opensaml {
             SubjectImpl(const SubjectImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getBaseID())
-                    setBaseID(src.getBaseID()->cloneBaseID());
-                if (src.getNameID())
-                    setNameID(src.getNameID()->cloneNameID());
-                if (src.getEncryptedID())
-                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
-                for (vector<SubjectConfirmation*>::const_iterator i=src.m_SubjectConfirmations.begin(); i!=src.m_SubjectConfirmations.end(); i++) {
-                    if (*i) {
-                        getSubjectConfirmations().push_back((*i)->cloneSubjectConfirmation());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(BaseID);
+                IMPL_CLONE_TYPED_CHILD(NameID);
+                IMPL_CLONE_TYPED_CHILD(EncryptedID);
+                IMPL_CLONE_TYPED_CHILDREN(SubjectConfirmation);
             }
 
             IMPL_XMLOBJECT_CLONE(Subject);
@@ -894,8 +824,8 @@ namespace opensaml {
             SubjectLocalityImpl(const SubjectLocalityImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setAddress(src.getAddress());
-                setDNSName(src.getDNSName());
+                IMPL_CLONE_ATTRIB(Address);
+                IMPL_CLONE_ATTRIB(DNSName);
             }
 
             IMPL_XMLOBJECT_CLONE(SubjectLocality);
@@ -921,8 +851,7 @@ namespace opensaml {
             virtual ~StatementImpl() {}
 
             StatementImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             StatementImpl(const StatementImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
@@ -936,11 +865,9 @@ namespace opensaml {
             virtual ~AuthnContextDeclImpl() {}
 
             AuthnContextDeclImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {
-            }
+            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(AuthnContextDecl);
         };
@@ -976,17 +903,10 @@ namespace opensaml {
             AuthnContextImpl(const AuthnContextImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getAuthnContextClassRef())
-                    setAuthnContextClassRef(src.getAuthnContextClassRef()->cloneAuthnContextClassRef());
-                if (src.getAuthnContextDecl())
-                    setAuthnContextDecl(src.getAuthnContextDecl()->clone());
-                if (src.getAuthnContextDeclRef())
-                    setAuthnContextDeclRef(src.getAuthnContextDeclRef()->cloneAuthnContextDeclRef());
-                for (vector<AuthenticatingAuthority*>::const_iterator i=src.m_AuthenticatingAuthoritys.begin(); i!=src.m_AuthenticatingAuthoritys.end(); i++) {
-                    if (*i) {
-                        getAuthenticatingAuthoritys().push_back((*i)->cloneAuthenticatingAuthority());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(AuthnContextClassRef);
+                IMPL_CLONE_XMLOBJECT_CHILD(AuthnContextDecl);
+                IMPL_CLONE_TYPED_CHILD(AuthnContextDeclRef);
+                IMPL_CLONE_TYPED_CHILDREN(AuthenticatingAuthority);
             }
 
             IMPL_XMLOBJECT_CLONE(AuthnContext);
@@ -1039,13 +959,11 @@ namespace opensaml {
             AuthnStatementImpl(const AuthnStatementImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setAuthnInstant(src.getAuthnInstant());
-                setSessionIndex(src.getSessionIndex());
-                setSessionNotOnOrAfter(src.getSessionNotOnOrAfter());
-                if (src.getSubjectLocality())
-                    setSubjectLocality(src.getSubjectLocality()->cloneSubjectLocality());
-                if (src.getAuthnContext())
-                    setAuthnContext(src.getAuthnContext()->cloneAuthnContext());
+                IMPL_CLONE_ATTRIB(AuthnInstant);
+                IMPL_CLONE_ATTRIB(SessionIndex);
+                IMPL_CLONE_ATTRIB(SessionNotOnOrAfter);
+                IMPL_CLONE_TYPED_CHILD(SubjectLocality);
+                IMPL_CLONE_TYPED_CHILD(AuthnContext);
             }
 
             IMPL_XMLOBJECT_CLONE2(AuthnStatement,Statement);
@@ -1088,12 +1006,11 @@ namespace opensaml {
             }
 
             ActionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                    : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(nullptr) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(nullptr) {}
 
             ActionImpl(const ActionImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src), m_Namespace(nullptr) {
-                setNamespace(src.getNamespace());
+                IMPL_CLONE_ATTRIB(Namespace);
             }
 
             IMPL_XMLOBJECT_CLONE(Action);
@@ -1120,38 +1037,16 @@ namespace opensaml {
             virtual ~EvidenceImpl() {}
 
             EvidenceImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             EvidenceImpl(const EvidenceImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AssertionIDRef* ref=dynamic_cast<AssertionIDRef*>(*i);
-                        if (ref) {
-                            getAssertionIDRefs().push_back(ref->cloneAssertionIDRef());
-                            continue;
-                        }
-
-                        AssertionURIRef* uri=dynamic_cast<AssertionURIRef*>(*i);
-                        if (uri) {
-                            getAssertionURIRefs().push_back(uri->cloneAssertionURIRef());
-                            continue;
-                        }
-
-                        Assertion* assertion=dynamic_cast<Assertion*>(*i);
-                        if (assertion) {
-                            getAssertions().push_back(assertion->cloneAssertion());
-                            continue;
-                        }
-
-                        EncryptedAssertion* enc=dynamic_cast<EncryptedAssertion*>(*i);
-                        if (enc) {
-                            getEncryptedAssertions().push_back(enc->cloneEncryptedAssertion());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AssertionIDRef);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AssertionURIRef);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Assertion);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(EncryptedAssertion);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(Evidence);
@@ -1198,15 +1093,10 @@ namespace opensaml {
             AuthzDecisionStatementImpl(const AuthzDecisionStatementImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setResource(src.getResource());
-                setDecision(src.getDecision());
-                if (src.getEvidence())
-                    setEvidence(src.getEvidence()->cloneEvidence());
-                for (vector<Action*>::const_iterator i=src.m_Actions.begin(); i!=src.m_Actions.end(); i++) {
-                    if (*i) {
-                        getActions().push_back((*i)->cloneAction());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Resource);
+                IMPL_CLONE_ATTRIB(Decision);
+                IMPL_CLONE_TYPED_CHILD(Evidence);
+                IMPL_CLONE_TYPED_CHILDREN(Action);
             }
 
             IMPL_XMLOBJECT_CLONE2(AuthzDecisionStatement,Statement);
@@ -1240,11 +1130,9 @@ namespace opensaml {
             virtual ~AttributeValueImpl() {}
 
             AttributeValueImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-            AttributeValueImpl(const AttributeValueImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {
-            }
+            AttributeValueImpl(const AttributeValueImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(AttributeValue);
         };
@@ -1277,14 +1165,10 @@ namespace opensaml {
                     : AbstractXMLObject(src), AbstractComplexElement(src),
                         AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setName(src.getName());
-                setNameFormat(src.getNameFormat());
-                setFriendlyName(src.getFriendlyName());
-                for (vector<XMLObject*>::const_iterator i=src.m_AttributeValues.begin(); i!=src.m_AttributeValues.end(); i++) {
-                    if (*i) {
-                        getAttributeValues().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Name);
+                IMPL_CLONE_ATTRIB(NameFormat);
+                IMPL_CLONE_ATTRIB(FriendlyName);
+                IMPL_CLONE_XMLOBJECT_CHILDREN(AttributeValue);
             }
 
             IMPL_XMLOBJECT_CLONE(Attribute);
@@ -1328,7 +1212,6 @@ namespace opensaml {
             }
         };
 
-        //TODO unit test for this
         class SAML_DLLLOCAL EncryptedAttributeImpl : public virtual EncryptedAttribute, public EncryptedElementTypeImpl
         {
         public:
@@ -1352,26 +1235,14 @@ namespace opensaml {
             virtual ~AttributeStatementImpl() {}
 
             AttributeStatementImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             AttributeStatementImpl(const AttributeStatementImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        Attribute* attribute=dynamic_cast<Attribute*>(*i);
-                        if (attribute) {
-                            getAttributes().push_back(attribute->cloneAttribute());
-                            continue;
-                        }
-
-                        EncryptedAttribute* enc=dynamic_cast<EncryptedAttribute*>(*i);
-                        if (enc) {
-                            getEncryptedAttributes().push_back(enc->cloneEncryptedAttribute());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Attribute);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(EncryptedAttribute);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE2(AttributeStatement,Statement);
@@ -1396,42 +1267,17 @@ namespace opensaml {
             virtual ~AdviceImpl() {}
 
             AdviceImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
             AdviceImpl(const AdviceImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AssertionIDRef* ref=dynamic_cast<AssertionIDRef*>(*i);
-                        if (ref) {
-                            getAssertionIDRefs().push_back(ref->cloneAssertionIDRef());
-                            continue;
-                        }
-
-                        AssertionURIRef* uri=dynamic_cast<AssertionURIRef*>(*i);
-                        if (uri) {
-                            getAssertionURIRefs().push_back(uri->cloneAssertionURIRef());
-                            continue;
-                        }
-
-                        Assertion* assertion=dynamic_cast<Assertion*>(*i);
-                        if (assertion) {
-                            getAssertions().push_back(assertion->cloneAssertion());
-                            continue;
-                        }
-
-                        EncryptedAssertion* enc=dynamic_cast<EncryptedAssertion*>(*i);
-                        if (enc) {
-                            getEncryptedAssertions().push_back(enc->cloneEncryptedAssertion());
-                            continue;
-                        }
-
-                        if (*i) {
-                            getUnknownXMLObjects().push_back((*i)->clone());
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AssertionIDRef);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AssertionURIRef);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Assertion);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(EncryptedAssertion);
+                    IMPL_CLONE_XMLOBJECT_CHILD_IN_BAG(UnknownXMLObject);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(Advice);
@@ -1459,7 +1305,6 @@ namespace opensaml {
             }
         };
 
-        //TODO unit test for this
         class SAML_DLLLOCAL EncryptedAssertionImpl : public virtual EncryptedAssertion, public EncryptedElementTypeImpl
         {
         public:
@@ -1519,59 +1364,33 @@ namespace opensaml {
             AssertionImpl(const AssertionImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setVersion(src.getVersion());
-                setID(src.getID());
-                setIssueInstant(src.getIssueInstant());
-                if (src.getIssuer())
-                    setIssuer(src.getIssuer()->cloneIssuer());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                if (src.getSubject())
-                    setSubject(src.getSubject()->cloneSubject());
-                if (src.getConditions())
-                    setConditions(src.getConditions()->cloneConditions());
-                if (src.getAdvice())
-                    setAdvice(src.getAdvice()->cloneAdvice());
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AuthnStatement* authst=dynamic_cast<AuthnStatement*>(*i);
-                        if (authst) {
-                            getAuthnStatements().push_back(authst->cloneAuthnStatement());
-                            continue;
-                        }
-
-                        AttributeStatement* attst=dynamic_cast<AttributeStatement*>(*i);
-                        if (attst) {
-                            getAttributeStatements().push_back(attst->cloneAttributeStatement());
-                            continue;
-                        }
-
-                        AuthzDecisionStatement* authzst=dynamic_cast<AuthzDecisionStatement*>(*i);
-                        if (authzst) {
-                            getAuthzDecisionStatements().push_back(authzst->cloneAuthzDecisionStatement());
-                            continue;
-                        }
-
-                        Statement* st=dynamic_cast<Statement*>(*i);
-                        if (st) {
-                            getStatements().push_back(st->cloneStatement());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Version);
+                IMPL_CLONE_ATTRIB(ID);
+                IMPL_CLONE_ATTRIB(IssueInstant);
+                IMPL_CLONE_TYPED_CHILD(Issuer);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILD(Subject);
+                IMPL_CLONE_TYPED_CHILD(Conditions);
+                IMPL_CLONE_TYPED_CHILD(Advice);
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AuthnStatement);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AttributeStatement);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AuthzDecisionStatement);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Statement);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -1614,7 +1433,7 @@ namespace opensaml {
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
                 PROC_TYPED_CHILD(Issuer,SAML20_NS,false);
-                PROC_TYPED_CHILD(Signature,XMLSIG_NS,false);
+                PROC_TYPED_FOREIGN_CHILD(Signature,xmlsignature,XMLSIG_NS,false);
                 PROC_TYPED_CHILD(Subject,SAML20_NS,false);
                 PROC_TYPED_CHILD(Conditions,SAML20_NS,false);
                 PROC_TYPED_CHILD(Advice,SAML20_NS,false);

diff --git a/saml/saml2/core/impl/Protocols20Impl.cpp b/saml/saml2/core/impl/Protocols20Impl.cpp
index 15c4a17..95e75cd 100644 (file)
--- a/saml/saml2/core/impl/Protocols20Impl.cpp
+++ b/saml/saml2/core/impl/Protocols20Impl.cpp
@@ -40,12 +40,12 @@
 #include <xmltooling/util/XMLHelper.h>
 
 #include <ctime>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/if.hpp>
+#include <boost/lambda/lambda.hpp>
 #include <xercesc/util/XMLUniDefs.hpp>
 
 using namespace opensaml::saml2p;
-using namespace opensaml::saml2;
-using namespace xmlsignature;
-using namespace xmlencryption;
 using namespace xmltooling;
 using namespace std;
 using xmlconstants::XMLSIG_NS;
@@ -71,7 +71,27 @@ namespace opensaml {
 
         DECL_XMLOBJECTIMPL_SIMPLE(SAML_DLLLOCAL,RespondTo);
 
-        //TODO need unit test for this, using objects from another namespace
+        class SAML_DLLLOCAL AsynchronousImpl : public virtual Asynchronous,
+            public AbstractSimpleElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
+        {
+        public:
+            virtual ~AsynchronousImpl() {}
+
+            AsynchronousImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
+
+            AsynchronousImpl(const AsynchronousImpl& src)
+                : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {}
+
+            IMPL_XMLOBJECT_CLONE(Asynchronous);
+
+        protected:
+            // has no attributes or children
+        };
+
         class SAML_DLLLOCAL ExtensionsImpl : public virtual Extensions,
              public AbstractComplexElement,
              public AbstractDOMCachingXMLObject,
@@ -82,16 +102,11 @@ namespace opensaml {
             virtual ~ExtensionsImpl() {}
     
             ExtensionsImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-            }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
                 
             ExtensionsImpl(const ExtensionsImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                    if (*i) {
-                        getUnknownXMLObjects().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
             }
             
             IMPL_XMLOBJECT_CLONE(Extensions);
@@ -123,74 +138,67 @@ namespace opensaml {
                 m_pos_StatusCode=m_children.begin();
             }
 
-            public:
-                virtual ~StatusCodeImpl() {
-                    XMLString::release(&m_Value);
-                }
+        public:
+            virtual ~StatusCodeImpl() {
+                XMLString::release(&m_Value);
+            }
 
-                StatusCodeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                        : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-                    init();
-                }
+            StatusCodeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                    : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+                init();
+            }
 
-                StatusCodeImpl(const StatusCodeImpl& src)
-                        : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                    init();
-                    setValue(src.getValue());
-                    if (src.getStatusCode())
-                        setStatusCode(src.getStatusCode()->cloneStatusCode());
-                }
+            StatusCodeImpl(const StatusCodeImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                init();
+                IMPL_CLONE_ATTRIB(Value);
+                IMPL_CLONE_TYPED_CHILD(StatusCode);
+            }
 
-                IMPL_XMLOBJECT_CLONE(StatusCode);
-                IMPL_STRING_ATTRIB(Value);
-                IMPL_TYPED_CHILD(StatusCode);
+            IMPL_XMLOBJECT_CLONE(StatusCode);
+            IMPL_STRING_ATTRIB(Value);
+            IMPL_TYPED_CHILD(StatusCode);
 
-            protected:
-                void marshallAttributes(DOMElement* domElement) const {
-                    MARSHALL_STRING_ATTRIB(Value,VALUE,nullptr);
-                }
+        protected:
+            void marshallAttributes(DOMElement* domElement) const {
+                MARSHALL_STRING_ATTRIB(Value,VALUE,nullptr);
+            }
 
-                void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
-                    PROC_TYPED_CHILD(StatusCode,SAML20P_NS,false);
-                    AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
-                }
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                PROC_TYPED_CHILD(StatusCode,SAML20P_NS,false);
+                AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
+            }
 
-                void processAttribute(const DOMAttr* attribute) {
-                    PROC_STRING_ATTRIB(Value,VALUE,nullptr);
-                    AbstractXMLObjectUnmarshaller::processAttribute(attribute);
-                }
+            void processAttribute(const DOMAttr* attribute) {
+                PROC_STRING_ATTRIB(Value,VALUE,nullptr);
+                AbstractXMLObjectUnmarshaller::processAttribute(attribute);
+            }
         };
 
-        //TODO need unit tests for non-SAML namespace children
         class SAML_DLLLOCAL StatusDetailImpl : public virtual StatusDetail,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
-            public:
-                virtual ~StatusDetailImpl() {}
+        public:
+            virtual ~StatusDetailImpl() {}
 
-                StatusDetailImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                    : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-                }
+            StatusDetailImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-                StatusDetailImpl(const StatusDetailImpl& src)
-                        : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                    for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                        if (*i) {
-                            getUnknownXMLObjects().push_back((*i)->clone());
-                        }
-                    }
-                }
+            StatusDetailImpl(const StatusDetailImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
+            }
 
-                IMPL_XMLOBJECT_CLONE(StatusDetail);
-                IMPL_XMLOBJECT_CHILDREN(UnknownXMLObject,m_children.end());
+            IMPL_XMLOBJECT_CLONE(StatusDetail);
+            IMPL_XMLOBJECT_CHILDREN(UnknownXMLObject,m_children.end());
 
-            protected:
-                void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
-                    getUnknownXMLObjects().push_back(childXMLObject);
-                }
+        protected:
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                getUnknownXMLObjects().push_back(childXMLObject);
+            }
         };
 
 
@@ -215,7 +223,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~StatusImpl() { }
+            virtual ~StatusImpl() {}
     
             StatusImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -224,12 +232,9 @@ namespace opensaml {
                 
             StatusImpl(const StatusImpl& src) : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getStatusCode())
-                    setStatusCode(src.getStatusCode()->cloneStatusCode());
-                if (src.getStatusMessage())
-                    setStatusMessage(src.getStatusMessage()->cloneStatusMessage());
-                if (src.getStatusDetail())
-                    setStatusDetail(src.getStatusDetail()->cloneStatusDetail());
+                IMPL_CLONE_TYPED_CHILD(StatusCode);
+                IMPL_CLONE_TYPED_CHILD(StatusMessage);
+                IMPL_CLONE_TYPED_CHILD(StatusDetail);
             }
             
             IMPL_XMLOBJECT_CLONE(Status);
@@ -237,6 +242,21 @@ namespace opensaml {
             IMPL_TYPED_CHILD(StatusMessage);
             IMPL_TYPED_CHILD(StatusDetail);
     
+            // Base class methods.
+            const XMLCh* getTopStatus() const {
+                return getStatusCode() ? getStatusCode()->getValue() : nullptr;
+            }
+            const XMLCh* getSubStatus() const {
+                const StatusCode* sc = getStatusCode() ? getStatusCode()->getStatusCode() : nullptr;
+                return sc ? sc->getValue() : nullptr;
+            }
+            bool hasAdditionalStatus() const {
+                return (getStatusCode() && getStatusCode()->getStatusCode() && getStatusCode()->getStatusCode()->getStatusCode());
+            }
+            const XMLCh* getMessage() const {
+                return getStatusMessage() ? getStatusMessage()->getMessage() : nullptr;
+            }
+
         protected:
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
                 PROC_TYPED_CHILD(StatusCode,SAML20P_NS,false);
@@ -297,30 +317,27 @@ namespace opensaml {
             }
 
             void _clone(const RequestAbstractTypeImpl& src) {
-                setID(src.getID());
-                setVersion(src.getVersion());
-                setIssueInstant(src.getIssueInstant());
-                setDestination(src.getDestination());
-                setConsent(src.getConsent());
-                if (src.getIssuer())
-                    setIssuer(src.getIssuer()->cloneIssuer());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
+                IMPL_CLONE_ATTRIB(ID);
+                IMPL_CLONE_ATTRIB(Version);
+                IMPL_CLONE_ATTRIB(IssueInstant);
+                IMPL_CLONE_ATTRIB(Destination);
+                IMPL_CLONE_ATTRIB(Consent);
+                IMPL_CLONE_TYPED_CHILD(Issuer);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILD(Extensions);
             }
             
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
             
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -383,21 +400,16 @@ namespace opensaml {
         class SAML_DLLLOCAL AssertionIDRequestImpl : public virtual AssertionIDRequest, public RequestAbstractTypeImpl
         {
         public:
-            virtual ~AssertionIDRequestImpl() { }
+            virtual ~AssertionIDRequestImpl() {}
     
             AssertionIDRequestImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
                 
-            AssertionIDRequestImpl(const AssertionIDRequestImpl& src) : AbstractXMLObject(src), RequestAbstractTypeImpl(src) {
-            }
+            AssertionIDRequestImpl(const AssertionIDRequestImpl& src) : AbstractXMLObject(src), RequestAbstractTypeImpl(src) {}
 
             void _clone(const AssertionIDRequestImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                for (vector<AssertionIDRef*>::const_iterator i=src.m_AssertionIDRefs.begin(); i!=src.m_AssertionIDRefs.end(); i++) {
-                    if (*i) {                               
-                        getAssertionIDRefs().push_back((*i)->cloneAssertionIDRef());
-                    }
-                }
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(AssertionIDRef,saml2);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(AssertionIDRequest);
@@ -425,7 +437,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~SubjectQueryImpl() { }
+            virtual ~SubjectQueryImpl() {}
     
             SubjectQueryImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -438,8 +450,7 @@ namespace opensaml {
 
             void _clone(const SubjectQueryImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                if (src.getSubject())
-                    setSubject(src.getSubject()->cloneSubject());
+                IMPL_CLONE_TYPED_CHILD(Subject);
             }
             
             SubjectQuery* cloneSubjectQuery() const {
@@ -478,22 +489,11 @@ namespace opensaml {
             RequestedAuthnContextImpl(const RequestedAuthnContextImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setComparison(src.getComparison());
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        AuthnContextClassRef* classref=dynamic_cast<AuthnContextClassRef*>(*i);
-                        if (classref) {
-                            getAuthnContextClassRefs().push_back(classref->cloneAuthnContextClassRef());
-                            continue;
-                        }
-
-                        AuthnContextDeclRef* declref=dynamic_cast<AuthnContextDeclRef*>(*i);
-                        if (declref) {
-                            getAuthnContextDeclRefs().push_back(declref->cloneAuthnContextDeclRef());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Comparison);
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_FOREIGN_CHILD_IN_BAG(AuthnContextClassRef,saml2);
+                    IMPL_CLONE_TYPED_FOREIGN_CHILD_IN_BAG(AuthnContextDeclRef,saml2);
+                IMPL_CLONE_CHILDBAG_END;
             }
             
             IMPL_XMLOBJECT_CLONE(RequestedAuthnContext);
@@ -545,9 +545,8 @@ namespace opensaml {
 
             void _clone(const AuthnQueryImpl& src) {
                 SubjectQueryImpl::_clone(src);
-                setSessionIndex(src.getSessionIndex());
-                if (src.getRequestedAuthnContext())
-                    setRequestedAuthnContext(src.getRequestedAuthnContext()->cloneRequestedAuthnContext());
+                IMPL_CLONE_ATTRIB(SessionIndex);
+                IMPL_CLONE_TYPED_CHILD(RequestedAuthnContext);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(AuthnQuery);
@@ -573,25 +572,16 @@ namespace opensaml {
         class SAML_DLLLOCAL AttributeQueryImpl : public virtual AttributeQuery, public SubjectQueryImpl
         {
         public:
-            virtual ~AttributeQueryImpl() { }
+            virtual ~AttributeQueryImpl() {}
     
             AttributeQueryImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
                 
-            AttributeQueryImpl(const AttributeQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {
-            }
+            AttributeQueryImpl(const AttributeQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {}
 
             void _clone(const AttributeQueryImpl& src) {
                 SubjectQueryImpl::_clone(src);
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        Attribute* attrib=dynamic_cast<Attribute*>(*i);
-                        if (attrib) {
-                            getAttributes().push_back(attrib->cloneAttribute());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(AttributeQuery);
@@ -630,18 +620,9 @@ namespace opensaml {
 
             void _clone(const AuthzDecisionQueryImpl& src) {
                 SubjectQueryImpl::_clone(src);
-                setResource(src.getResource());
-                if (src.getEvidence())
-                    setEvidence(src.getEvidence()->cloneEvidence());
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        Action* action=dynamic_cast<Action*>(*i);
-                        if (action) {
-                            getActions().push_back(action->cloneAction());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Resource);
+                IMPL_CLONE_TYPED_CHILD(Evidence);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(Action,saml2);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(AuthzDecisionQuery);
@@ -678,43 +659,43 @@ namespace opensaml {
                 m_AllowCreate=XML_BOOL_NULL;
             }
 
-            public:
-                virtual ~NameIDPolicyImpl() {
-                    XMLString::release(&m_Format);
-                    XMLString::release(&m_SPNameQualifier);
-                }
+        public:
+            virtual ~NameIDPolicyImpl() {
+                XMLString::release(&m_Format);
+                XMLString::release(&m_SPNameQualifier);
+            }
 
-                NameIDPolicyImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                        : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-                    init();
-                }
+            NameIDPolicyImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                    : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+                init();
+            }
 
-                NameIDPolicyImpl(const NameIDPolicyImpl& src)
-                        : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
-                    init();
-                    setFormat(src.getFormat());
-                    setSPNameQualifier(src.getSPNameQualifier());
-                    AllowCreate(src.m_AllowCreate);
-                }
+            NameIDPolicyImpl(const NameIDPolicyImpl& src)
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
+                init();
+                IMPL_CLONE_ATTRIB(Format);
+                IMPL_CLONE_ATTRIB(SPNameQualifier);
+                IMPL_CLONE_BOOLEAN_ATTRIB(AllowCreate);
+            }
 
-                IMPL_XMLOBJECT_CLONE(NameIDPolicy);
-                IMPL_STRING_ATTRIB(Format);
-                IMPL_STRING_ATTRIB(SPNameQualifier);
-                IMPL_BOOLEAN_ATTRIB(AllowCreate);
+            IMPL_XMLOBJECT_CLONE(NameIDPolicy);
+            IMPL_STRING_ATTRIB(Format);
+            IMPL_STRING_ATTRIB(SPNameQualifier);
+            IMPL_BOOLEAN_ATTRIB(AllowCreate);
 
-            protected:
-                void marshallAttributes(DOMElement* domElement) const {
-                    MARSHALL_STRING_ATTRIB(Format,FORMAT,nullptr);
-                    MARSHALL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
-                    MARSHALL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE,nullptr);
-                }
+        protected:
+            void marshallAttributes(DOMElement* domElement) const {
+                MARSHALL_STRING_ATTRIB(Format,FORMAT,nullptr);
+                MARSHALL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
+                MARSHALL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE,nullptr);
+            }
 
-                void processAttribute(const DOMAttr* attribute) {
-                    PROC_STRING_ATTRIB(Format,FORMAT,nullptr);
-                    PROC_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
-                    PROC_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE,nullptr);
-                    AbstractXMLObjectUnmarshaller::processAttribute(attribute);
-                }
+            void processAttribute(const DOMAttr* attribute) {
+                PROC_STRING_ATTRIB(Format,FORMAT,nullptr);
+                PROC_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
+                PROC_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE,nullptr);
+                AbstractXMLObjectUnmarshaller::processAttribute(attribute);
+            }
         };
 
         class SAML_DLLLOCAL IDPEntryImpl : public virtual IDPEntry,
@@ -729,43 +710,43 @@ namespace opensaml {
                 m_Loc=nullptr;
             }
 
-            public:
-                virtual ~IDPEntryImpl() {
-                    XMLString::release(&m_ProviderID);
-                    XMLString::release(&m_Name);
-                    XMLString::release(&m_Loc);
-                }
+        public:
+            virtual ~IDPEntryImpl() {
+                XMLString::release(&m_ProviderID);
+                XMLString::release(&m_Name);
+                XMLString::release(&m_Loc);
+            }
 
-                IDPEntryImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                        : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-                    init();
-                }
+            IDPEntryImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                    : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+                init();
+            }
 
-                IDPEntryImpl(const IDPEntryImpl& src) : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
-                    init();
-                    setProviderID(src.getProviderID());
-                    setName(src.getName());
-                    setLoc(src.getLoc());
-                }
+            IDPEntryImpl(const IDPEntryImpl& src) : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
+                init();
+                IMPL_CLONE_ATTRIB(ProviderID);
+                IMPL_CLONE_ATTRIB(Name);
+                IMPL_CLONE_ATTRIB(Loc);
+            }
 
-                IMPL_XMLOBJECT_CLONE(IDPEntry);
-                IMPL_STRING_ATTRIB(ProviderID);
-                IMPL_STRING_ATTRIB(Name);
-                IMPL_STRING_ATTRIB(Loc);
+            IMPL_XMLOBJECT_CLONE(IDPEntry);
+            IMPL_STRING_ATTRIB(ProviderID);
+            IMPL_STRING_ATTRIB(Name);
+            IMPL_STRING_ATTRIB(Loc);
 
-            protected:
-                void marshallAttributes(DOMElement* domElement) const {
-                    MARSHALL_STRING_ATTRIB(ProviderID,PROVIDERID,nullptr);
-                    MARSHALL_STRING_ATTRIB(Name,NAME,nullptr);
-                    MARSHALL_STRING_ATTRIB(Loc,LOC,nullptr);
-                }
+        protected:
+            void marshallAttributes(DOMElement* domElement) const {
+                MARSHALL_STRING_ATTRIB(ProviderID,PROVIDERID,nullptr);
+                MARSHALL_STRING_ATTRIB(Name,NAME,nullptr);
+                MARSHALL_STRING_ATTRIB(Loc,LOC,nullptr);
+            }
 
-                void processAttribute(const DOMAttr* attribute) {
-                    PROC_STRING_ATTRIB(ProviderID,PROVIDERID,nullptr);
-                    PROC_STRING_ATTRIB(Name,NAME,nullptr);
-                    PROC_STRING_ATTRIB(Loc,LOC,nullptr);
-                    AbstractXMLObjectUnmarshaller::processAttribute(attribute);
-                }
+            void processAttribute(const DOMAttr* attribute) {
+                PROC_STRING_ATTRIB(ProviderID,PROVIDERID,nullptr);
+                PROC_STRING_ATTRIB(Name,NAME,nullptr);
+                PROC_STRING_ATTRIB(Loc,LOC,nullptr);
+                AbstractXMLObjectUnmarshaller::processAttribute(attribute);
+            }
         };
 
         class SAML_DLLLOCAL IDPListImpl : public virtual IDPList,
@@ -781,7 +762,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~IDPListImpl() { }
+            virtual ~IDPListImpl() {}
     
             IDPListImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -791,13 +772,8 @@ namespace opensaml {
             IDPListImpl(const IDPListImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getGetComplete())
-                    setGetComplete(src.getGetComplete()->cloneGetComplete());
-                for (vector<IDPEntry*>::const_iterator i=src.m_IDPEntrys.begin(); i!=src.m_IDPEntrys.end(); ++i) {
-                    if (*i) {
-                        getIDPEntrys().push_back((*i)->cloneIDPEntry());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(GetComplete);
+                IMPL_CLONE_TYPED_CHILDREN(IDPEntry);
             }
             
             IMPL_XMLOBJECT_CLONE(IDPList);
@@ -839,14 +815,9 @@ namespace opensaml {
             ScopingImpl(const ScopingImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setProxyCount(src.m_ProxyCount);
-                if (src.getIDPList())
-                    setIDPList(src.getIDPList()->cloneIDPList());
-                for (vector<RequesterID*>::const_iterator i=src.m_RequesterIDs.begin(); i!=src.m_RequesterIDs.end(); ++i) {
-                    if (*i) {
-                        getRequesterIDs().push_back((*i)->cloneRequesterID());
-                    }
-                }
+                IMPL_CLONE_INTEGER_ATTRIB(ProxyCount);
+                IMPL_CLONE_TYPED_CHILD(IDPList);
+                IMPL_CLONE_TYPED_CHILDREN(RequesterID);
             }
             
             IMPL_XMLOBJECT_CLONE(Scoping);
@@ -924,23 +895,18 @@ namespace opensaml {
 
             void _clone(const AuthnRequestImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                ForceAuthn(src.m_ForceAuthn);
-                IsPassive(src.m_IsPassive);
-                setProtocolBinding(src.getProtocolBinding());
-                setAssertionConsumerServiceIndex(src.m_AssertionConsumerServiceIndex);
-                setAssertionConsumerServiceURL(src.getAssertionConsumerServiceURL());
-                setAttributeConsumingServiceIndex(src.m_AttributeConsumingServiceIndex);
-                setProviderName(src.getProviderName());
-                if (src.getSubject())
-                    setSubject(src.getSubject()->cloneSubject());
-                if (src.getNameIDPolicy())
-                    setNameIDPolicy(src.getNameIDPolicy()->cloneNameIDPolicy());
-                if (src.getConditions())
-                    setConditions(src.getConditions()->cloneConditions());
-                if (src.getRequestedAuthnContext())
-                    setRequestedAuthnContext(src.getRequestedAuthnContext()->cloneRequestedAuthnContext());
-                if (src.getScoping())
-                    setScoping(src.getScoping()->cloneScoping());
+                IMPL_CLONE_BOOLEAN_ATTRIB(ForceAuthn);
+                IMPL_CLONE_BOOLEAN_ATTRIB(IsPassive);
+                IMPL_CLONE_ATTRIB(ProtocolBinding);
+                IMPL_CLONE_INTEGER_ATTRIB(AssertionConsumerServiceIndex);
+                IMPL_CLONE_ATTRIB(AssertionConsumerServiceURL);
+                IMPL_CLONE_INTEGER_ATTRIB(AttributeConsumingServiceIndex);
+                IMPL_CLONE_ATTRIB(ProviderName);
+                IMPL_CLONE_TYPED_CHILD(Subject);
+                IMPL_CLONE_TYPED_CHILD(NameIDPolicy);
+                IMPL_CLONE_TYPED_CHILD(Conditions);
+                IMPL_CLONE_TYPED_CHILD(RequestedAuthnContext);
+                IMPL_CLONE_TYPED_CHILD(Scoping);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(AuthnRequest);
@@ -1047,33 +1013,29 @@ namespace opensaml {
             }
 
             void _clone(const StatusResponseTypeImpl& src) {
-                setID(src.getID());
-                setInResponseTo(src.getInResponseTo());
-                setVersion(src.getVersion());
-                setIssueInstant(src.getIssueInstant());
-                setDestination(src.getDestination());
-                setConsent(src.getConsent());
-                if (src.getIssuer())
-                    setIssuer(src.getIssuer()->cloneIssuer());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
-                if (src.getStatus())
-                    setStatus(src.getStatus()->cloneStatus());
+                IMPL_CLONE_ATTRIB(ID);
+                IMPL_CLONE_ATTRIB(InResponseTo);
+                IMPL_CLONE_ATTRIB(Version);
+                IMPL_CLONE_ATTRIB(IssueInstant);
+                IMPL_CLONE_ATTRIB(Destination);
+                IMPL_CLONE_ATTRIB(Consent);
+                IMPL_CLONE_TYPED_CHILD(Issuer);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILD(Extensions);
+                IMPL_CLONE_TYPED_CHILD(Status);
             }
             
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
             
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -1140,30 +1102,19 @@ namespace opensaml {
         class SAML_DLLLOCAL ResponseImpl : public virtual Response, public StatusResponseTypeImpl
         {
         public:
-            virtual ~ResponseImpl() { }
+            virtual ~ResponseImpl() {}
     
             ResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
                 
-            ResponseImpl(const ResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) {
-            }
+            ResponseImpl(const ResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) {}
 
             void _clone(const ResponseImpl& src) {
                 StatusResponseTypeImpl::_clone(src);
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        saml2::Assertion* assertion=dynamic_cast<saml2::Assertion*>(*i);
-                        if (assertion) {
-                            getAssertions().push_back(assertion->cloneAssertion());
-                            continue;
-                        }
-                        EncryptedAssertion* encAssertion=dynamic_cast<EncryptedAssertion*>(*i);
-                        if (encAssertion) {
-                            getEncryptedAssertions().push_back(encAssertion->cloneEncryptedAssertion());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_FOREIGN_CHILD_IN_BAG(Assertion,saml2);
+                    IMPL_CLONE_TYPED_FOREIGN_CHILD_IN_BAG(EncryptedAssertion,saml2);
+                IMPL_CLONE_CHILDBAG_END;
             }
             
             IMPL_XMLOBJECT_CLONE_EX(Response);
@@ -1188,7 +1139,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~ArtifactResolveImpl() { }
+            virtual ~ArtifactResolveImpl() {}
     
             ArtifactResolveImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -1201,8 +1152,7 @@ namespace opensaml {
 
             void _clone(const ArtifactResolveImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                if(src.getArtifact())
-                    setArtifact(src.getArtifact()->cloneArtifact());
+                IMPL_CLONE_TYPED_CHILD(Artifact);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(ArtifactResolve);
@@ -1225,7 +1175,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~ArtifactResponseImpl() { }
+            virtual ~ArtifactResponseImpl() {}
     
             ArtifactResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -1238,8 +1188,7 @@ namespace opensaml {
 
             void _clone(const ArtifactResponseImpl& src) {
                 StatusResponseTypeImpl::_clone(src);
-                if (src.getPayload())
-                    setPayload(src.getPayload()->clone());
+                IMPL_CLONE_XMLOBJECT_CHILD(Payload);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(ArtifactResponse);
@@ -1289,13 +1238,8 @@ namespace opensaml {
             NewEncryptedIDImpl(const NewEncryptedIDImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getEncryptedData())
-                    setEncryptedData(src.getEncryptedData()->cloneEncryptedData());
-                for (vector<xmlencryption::EncryptedKey*>::const_iterator i=src.m_EncryptedKeys.begin(); i!=src.m_EncryptedKeys.end(); i++) {
-                    if (*i) {
-                        getEncryptedKeys().push_back((*i)->cloneEncryptedKey());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(EncryptedData);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
             }
     
             IMPL_XMLOBJECT_CLONE2(NewEncryptedID,EncryptedElementType);
@@ -1316,20 +1260,19 @@ namespace opensaml {
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
-            public:
-                virtual ~TerminateImpl() { }
+        public:
+            virtual ~TerminateImpl() {}
 
-                TerminateImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                    : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
+            TerminateImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
 
-                TerminateImpl(const TerminateImpl& src)
-                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
-                }
+            TerminateImpl(const TerminateImpl& src)
+                : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {}
 
-                IMPL_XMLOBJECT_CLONE(Terminate);
+            IMPL_XMLOBJECT_CLONE(Terminate);
 
-            protected:
-                // has no attributes or children
+        protected:
+            // has no attributes or children
         };
 
         class SAML_DLLLOCAL ManageNameIDRequestImpl : public virtual ManageNameIDRequest, public RequestAbstractTypeImpl
@@ -1358,7 +1301,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~ManageNameIDRequestImpl() { }
+            virtual ~ManageNameIDRequestImpl() {}
     
             ManageNameIDRequestImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -1371,16 +1314,11 @@ namespace opensaml {
 
             void _clone(const ManageNameIDRequestImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                if (src.getNameID())
-                    setNameID(src.getNameID()->cloneNameID());
-                if (src.getEncryptedID())
-                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
-                if (src.getNewID())
-                    setNewID(src.getNewID()->cloneNewID());
-                if (src.getNewEncryptedID())
-                    setNewEncryptedID(src.getNewEncryptedID()->cloneNewEncryptedID());
-                if (src.getTerminate())
-                    setTerminate(src.getTerminate()->cloneTerminate());
+                IMPL_CLONE_TYPED_CHILD(NameID);
+                IMPL_CLONE_TYPED_CHILD(EncryptedID);
+                IMPL_CLONE_TYPED_CHILD(NewID);
+                IMPL_CLONE_TYPED_CHILD(NewEncryptedID);
+                IMPL_CLONE_TYPED_CHILD(Terminate);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(ManageNameIDRequest);
@@ -1404,13 +1342,12 @@ namespace opensaml {
         class SAML_DLLLOCAL ManageNameIDResponseImpl : public virtual ManageNameIDResponse, public StatusResponseTypeImpl
         {
         public:
-            virtual ~ManageNameIDResponseImpl() { }
+            virtual ~ManageNameIDResponseImpl() {}
 
             ManageNameIDResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
             
-            ManageNameIDResponseImpl(const ManageNameIDResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) {
-            }
+            ManageNameIDResponseImpl(const ManageNameIDResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(ManageNameIDResponse);
         };
@@ -1451,20 +1388,12 @@ namespace opensaml {
 
             void _clone(const LogoutRequestImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                setReason(src.getReason());
-                setNotOnOrAfter(src.getNotOnOrAfter());
-                if (src.getBaseID())
-                    setBaseID(src.getBaseID()->cloneBaseID());
-                if (src.getNameID())
-                    setNameID(src.getNameID()->cloneNameID());
-                if (src.getEncryptedID())
-                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
-
-                for (vector<SessionIndex*>::const_iterator i=src.m_SessionIndexs.begin(); i!=src.m_SessionIndexs.end(); ++i) {
-                    if (*i) {
-                        getSessionIndexs().push_back((*i)->cloneSessionIndex());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Reason);
+                IMPL_CLONE_ATTRIB(NotOnOrAfter);
+                IMPL_CLONE_TYPED_CHILD(BaseID);
+                IMPL_CLONE_TYPED_CHILD(NameID);
+                IMPL_CLONE_TYPED_CHILD(EncryptedID);
+                IMPL_CLONE_TYPED_CHILDREN(SessionIndex);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(LogoutRequest);
@@ -1499,13 +1428,12 @@ namespace opensaml {
         class SAML_DLLLOCAL LogoutResponseImpl : public virtual LogoutResponse, public StatusResponseTypeImpl
         {
         public:
-            virtual ~LogoutResponseImpl() { }
+            virtual ~LogoutResponseImpl() {}
 
             LogoutResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
             
-            LogoutResponseImpl(const LogoutResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) {
-            }
+            LogoutResponseImpl(const LogoutResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE_EX(LogoutResponse);
         };
@@ -1533,7 +1461,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~NameIDMappingRequestImpl() { }
+            virtual ~NameIDMappingRequestImpl() {}
     
             NameIDMappingRequestImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -1546,14 +1474,10 @@ namespace opensaml {
 
             void _clone(const NameIDMappingRequestImpl& src) {
                 RequestAbstractTypeImpl::_clone(src);
-                if (src.getBaseID())
-                    setBaseID(src.getBaseID()->cloneBaseID());
-                if (src.getNameID())
-                    setNameID(src.getNameID()->cloneNameID());
-                if (src.getEncryptedID())
-                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
-                if (src.getNameIDPolicy())
-                    setNameIDPolicy(src.getNameIDPolicy()->cloneNameIDPolicy());
+                IMPL_CLONE_TYPED_CHILD(BaseID);
+                IMPL_CLONE_TYPED_CHILD(NameID);
+                IMPL_CLONE_TYPED_CHILD(EncryptedID);
+                IMPL_CLONE_TYPED_CHILD(NameIDPolicy);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(NameIDMappingRequest);
@@ -1586,7 +1510,7 @@ namespace opensaml {
             }
 
         public:
-            virtual ~NameIDMappingResponseImpl() { }
+            virtual ~NameIDMappingResponseImpl() {}
     
             NameIDMappingResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -1599,10 +1523,8 @@ namespace opensaml {
 
             void _clone(const NameIDMappingResponseImpl& src) {
                 StatusResponseTypeImpl::_clone(src);
-                if (src.getNameID())
-                    setNameID(src.getNameID()->cloneNameID());
-                if (src.getEncryptedID())
-                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
+                IMPL_CLONE_TYPED_CHILD(NameID);
+                IMPL_CLONE_TYPED_CHILD(EncryptedID);
             }
             
             IMPL_XMLOBJECT_CLONE_EX(NameIDMappingResponse);
@@ -1657,6 +1579,7 @@ IMPL_XMLOBJECTBUILDER(StatusMessage);
 IMPL_XMLOBJECTBUILDER(Terminate);
 
 IMPL_XMLOBJECTBUILDER(RespondTo);
+IMPL_XMLOBJECTBUILDER(Asynchronous);
 
 // Unicode literals
 const XMLCh Artifact::LOCAL_NAME[] = UNICODE_LITERAL_8(A,r,t,i,f,a,c,t);
@@ -1666,6 +1589,8 @@ const XMLCh ArtifactResponse::LOCAL_NAME[] = UNICODE_LITERAL_16(A,r,t,i,f,a,c,t,
 const XMLCh ArtifactResponse::TYPE_NAME[] = UNICODE_LITERAL_20(A,r,t,i,f,a,c,t,R,e,s,p,o,n,s,e,T,y,p,e);
 const XMLCh AssertionIDRequest::LOCAL_NAME[] = UNICODE_LITERAL_18(A,s,s,e,r,t,i,o,n,I,D,R,e,q,u,e,s,t);
 const XMLCh AssertionIDRequest::TYPE_NAME[] = UNICODE_LITERAL_22(A,s,s,e,r,t,i,o,n,I,D,R,e,q,u,e,s,t,T,y,p,e);
+const XMLCh Asynchronous::LOCAL_NAME[] = UNICODE_LITERAL_12(A,s,y,n,c,h,r,o,n,o,u,s);
+const XMLCh Asynchronous::TYPE_NAME[] = UNICODE_LITERAL_16(A,s,y,n,c,h,r,o,n,o,u,s,T,y,p,e);
 const XMLCh AttributeQuery::LOCAL_NAME[] = UNICODE_LITERAL_14(A,t,t,r,i,b,u,t,e,Q,u,e,r,y);
 const XMLCh AttributeQuery::TYPE_NAME[] = UNICODE_LITERAL_18(A,t,t,r,i,b,u,t,e,Q,u,e,r,y,T,y,p,e);
 const XMLCh AuthnQuery::LOCAL_NAME[] = UNICODE_LITERAL_10(A,u,t,h,n,Q,u,e,r,y);

diff --git a/saml/saml2/core/impl/Protocols20SchemaValidators.cpp b/saml/saml2/core/impl/Protocols20SchemaValidators.cpp
index 137233e..9e660dd 100644 (file)
--- a/saml/saml2/core/impl/Protocols20SchemaValidators.cpp
+++ b/saml/saml2/core/impl/Protocols20SchemaValidators.cpp
@@ -306,4 +306,9 @@ void opensaml::saml2p::registerProtocolClasses() {
     q=xmltooling::QName(samlconstants::SAML20P_THIRDPARTY_EXT_NS,RespondTo::LOCAL_NAME);
     XMLObjectBuilder::registerBuilder(q,new RespondToBuilder());
     SchemaValidators.registerValidator(q,new RespondToSchemaValidator());
+
+    q=xmltooling::QName(samlconstants::SAML20P_ASYNCSLO_EXT_NS,Asynchronous::LOCAL_NAME);
+    XMLObjectBuilder::registerBuilder(q,new AsynchronousBuilder());
+    q=xmltooling::QName(samlconstants::SAML20P_ASYNCSLO_EXT_NS,Asynchronous::TYPE_NAME);
+    XMLObjectBuilder::registerBuilder(q,new AsynchronousBuilder());
 }

diff --git a/saml/saml2/metadata/AbstractMetadataProvider.h b/saml/saml2/metadata/AbstractMetadataProvider.h
index 0fe617d..d458b4c 100644 (file)
--- a/saml/saml2/metadata/AbstractMetadataProvider.h
+++ b/saml/saml2/metadata/AbstractMetadataProvider.h
@@ -83,6 +83,7 @@ namespace opensaml {
 
             void outputStatus(std::ostream& os) const;
             void emitChangeEvent() const;
+            void emitChangeEvent(const EntityDescriptor&) const;
             std::pair<const EntityDescriptor*,const RoleDescriptor*> getEntityDescriptor(const Criteria& criteria) const;
             const EntitiesDescriptor* getEntitiesDescriptor(const char* name, bool requireValidMetadata=true) const;
             const xmltooling::Credential* resolve(const xmltooling::CredentialCriteria* criteria=nullptr) const;
@@ -152,7 +153,7 @@ namespace opensaml {
             mutable groupmap_t m_groups;
 
             std::auto_ptr<xmltooling::KeyInfoResolver> m_resolverWrapper;
-            std::auto_ptr<xmltooling::Mutex> m_credentialLock;
+            mutable std::auto_ptr<xmltooling::Mutex> m_credentialLock;
             typedef std::map< const RoleDescriptor*, std::vector<xmltooling::Credential*> > credmap_t;
             mutable credmap_t m_credentialMap;
             const credmap_t::mapped_type& resolveCredentials(const RoleDescriptor& role) const;

diff --git a/saml/saml2/metadata/DiscoverableMetadataProvider.h b/saml/saml2/metadata/DiscoverableMetadataProvider.h
index 2086705..095d03c 100644 (file)
--- a/saml/saml2/metadata/DiscoverableMetadataProvider.h
+++ b/saml/saml2/metadata/DiscoverableMetadataProvider.h
@@ -29,9 +29,18 @@
 
 #include <saml/saml2/metadata/MetadataProvider.h>
 
+#include <boost/shared_ptr.hpp>
+
 namespace opensaml {
     
+    namespace saml2 {
+        class SAML_API Attribute;
+    };
+
     namespace saml2md {
+
+        class SAML_API EntityAttributes;
+        class SAML_API EntityMatcher;
         
 #if defined (_MSC_VER)
         #pragma warning( push )
@@ -52,6 +61,15 @@ namespace opensaml {
              *   <dt>legacyOrgNames</dt>
              *   <dd>true iff IdPs without a UIInfo extension should
              *      be identified using &lt;md:OrganizationDisplayName&gt;</dd>
+             *   <dt>entityAttributes</dt>
+             *   <dd>true iff tags found in &lt;mdattr:EntityAttributes&gt;
+             *      extensions should be included in the feed</dd>
+             *   <dt>&lt;DiscoveryFilter type="..." matcher="..." &gt;</dt>
+             *   <dd>Zero or more filters of type "Whitelist" or "Blacklist" that
+             *      affect which entities get exposed by the feed. The actual matching
+             *      is driven by an EntityMatcher plugin identified by the matcher
+             *      attribute. Other element content will be present to configure
+             *      that plugin.</dd>
              * </dl>
              *
              * @param e DOM to supply configuration for provider
@@ -96,8 +114,11 @@ namespace opensaml {
         private:
             void discoEntity(std::string& s, const EntityDescriptor* entity, bool& first) const;
             void discoGroup(std::string& s, const EntitiesDescriptor* group, bool& first) const;
+            void discoEntityAttributes(std::string& s, const EntityAttributes& ea, bool& first) const;
+            void discoAttributes(std::string& s, const std::vector<saml2::Attribute*>& attrs, bool& first) const;
 
-            bool m_legacyOrgNames;
+            bool m_legacyOrgNames, m_entityAttributes;
+            std::vector< std::pair< bool, boost::shared_ptr<EntityMatcher> > > m_discoFilters;
         };
 
 #if defined (_MSC_VER)

diff --git a/saml/saml2/metadata/DynamicMetadataProvider.h b/saml/saml2/metadata/DynamicMetadataProvider.h
index 179bc2e..2e19d7e 100644 (file)
--- a/saml/saml2/metadata/DynamicMetadataProvider.h
+++ b/saml/saml2/metadata/DynamicMetadataProvider.h
@@ -72,7 +72,7 @@ namespace opensaml {
 
         private:
             std::string m_id;
-            mutable xmltooling::RWLock* m_lock;
+            std::auto_ptr<xmltooling::RWLock> m_lock;
             double m_refreshDelayFactor;
             time_t m_minCacheDuration, m_maxCacheDuration;
             typedef std::map<xmltooling::xstring,time_t> cachemap_t;

diff --git a/saml/saml2/metadata/EntityMatcher.h b/saml/saml2/metadata/EntityMatcher.h
new file mode 100644 (file)
index 0000000..d15c2a2
--- /dev/null
+++ b/saml/saml2/metadata/EntityMatcher.h
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+/**
+ * @file saml/saml2/metadata/EntityMatcher.h
+ *
+ * Applies a set of matching rules to an entity.
+ */
+
+#include <saml/base.h>
+
+#ifndef __saml2_entitymatcher_h__
+#define __saml2_entitymatcher_h__
+
+namespace opensaml {
+    namespace saml2md {
+
+        class SAML_API EntityDescriptor;
+
+        /**
+         * An entity matcher is a predicate that evaluates an entity against a set of matching rules.
+         */
+        class SAML_API EntityMatcher
+        {
+            MAKE_NONCOPYABLE(EntityMatcher);
+        protected:
+            EntityMatcher();
+        public:
+            virtual ~EntityMatcher();
+
+            /**
+             * Applies the instance's matching rule(s) against an entity.
+             *
+             * @param entity the entity to evaluate
+             * @return  true iff the entity is matched
+             */
+            virtual bool matches(const EntityDescriptor& entity) const=0;
+        };
+
+        /**
+         * Registers EntityMatcher classes into the runtime.
+         */
+        void SAML_API registerEntityMatchers();
+
+        /** EntityMatcher that matches based on name. */
+        #define NAME_ENTITY_MATCHER "Name"
+
+        /** EntityMatcher that applies a set of input attributes. */
+        #define ENTITYATTR_ENTITY_MATCHER "EntityAttributes"
+    };
+};
+
+#endif /* __saml2_entitymatcher_h__ */

diff --git a/saml/saml2/metadata/Metadata.h b/saml/saml2/metadata/Metadata.h
index ffaadc8..60b56c0 100644 (file)
--- a/saml/saml2/metadata/Metadata.h
+++ b/saml/saml2/metadata/Metadata.h
@@ -83,7 +83,11 @@ namespace opensaml {
             bool isValid() const {
                 return time(nullptr) <= getValidUntilEpoch();
             }
-            /** Returns true iff the object is valid at the supplied time. */
+            /**
+             * Returns true iff the object is valid at the supplied time.
+             *
+             * @param t the time to check against
+             */
             bool isValid(time_t t) const {
                 return t <= getValidUntilEpoch();
             }
@@ -101,13 +105,31 @@ namespace opensaml {
         DECL_XMLOBJECT_SIMPLE(SAML_API,ActionNamespace,Namespace,SAML 2.0 Metadata Extension ActionNamespace element);
 
         BEGIN_XMLOBJECT(SAML_API,localizedNameType,xmltooling::XMLObject,SAML 2.0 localizedNameType type);
-            DECL_STRING_ATTRIB(Lang,LANG);
+            /** xml:lang attribute name. */
+            static const XMLCh LANG_ATTRIB_NAME[];
+
+            /**
+             * Sets the xml:lang attribute.
+             *
+             * @param Lang  the value to set
+             */
+            virtual void setLang(const XMLCh* Lang)=0;
+
             /** localizedNameType local name */
             static const XMLCh TYPE_NAME[];
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT(SAML_API,localizedURIType,xmltooling::XMLObject,SAML 2.0 localizedURIType type);
-            DECL_STRING_ATTRIB(Lang,LANG);
+            /** xml:lang attribute name. */
+            static const XMLCh LANG_ATTRIB_NAME[];
+
+            /**
+             * Sets the xml:lang attribute.
+             *
+             * @param Lang  the value to set
+             */
+            virtual void setLang(const XMLCh* Lang)=0;
+
             /** localizedURIType local name */
             static const XMLCh TYPE_NAME[];
         END_XMLOBJECT;
@@ -445,14 +467,32 @@ namespace opensaml {
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT(SAML_API,Keywords,xmltooling::XMLObject,SAML Metadata Extension for Login UI Keywords element);
-            DECL_STRING_ATTRIB(Lang,LANG);
+            /** xml:lang attribute name. */
+            static const XMLCh LANG_ATTRIB_NAME[];
+
+            /**
+             * Sets the xml:lang attribute.
+             *
+             * @param Lang  the value to set
+             */
+            virtual void setLang(const XMLCh* Lang)=0;
+
             DECL_SIMPLE_CONTENT(Values);
             /** KeywordsType local name */
             static const XMLCh TYPE_NAME[];
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT(SAML_API,Logo,xmltooling::XMLObject,SAML Metadata Extension for Login UI Logo element);
-            DECL_STRING_ATTRIB(Lang,LANG);
+            /** xml:lang attribute name. */
+            static const XMLCh LANG_ATTRIB_NAME[];
+
+            /**
+             * Sets the xml:lang attribute.
+             *
+             * @param Lang  the value to set
+             */
+            virtual void setLang(const XMLCh* Lang)=0;
+
             DECL_INTEGER_ATTRIB(Height,HEIGHT);
             DECL_INTEGER_ATTRIB(Width,WIDTH);
             DECL_SIMPLE_CONTENT(URL);

diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h
index 41899ed..e4bace2 100644 (file)
--- a/saml/saml2/metadata/MetadataCredentialCriteria.h
+++ b/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -57,7 +57,6 @@ namespace opensaml {
                 return m_role;
             }
 
-            void reset();
             bool matches(const xmltooling::Credential& credential) const;
 
         private:

diff --git a/saml/saml2/metadata/MetadataFilter.h b/saml/saml2/metadata/MetadataFilter.h
index c6b5ff9..6572c52 100644 (file)
--- a/saml/saml2/metadata/MetadataFilter.h
+++ b/saml/saml2/metadata/MetadataFilter.h
@@ -33,6 +33,18 @@ namespace opensaml {
     namespace saml2md {
 
         /**
+         * Marker interface for supplying environmental context to filters.
+         */
+        class SAML_API MetadataFilterContext
+        {
+            MAKE_NONCOPYABLE(MetadataFilterContext);
+        protected:
+            MetadataFilterContext();
+        public:
+            virtual ~MetadataFilterContext();
+        };
+
+        /**
          * A metadata filter is used to process metadata after resolution and unmarshalling.
          *
          * Some filters might remove everything but identity provider roles, decreasing the data a service provider
@@ -55,12 +67,22 @@ namespace opensaml {
             virtual const char* getId() const=0;
 
             /**
+             * @deprecated
              * Filters the given metadata. Exceptions should generally not be thrown to
              * signal the removal of information, only for systemic processing failure.
              *
-             * @param xmlObject the metadata to be filtered.
+             * @param xmlObject the metadata to be filtered
              */
-            virtual void doFilter(xmltooling::XMLObject& xmlObject) const=0;
+            virtual void doFilter(xmltooling::XMLObject& xmlObject) const;
+
+            /**
+             * Filters the given metadata. Exceptions should generally not be thrown to
+             * signal the removal of information, only for systemic processing failure.
+             *
+             * @param ctx       context interface, or nullptr
+             * @param xmlObject the metadata to be filtered
+             */
+            virtual void doFilter(const MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const;
         };
 
         /**
@@ -69,19 +91,22 @@ namespace opensaml {
         void SAML_API registerMetadataFilters();
 
         /** MetadataFilter that deletes blacklisted entities. */
-        #define BLACKLIST_METADATA_FILTER  "Blacklist"
+        #define BLACKLIST_METADATA_FILTER           "Blacklist"
 
         /** MetadataFilter that deletes all but whitelisted entities. */
-        #define WHITELIST_METADATA_FILTER  "Whitelist"
+        #define WHITELIST_METADATA_FILTER           "Whitelist"
 
         /** MetadataFilter that verifies signatures and filters out any that don't pass. */
-        #define SIGNATURE_METADATA_FILTER  "Signature"
+        #define SIGNATURE_METADATA_FILTER           "Signature"
 
         /** MetadataFilter that enforces expiration requirements. */
-        #define REQUIREVALIDUNTIL_METADATA_FILTER  "RequireValidUntil"
+        #define REQUIREVALIDUNTIL_METADATA_FILTER   "RequireValidUntil"
 
         /** MetadataFilter that removes non-retained roles. */
-        #define ENTITYROLE_METADATA_FILTER  "EntityRoleWhiteList"
+        #define ENTITYROLE_METADATA_FILTER          "EntityRoleWhiteList"
+
+        /** MetadataFilter that adds EntityAttributes extension. */
+        #define ENTITYATTR_METADATA_FILTER          "EntityAttributes"
 
         DECL_XMLTOOLING_EXCEPTION(MetadataFilterException,SAML_EXCEPTIONAPI(SAML_API),opensaml::saml2md,MetadataException,Exceptions related to metadata filtering);
     };

diff --git a/saml/saml2/metadata/MetadataProvider.h b/saml/saml2/metadata/MetadataProvider.h
index dad99c5..e8c852f 100644 (file)
--- a/saml/saml2/metadata/MetadataProvider.h
+++ b/saml/saml2/metadata/MetadataProvider.h
@@ -31,6 +31,7 @@
 
 #include <vector>
 #include <iostream>
+#include <boost/ptr_container/ptr_vector.hpp>
 #include <xmltooling/exceptions.h>
 #include <xmltooling/security/CredentialResolver.h>
 
@@ -50,6 +51,7 @@ namespace opensaml {
         class SAML_API RoleDescriptor;
         class SAML_API MetadataCredentialResolver;
         class SAML_API MetadataFilter;
+        class SAML_API MetadataFilterContext;
 
 #if defined (_MSC_VER)
         #pragma warning( push )
@@ -120,6 +122,15 @@ namespace opensaml {
             virtual MetadataFilter* removeMetadataFilter(MetadataFilter* oldFilter);
 
             /**
+             * Sets a filtering context object for use by the filtering process.
+             * <p>The object's lifetime must last for the duration of the lifetime
+             * of the MetadataProvider.
+             *
+             * @param ctx   a context object
+             */
+            void setContext(const MetadataFilterContext* ctx);
+
+            /**
              * Should be called after instantiating provider and adding filters, but before
              * performing any lookup operations. Allows the provider to defer initialization
              * processes that are likely to result in exceptions until after the provider is
@@ -250,7 +261,8 @@ namespace opensaml {
             void doFilters(xmltooling::XMLObject& xmlObject) const;
 
         private:
-            std::vector<MetadataFilter*> m_filters;
+            const MetadataFilterContext* m_filterContext;
+            boost::ptr_vector<MetadataFilter> m_filters;
         };
 
 #if defined (_MSC_VER)

diff --git a/saml/saml2/metadata/ObservableMetadataProvider.h b/saml/saml2/metadata/ObservableMetadataProvider.h
index d395714..fab712b 100644 (file)
--- a/saml/saml2/metadata/ObservableMetadataProvider.h
+++ b/saml/saml2/metadata/ObservableMetadataProvider.h
@@ -59,6 +59,11 @@ namespace opensaml {
              */
             virtual void emitChangeEvent() const;
 
+            /**
+             * Convenience method for notifying every registered Observer of an event.
+             */
+            virtual void emitChangeEvent(const EntityDescriptor& entity) const;
+
         public:
             virtual ~ObservableMetadataProvider();
             
@@ -79,6 +84,15 @@ namespace opensaml {
                  * @param provider the provider being observed
                  */
                 virtual void onEvent(const ObservableMetadataProvider& provider) const=0;
+
+                /**
+                 * Called when a provider signals an event has occured.
+                 * The provider is already locked. 
+                 * 
+                 * @param provider the provider being observed
+                 * @param entity the entity that underwent modification
+                 */
+                virtual void onEvent(const ObservableMetadataProvider& provider, const EntityDescriptor& entity) const;
             };
             
             /**
@@ -97,7 +111,7 @@ namespace opensaml {
             virtual const Observer* removeObserver(const Observer* oldObserver) const;
 
         private:
-            mutable xmltooling::Mutex* m_observerLock;
+            mutable std::auto_ptr<xmltooling::Mutex> m_observerLock;
             mutable std::vector<const Observer*> m_observers;
         };
 

diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
index 6cd7273..229d881 100644 (file)
--- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
@@ -104,6 +104,14 @@ void AbstractMetadataProvider::emitChangeEvent() const
     ObservableMetadataProvider::emitChangeEvent();
 }
 
+void AbstractMetadataProvider::emitChangeEvent(const EntityDescriptor& entity) const
+{
+    for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
+        for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
+    m_credentialMap.clear();
+    ObservableMetadataProvider::emitChangeEvent(entity);
+}
+
 void AbstractMetadataProvider::indexEntity(EntityDescriptor* site, time_t& validUntil, bool replace) const
 {
     // If child expires later than input, reset child, otherwise lower input to match.
@@ -316,7 +324,7 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr
     if (!metacrit)
         throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object.");
 
-    Lock lock(m_credentialLock.get());
+    Lock lock(m_credentialLock);
     const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
 
     for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
@@ -333,7 +341,7 @@ vector<const Credential*>::size_type AbstractMetadataProvider::resolve(
     if (!metacrit)
         throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object.");
 
-    Lock lock(m_credentialLock.get());
+    Lock lock(m_credentialLock);
     const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
 
    for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)

diff --git a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp
index 283047c..04e4e1c 100644 (file)
--- a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp
+++ b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp
@@ -25,20 +25,22 @@
  */
 
 #include "internal.h"
+#include "saml2/metadata/EntityMatcher.h"
 #include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/MetadataFilter.h"
 
+#include <boost/scoped_ptr.hpp>
 #include <xmltooling/logging.h>
-#include <xmltooling/util/NDC.h>
 
 using namespace opensaml::saml2md;
+using namespace opensaml::saml2;
 using namespace xmltooling::logging;
 using namespace xmltooling;
+using namespace boost;
 using namespace std;
 
 namespace opensaml {
     namespace saml2md {
-                
         class SAML_DLLLOCAL BlacklistMetadataFilter : public MetadataFilter
         {
         public:
@@ -49,15 +51,11 @@ namespace opensaml {
             void doFilter(XMLObject& xmlObject) const;
 
         private:
-            void doFilter(EntitiesDescriptor& entities) const;
-            
-            bool found(const XMLCh* id) const {
-                if (!id)
-                    return false;
-                return m_set.count(id)==1;
-            }
+            void filterGroup(EntitiesDescriptor*) const;
+            bool included(const EntityDescriptor&) const;
 
-            set<xstring> m_set;
+            set<xstring> m_entities;
+            scoped_ptr<EntityMatcher> m_matcher;
         }; 
 
         MetadataFilter* SAML_DLLLOCAL BlacklistMetadataFilterFactory(const DOMElement* const & e)
@@ -65,78 +63,88 @@ namespace opensaml {
             return new BlacklistMetadataFilter(e);
         }
 
+        static const XMLCh Exclude[] = UNICODE_LITERAL_7(E,x,c,l,u,d,e);
+        static const XMLCh _matcher[] = UNICODE_LITERAL_7(m,a,t,c,h,e,r);
     };
 };
 
-static const XMLCh Exclude[] =  UNICODE_LITERAL_7(E,x,c,l,u,d,e);
 
 BlacklistMetadataFilter::BlacklistMetadataFilter(const DOMElement* e)
 {
-    e = XMLHelper::getFirstChildElement(e);
+    string matcher(XMLHelper::getAttrString(e, nullptr, _matcher));
+    if (!matcher.empty())
+        m_matcher.reset(SAMLConfig::getConfig().EntityMatcherManager.newPlugin(matcher.c_str(), e));
+
+    e = XMLHelper::getFirstChildElement(e, Exclude);
     while (e) {
-        if (XMLString::equals(e->getLocalName(), Exclude) && e->hasChildNodes()) {
-            m_set.insert(e->getFirstChild()->getTextContent());
+        if (e->hasChildNodes()) {
+            const XMLCh* excl = e->getTextContent();
+            if (excl && *excl)
+                m_entities.insert(excl);
         }
-        e = XMLHelper::getNextSiblingElement(e);
+        e = XMLHelper::getNextSiblingElement(e, Exclude);
     }
 }
 
 void BlacklistMetadataFilter::doFilter(XMLObject& xmlObject) const
 {
-#ifdef _DEBUG
-    NDC ndc("doFilter");
-#endif
-    
-    try {
-        EntitiesDescriptor& entities = dynamic_cast<EntitiesDescriptor&>(xmlObject);
-        if (found(entities.getName()))
-            throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only group in the metadata.");
-        doFilter(entities);
-        return;
-    }
-    catch (bad_cast&) {
-    }
-
-    try {
-        EntityDescriptor& entity = dynamic_cast<EntityDescriptor&>(xmlObject);
-        if (found(entity.getEntityID()))
-            throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only entity in the metadata.");
-        return;
+    EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(&xmlObject);
+    if (group) {
+        if (group->getName() && !m_entities.empty() && m_entities.count(group->getName()) > 0)
+            throw MetadataFilterException(BLACKLIST_METADATA_FILTER" MetadataFilter instructed to filter the root group in the metadata.");
+        filterGroup(group);
     }
-    catch (bad_cast&) {
+    else {
+        EntityDescriptor* entity = dynamic_cast<EntityDescriptor*>(&xmlObject);
+        if (entity) {
+            if (included(*entity))
+                throw MetadataFilterException(BLACKLIST_METADATA_FILTER" MetadataFilter instructed to filter the root/only entity in the metadata.");
+        }
+        else {
+            throw MetadataFilterException(BLACKLIST_METADATA_FILTER" MetadataFilter was given an improper metadata instance to filter.");
+        }
     }
-     
-    throw MetadataFilterException("BlacklistMetadataFilter was given an improper metadata instance to filter.");
 }
 
-void BlacklistMetadataFilter::doFilter(EntitiesDescriptor& entities) const
+void BlacklistMetadataFilter::filterGroup(EntitiesDescriptor* entities) const
 {
-    Category& log=Category::getInstance(SAML_LOGCAT".MetadataFilter.Blacklist");
-    
-    VectorOf(EntityDescriptor) v=entities.getEntityDescriptors();
-    for (VectorOf(EntityDescriptor)::size_type i=0; i<v.size(); ) {
-        const XMLCh* id=v[i]->getEntityID();
-        if (found(id)) {
-            auto_ptr_char id2(id);
-            log.info("filtering out blacklisted entity (%s)", id2.get());
+    Category& log = Category::getInstance(SAML_LOGCAT".MetadataFilter."WHITELIST_METADATA_FILTER);
+
+    VectorOf(EntityDescriptor) v = entities->getEntityDescriptors();
+    for (VectorOf(EntityDescriptor)::size_type i = 0; i < v.size(); ) {
+        if (included(*v[i])) {
+            auto_ptr_char id(v[i]->getEntityID());
+            log.info("filtering out blacklisted entity (%s)", id.get());
             v.erase(v.begin() + i);
         }
         else {
             i++;
         }
     }
-    
-    VectorOf(EntitiesDescriptor) w=entities.getEntitiesDescriptors();
-    for (VectorOf(EntitiesDescriptor)::size_type j=0; j<w.size(); ) {
-        const XMLCh* name=w[j]->getName();
-        if (found(name)) {
+
+    VectorOf(EntitiesDescriptor) w = entities->getEntitiesDescriptors();
+    for (VectorOf(EntitiesDescriptor)::size_type j = 0; j < w.size(); ) {
+        const XMLCh* name = w[j]->getName();
+        if (name && !m_entities.empty() && m_entities.count(name) > 0) {
             auto_ptr_char name2(name);
             log.info("filtering out blacklisted group (%s)", name2.get());
             w.erase(w.begin() + j);
         }
         else {
-            doFilter(*(w[j]));
+            filterGroup(w[j]);
             j++;
         }
     }
 }
+
+bool BlacklistMetadataFilter::included(const EntityDescriptor& entity) const
+{
+    // Check for entityID.
+    if (entity.getEntityID() && !m_entities.empty() && m_entities.count(entity.getEntityID()) > 0)
+        return true;
+
+    if (m_matcher && m_matcher->matches(entity))
+        return true;
+
+    return false;
+}

diff --git a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
index 067e6ff..cea88e8 100644 (file)
--- a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
@@ -67,17 +67,18 @@ namespace opensaml {
 
             Lockable* lock();
             void unlock();
+            void setContext(const MetadataFilterContext*);
             void init();
-            void outputStatus(ostream& os) const;
+            void outputStatus(ostream&) const;
             const XMLObject* getMetadata() const;
-            const EntitiesDescriptor* getEntitiesDescriptor(const char* name, bool requireValidMetadata=true) const;
-            pair<const EntityDescriptor*,const RoleDescriptor*> getEntityDescriptor(const Criteria& criteria) const;
+            const EntitiesDescriptor* getEntitiesDescriptor(const char*, bool requireValidMetadata=true) const;
+            pair<const EntityDescriptor*,const RoleDescriptor*> getEntityDescriptor(const Criteria&) const;
     
             const Credential* resolve(const CredentialCriteria* criteria=nullptr) const;
-            vector<const Credential*>::size_type resolve(vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr) const;
+            vector<const Credential*>::size_type resolve(vector<const Credential*>&, const CredentialCriteria* criteria=nullptr) const;
 
             string getCacheTag() const {
-                Lock lock(m_trackerLock.get());
+                Lock lock(m_trackerLock);
                 return m_feedTag;
             }
 
@@ -98,7 +99,7 @@ namespace opensaml {
 
             void onEvent(const ObservableMetadataProvider& provider) const {
                 // Reset the cache tag for the feed.
-                Lock lock(m_trackerLock.get());
+                Lock lock(m_trackerLock);
                 SAMLConfig::getConfig().generateRandomBytes(m_feedTag, 4);
                 m_feedTag = SAMLArtifact::toHex(m_feedTag);
                 emitChangeEvent();
@@ -111,7 +112,7 @@ namespace opensaml {
 
         private:
             bool m_firstMatch;
-            auto_ptr<Mutex> m_trackerLock;
+            mutable auto_ptr<Mutex> m_trackerLock;
             auto_ptr<ThreadKey> m_tlsKey;
             mutable ptr_vector<MetadataProvider> m_providers;
             mutable set<tracker_t*> m_trackers;
@@ -122,7 +123,7 @@ namespace opensaml {
 
         struct SAML_DLLLOCAL tracker_t {
             tracker_t(const ChainingMetadataProvider* m) : m_metadata(m) {
-                Lock lock(m_metadata->m_trackerLock.get());
+                Lock lock(m_metadata->m_trackerLock);
                 m_metadata->m_trackers.insert(this);
             }
 
@@ -169,7 +170,7 @@ void ChainingMetadataProvider::tracker_cleanup(void* ptr)
     if (ptr) {
         // free the tracker after removing it from the parent plugin's tracker set
         tracker_t* t = reinterpret_cast<tracker_t*>(ptr);
-        Lock lock(t->m_metadata->m_trackerLock.get());
+        Lock lock(t->m_metadata->m_trackerLock);
         t->m_metadata->m_trackers.erase(t);
         delete t;
     }
@@ -195,26 +196,35 @@ ChainingMetadataProvider::ChainingMetadataProvider(const DOMElement* e)
                 m_providers.push_back(provider.get());
                 provider.release();
             }
-            catch (exception& ex) {
+            catch (std::exception& ex) {
                 m_log.error("error building MetadataProvider: %s", ex.what());
             }
         }
+        else {
+            m_log.error("MetadataProvider element missing type attribute");
+        }
         e = XMLHelper::getNextSiblingElement(e, _MetadataProvider);
     }
 }
 
 ChainingMetadataProvider::~ChainingMetadataProvider()
 {
+    m_tlsKey.reset();   // need to free this ahead of trackers in a command line case
     for_each(m_trackers.begin(), m_trackers.end(), xmltooling::cleanup<tracker_t>());
 }
 
+void ChainingMetadataProvider::setContext(const MetadataFilterContext* ctx)
+{
+    for_each(m_providers.begin(), m_providers.end(), boost::bind(&MetadataProvider::setContext, _1, ctx));
+}
+
 void ChainingMetadataProvider::init()
 {
     for (ptr_vector<MetadataProvider>::iterator i = m_providers.begin(); i != m_providers.end(); ++i) {
         try {
             i->init();
         }
-        catch (exception& ex) {
+        catch (std::exception& ex) {
             m_log.crit("failure initializing MetadataProvider: %s", ex.what());
         }
     }
@@ -269,7 +279,7 @@ const EntitiesDescriptor* ChainingMetadataProvider::getEntitiesDescriptor(const
     const EntitiesDescriptor* cur = nullptr;
     for (ptr_vector<MetadataProvider>::iterator i = m_providers.begin(); i != m_providers.end(); ++i) {
         tracker->lock_if(&(*i));
-        if (cur=i->getEntitiesDescriptor(name,requireValidMetadata)) {
+        if ((cur = i->getEntitiesDescriptor(name,requireValidMetadata))) {
             // Are we using a first match policy?
             if (m_firstMatch) {
                 // Save locked provider.

diff --git a/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp b/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp
index 275f351..7316903 100644 (file)
--- a/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp
@@ -26,25 +26,65 @@
 
 #include "internal.h"
 #include "binding/SAMLArtifact.h"
+#include "saml2/metadata/EntityMatcher.h"
 #include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/DiscoverableMetadataProvider.h"
 
 #include <fstream>
 #include <sstream>
-#include <boost/bind.hpp>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/casts.hpp>
+#include <boost/lambda/lambda.hpp>
 #include <boost/iterator/indirect_iterator.hpp>
 #include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
 
+using namespace opensaml::saml2;
 using namespace opensaml::saml2md;
+using namespace xmltooling::logging;
 using namespace xmltooling;
+using namespace boost::lambda;
 using namespace boost;
 using namespace std;
 
 DiscoverableMetadataProvider::DiscoverableMetadataProvider(const DOMElement* e) : MetadataProvider(e), m_legacyOrgNames(false)
 {
-    static const XMLCh legacyOrgNames[] = UNICODE_LITERAL_14(l,e,g,a,c,y,O,r,g,N,a,m,e,s);
+    static const XMLCh legacyOrgNames[] =   UNICODE_LITERAL_14(l,e,g,a,c,y,O,r,g,N,a,m,e,s);
+    static const XMLCh matcher[] =          UNICODE_LITERAL_7(m,a,t,c,h,e,r);
+    static const XMLCh tagsInFeed[] =       UNICODE_LITERAL_10(t,a,g,s,I,n,F,e,e,d);
+    static const XMLCh _type[] =            UNICODE_LITERAL_4(t,y,p,e);
+    static const XMLCh DiscoveryFilter[] =  UNICODE_LITERAL_15(D,i,s,c,o,v,e,r,y,F,i,l,t,e,r);
+
     m_legacyOrgNames = XMLHelper::getAttrBool(e, false, legacyOrgNames);
+    m_entityAttributes = XMLHelper::getAttrBool(e, false, tagsInFeed);
+
+    e = e ? XMLHelper::getFirstChildElement(e, DiscoveryFilter) : nullptr;
+    while (e) {
+        string t(XMLHelper::getAttrString(e, nullptr, _type));
+        if (t == "Whitelist" || t == "Blacklist") {
+            string m(XMLHelper::getAttrString(e, nullptr, matcher));
+            if (!m.empty()) {
+                try {
+                    boost::shared_ptr<EntityMatcher> temp(SAMLConfig::getConfig().EntityMatcherManager.newPlugin(m, e));
+                    m_discoFilters.push_back(make_pair(t == "Whitelist", temp));
+                }
+                catch (std::exception& ex) {
+                    Category::getInstance(SAML_LOGCAT".MetadataProvider.Discoverable").error(
+                        "exception creating <DiscoveryFilter> EntityMatcher: %s", ex.what()
+                        );
+                }
+            }
+            else {
+                Category::getInstance(SAML_LOGCAT".MetadataProvider.Discoverable").error("<DiscoveryFilter> requires matcher attribute");
+            }
+        }
+        else {
+            Category::getInstance(SAML_LOGCAT".MetadataProvider.Discoverable").error(
+                "unknown <DiscoveryFilter> type (%s)", t.empty() ? "none" : t.c_str()
+                );
+        }
+        e = XMLHelper::getNextSiblingElement(e, DiscoveryFilter);
+    }
 }
 
 DiscoverableMetadataProvider::~DiscoverableMetadataProvider()
@@ -83,41 +123,52 @@ void DiscoverableMetadataProvider::outputFeed(ostream& os, bool& first, bool wra
         os << "\n]";
 }
 
-static string& json_safe(string& s, const char* buf)
-{
-    for (; *buf; ++buf) {
-        switch (*buf) {
-            case '\\':
-            case '"':
-                s += '\\';
-                s += *buf;
-                break;
-            case '\b':
-                s += "\\b";
-                break;
-            case '\t':
-                s += "\\t";
-                break;
-            case '\n':
-                s += "\\n";
-                break;
-            case '\f':
-                s += "\\f";
-                break;
-            case '\r':
-                s += "\\r";
-                break;
-            default:
-                s += *buf;
+namespace {
+    static string& json_safe(string& s, const char* buf)
+    {
+        for (; *buf; ++buf) {
+            switch (*buf) {
+                case '\\':
+                case '"':
+                    s += '\\';
+                    s += *buf;
+                    break;
+                case '\b':
+                    s += "\\b";
+                    break;
+                case '\t':
+                    s += "\\t";
+                    break;
+                case '\n':
+                    s += "\\n";
+                    break;
+                case '\f':
+                    s += "\\f";
+                    break;
+                case '\r':
+                    s += "\\r";
+                    break;
+                default:
+                    s += *buf;
+            }
         }
+        return s;
     }
-    return s;
-}
+};
 
 void DiscoverableMetadataProvider::discoEntity(string& s, const EntityDescriptor* entity, bool& first) const
 {
     time_t now = time(nullptr);
     if (entity && entity->isValid(now)) {
+
+        // Check filter(s).
+        for (vector< pair < bool, boost::shared_ptr<EntityMatcher> > >::const_iterator f = m_discoFilters.begin(); f != m_discoFilters.end(); ++f) {
+            // The flag is true for a whitelist and false for a blacklist,
+            // so we omit the entity if the match outcome is the inverse.
+            if (f->first != f->second->matches(*entity))
+                return;
+        }
+
         const vector<IDPSSODescriptor*>& idps = entity->getIDPSSODescriptors();
         if (!idps.empty()) {
             auto_ptr_char entityid(entity->getEntityID());
@@ -293,6 +344,32 @@ void DiscoverableMetadataProvider::discoEntity(string& s, const EntityDescriptor
                 }
             }
 
+            if (m_entityAttributes) {
+                bool tagfirst = true;
+                // Check for an EntityAttributes extension in the entity and its parent(s).
+                const Extensions* exts = entity->getExtensions();
+                if (exts) {
+                    const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
+                    const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
+                    if (xo)
+                        discoEntityAttributes(s, *dynamic_cast<const EntityAttributes*>(xo), tagfirst);
+                }
+
+                const EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(entity->getParent());
+                while (group) {
+                    exts = group->getExtensions();
+                    if (exts) {
+                        const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
+                        const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
+                        if (xo)
+                            discoEntityAttributes(s, *dynamic_cast<const EntityAttributes*>(xo), tagfirst);
+                    }
+                    group = dynamic_cast<EntitiesDescriptor*>(group->getParent());
+                }
+                if (!tagfirst)
+                    s += "\n ]";
+            }
+
             // Close the struct;
             s += "\n}";
         }
@@ -304,11 +381,55 @@ void DiscoverableMetadataProvider::discoGroup(string& s, const EntitiesDescripto
     if (group) {
         for_each(
             group->getEntitiesDescriptors().begin(), group->getEntitiesDescriptors().end(),
-            boost::bind(&DiscoverableMetadataProvider::discoGroup, boost::ref(this), boost::ref(s), _1, boost::ref(first))
+            lambda::bind(&DiscoverableMetadataProvider::discoGroup, this, boost::ref(s), _1, boost::ref(first))
             );
         for_each(
             group->getEntityDescriptors().begin(), group->getEntityDescriptors().end(),
-            boost::bind(&DiscoverableMetadataProvider::discoEntity, boost::ref(this), boost::ref(s), _1, boost::ref(first))
+            lambda::bind(&DiscoverableMetadataProvider::discoEntity, this, boost::ref(s), _1, boost::ref(first))
             );
     }
 }
+
+void DiscoverableMetadataProvider::discoEntityAttributes(std::string& s, const EntityAttributes& ea, bool& first) const
+{
+    discoAttributes(s, ea.getAttributes(), first);
+    const vector<saml2::Assertion*>& tokens = ea.getAssertions();
+    for (vector<saml2::Assertion*>::const_iterator t = tokens.begin(); t != tokens.end(); ++t) {
+        const vector<AttributeStatement*> statements = const_cast<const saml2::Assertion*>(*t)->getAttributeStatements();
+        for (vector<AttributeStatement*>::const_iterator st = statements.begin(); st != statements.end(); ++st) {
+            discoAttributes(s, const_cast<const AttributeStatement*>(*st)->getAttributes(), first);
+        }
+    }
+}
+
+void DiscoverableMetadataProvider::discoAttributes(std::string& s, const vector<Attribute*>& attrs, bool& first) const
+{
+    for (indirect_iterator<vector<Attribute*>::const_iterator> a = make_indirect_iterator(attrs.begin());
+            a != make_indirect_iterator(attrs.end()); ++a) {
+
+        if (first) {
+            s += ",\n \"EntityAttributes\": [";
+            first = false;
+        }
+        else {
+            s += ',';
+        }
+
+        auto_ptr_char n(a->getName());
+        s += "\n  {\n  \"name\": \"";
+        json_safe(s, n.get());
+        s += "\",\n  \"values\": [";
+        const vector<XMLObject*>& vals = const_cast<const Attribute&>(*a).getAttributeValues();
+        for (indirect_iterator<vector<XMLObject*>::const_iterator> v = make_indirect_iterator(vals.begin());
+                v != make_indirect_iterator(vals.end()); ++v) {
+            if (v.base() != vals.begin())
+                s += ',';
+            auto_arrayptr<char> val(toUTF8(v->getTextContent()));
+            s += "\n     \"";
+            if (val.get())
+                json_safe(s, val.get());
+            s += '\"';
+        }
+        s += "\n  ]\n  }";
+    }
+}

diff --git a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
index 9a65d01..42320e1 100644 (file)
--- a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
@@ -95,7 +95,6 @@ DynamicMetadataProvider::~DynamicMetadataProvider()
 {
     // Each entity in the map is unique (no multimap semantics), so this is safe.
     clearDescriptorIndex(true);
-    delete m_lock;
 }
 
 const XMLObject* DynamicMetadataProvider::getMetadata() const
@@ -204,7 +203,7 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
         }
 
         // Filter it, which may throw.
-        doFilters(*entity2.get());
+        doFilters(*entity2);
 
         time_t now = time(nullptr);
         if (entity2->getValidUntil() && entity2->getValidUntilEpoch() < now + 60)
@@ -233,14 +232,15 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
         m_lock->wrlock();
 
         // Notify observers.
-        emitChangeEvent();
+        emitChangeEvent(*entity2);
 
         // Record the proper refresh time.
         m_cacheMap[entity2->getEntityID()] = now + cacheExp;
 
         // Make sure we clear out any existing copies, including stale metadata or if somebody snuck in.
         cacheExp = SAMLTIME_MAX;
-        indexEntity(entity2.release(), cacheExp, true);
+        indexEntity(entity2.get(), cacheExp, true);
+        entity2.release();
 
         m_lastUpdate = now;
 

diff --git a/saml/saml2/metadata/impl/EntityAttributesEntityMatcher.cpp b/saml/saml2/metadata/impl/EntityAttributesEntityMatcher.cpp
new file mode 100644 (file)
index 0000000..863b1e7
--- /dev/null
+++ b/saml/saml2/metadata/impl/EntityAttributesEntityMatcher.cpp
@@ -0,0 +1,235 @@
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+/**
+ * EntityAttributesEntityMatcher.cpp
+ *
+ * EntityMatcher that applies a set of input attributes.
+ */
+
+#include "internal.h"
+#include "saml2/metadata/EntityMatcher.h"
+#include "saml2/metadata/Metadata.h"
+
+#include <boost/scoped_ptr.hpp>
+#include <boost/shared_ptr.hpp>
+#include <boost/iterator/indirect_iterator.hpp>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/casts.hpp>
+#include <boost/lambda/lambda.hpp>
+#include <xercesc/util/XMLUniDefs.hpp>
+#include <xercesc/util/regx/RegularExpression.hpp>
+#include <xmltooling/logging.h>
+#include <xmltooling/util/XMLHelper.h>
+
+using namespace opensaml::saml2md;
+using namespace opensaml::saml2;
+using namespace opensaml;
+using namespace xmltooling::logging;
+using namespace xmltooling;
+using namespace boost::lambda;
+using namespace boost;
+using namespace std;
+
+namespace opensaml {
+    namespace saml2md {
+        class SAML_DLLLOCAL EntityAttributesEntityMatcher : public EntityMatcher
+        {
+        public:
+            EntityAttributesEntityMatcher(const DOMElement* e);
+            ~EntityAttributesEntityMatcher() {}
+
+            bool matches(const EntityDescriptor& entity) const;
+
+        private:
+            bool _matches(const EntityAttributes*, const Attribute*) const;
+
+            bool m_trimTags;
+            vector< boost::shared_ptr<Attribute> > m_tags;
+        };
+
+        EntityMatcher* SAML_DLLLOCAL EntityAttributesEntityMatcherFactory(const DOMElement* const & e)
+        {
+            return new EntityAttributesEntityMatcher(e);
+        }
+
+        static const XMLCh attributeName[] =        UNICODE_LITERAL_13(a,t,t,r,i,b,u,t,e,N,a,m,e);
+        static const XMLCh attributeNameFormat[] =  UNICODE_LITERAL_19(a,t,t,r,i,b,u,t,e,N,a,m,e,F,o,r,m,a,t);
+        static const XMLCh attributeValue[] =       UNICODE_LITERAL_14(a,t,t,r,i,b,u,t,e,V,a,l,u,e);
+        static const XMLCh attributeValueRegex[] =  UNICODE_LITERAL_19(a,t,t,r,i,b,u,t,e,V,a,l,u,e,R,e,g,e,x);
+        static const XMLCh regex[] =                UNICODE_LITERAL_5(r,e,g,e,x);
+        static const XMLCh trimTags[] =             UNICODE_LITERAL_8(t,r,i,m,T,a,g,s);
+    };
+};
+
+
+EntityAttributesEntityMatcher::EntityAttributesEntityMatcher(const DOMElement* e)
+    : m_trimTags(XMLHelper::getAttrBool(e, false, trimTags))
+{
+    // Check for shorthand syntax.
+    if (e && e->hasAttributeNS(nullptr, attributeName) && (e->hasAttributeNS(nullptr, attributeValue) || e->hasAttributeNS(nullptr, attributeValueRegex))) {
+        boost::shared_ptr<Attribute> np(AttributeBuilder::buildAttribute());
+        np->setName(e->getAttributeNS(nullptr, attributeName));
+        np->setNameFormat(e->getAttributeNS(nullptr, attributeNameFormat));
+        auto_ptr<AttributeValue> nval(AttributeValueBuilder::buildAttributeValue());
+        if (e->hasAttributeNS(nullptr, attributeValue)) {
+            nval->setTextContent(e->getAttributeNS(nullptr, attributeValue));
+        }
+        else {
+            nval->setTextContent(e->getAttributeNS(nullptr, attributeValueRegex));
+            // Use as a signal later that the value is a regex.
+            nval->setAttribute(xmltooling::QName(nullptr, regex), xmlconstants::XML_ONE);
+        }
+        np->getAttributeValues().push_back(nval.get());
+        nval.release();
+        m_tags.push_back(np);
+    }
+
+    DOMElement* child = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_NS, Attribute::LOCAL_NAME);
+    while (child) {
+        boost::shared_ptr<XMLObject> obj(AttributeBuilder::buildOneFromElement(child));
+        m_tags.push_back(boost::shared_dynamic_cast<Attribute>(obj));
+        child = XMLHelper::getNextSiblingElement(child, samlconstants::SAML20_NS, Attribute::LOCAL_NAME);
+    }
+
+    if (m_tags.empty())
+        throw XMLToolingException("EntityAttributes EntityMatcher requires at least one saml2:Attribute to match.");
+}
+
+bool EntityAttributesEntityMatcher::matches(const EntityDescriptor& entity) const
+{
+    // Check for a tag match in the EntityAttributes extension of the entity and its parent(s).
+    const Extensions* exts = entity.getExtensions();
+    if (exts) {
+        const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
+        const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
+        if (xo) {
+            // If we find a matching tag, we win. Each tag is treated in OR fashion.
+            if (find_if(m_tags.begin(), m_tags.end(),
+                lambda::bind(&EntityAttributesEntityMatcher::_matches, this, dynamic_cast<const EntityAttributes*>(xo),
+                    lambda::bind(&boost::shared_ptr<Attribute>::get, _1))) != m_tags.end()) {
+                return true;
+            }
+        }
+    }
+
+    const EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(entity.getParent());
+    while (group) {
+        exts = group->getExtensions();
+        if (exts) {
+            const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
+            const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
+            if (xo) {
+                // If we find a matching tag, we win. Each tag is treated in OR fashion.
+                if (find_if(m_tags.begin(), m_tags.end(),
+                    lambda::bind(&EntityAttributesEntityMatcher::_matches, this, dynamic_cast<const EntityAttributes*>(xo),
+                        lambda::bind(&boost::shared_ptr<Attribute>::get, _1))) != m_tags.end()) {
+                    return true;
+                }
+            }
+        }
+        group = dynamic_cast<EntitiesDescriptor*>(group->getParent());
+    }
+
+    return false;
+}
+
+bool EntityAttributesEntityMatcher::_matches(const EntityAttributes* ea, const Attribute* tag) const
+{
+    const vector<Attribute*>& attrs = ea->getAttributes();
+    const vector<XMLObject*>& tagvals = tag->getAttributeValues();
+    if (!attrs.empty() && !tagvals.empty()) {
+        // Track whether we've found every tag value.
+        vector<bool> flags(tagvals.size());
+
+        // Holds the active regex, if any.
+        scoped_ptr<RegularExpression> re;
+        xmltooling::QName regexQName(nullptr, regex);
+
+        // Check each attribute/tag in the candidate.
+        for (indirect_iterator<vector<Attribute*>::const_iterator> a = make_indirect_iterator(attrs.begin());
+                a != make_indirect_iterator(attrs.end()); ++a) {
+            // Compare Name and NameFormat for a matching tag.
+            if (XMLString::equals(a->getName(), tag->getName()) &&
+                (!tag->getNameFormat() || XMLString::equals(tag->getNameFormat(), Attribute::UNSPECIFIED) ||
+                    XMLString::equals(tag->getNameFormat(), a->getNameFormat()))) {
+
+                // Check each tag value's simple content for a match.
+                for (vector<XMLObject*>::size_type tagindex = 0; tagindex < tagvals.size(); ++tagindex) {
+                    const XMLObject* tagval = tagvals[tagindex];
+                    const XMLCh* tagvalstr = (tagval->getDOM()) ? tagval->getDOM()->getTextContent() : tagval->getTextContent();
+                    re.reset();
+
+                    // Check for a regex flag.
+                    if (dynamic_cast<const AttributeExtensibleXMLObject*>(tagval)) {
+                        const XMLCh* reflag = dynamic_cast<const AttributeExtensibleXMLObject*>(tagval)->getAttribute(regexQName);
+                        if (reflag && (*reflag == chDigit_1 || *reflag == chLatin_t)) {
+                            try {
+                                re.reset(new RegularExpression(tagvalstr));
+                            }
+                            catch (XMLException& ex) {
+                                auto_ptr_char msg(ex.getMessage());
+                                Category::getInstance(SAML_LOGCAT".EntityMatcher.EntityAttributes").error(msg.get());
+                            }
+                        }
+                    }
+                    
+                    const vector<XMLObject*>& cvals = const_cast<const Attribute&>(*a).getAttributeValues();
+                    for (indirect_iterator<vector<XMLObject*>::const_iterator> cval = make_indirect_iterator(cvals.begin());
+                            cval != make_indirect_iterator(cvals.end()); ++cval) {
+                        const XMLCh* cvalstr = cval->getDOM() ? cval->getDOM()->getTextContent() : cval->getTextContent();
+                        if (tagvalstr && cvalstr) {
+                            if (re) {
+                                try {
+                                    if (re->matches(cvalstr)) {
+                                        flags[tagindex] = true;
+                                        break;
+                                    }
+                                }
+                                catch (XMLException& ex) {
+                                    auto_ptr_char msg(ex.getMessage());
+                                    Category::getInstance(SAML_LOGCAT".EntityMatcher.EntityAttributes").error(msg.get());
+                                }
+                            }
+                            else if (XMLString::equals(tagvalstr, cvalstr)) {
+                                flags[tagindex] = true;
+                                break;
+                            }
+                            else if (m_trimTags) {
+                                XMLCh* dup = XMLString::replicate(cvalstr);
+                                XMLString::trim(dup);
+                                if (XMLString::equals(tagvalstr, dup)) {
+                                    XMLString::release(&dup);
+                                    flags[tagindex] = true;
+                                    break;
+                                }
+                                XMLString::release(&dup);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        if (find(flags.begin(), flags.end(), false) == flags.end())
+            return true;
+    }
+    return false;
+}

diff --git a/saml/saml2/metadata/impl/EntityAttributesMetadataFilter.cpp b/saml/saml2/metadata/impl/EntityAttributesMetadataFilter.cpp
new file mode 100644 (file)
index 0000000..bb1bfdf
--- /dev/null
+++ b/saml/saml2/metadata/impl/EntityAttributesMetadataFilter.cpp
@@ -0,0 +1,154 @@
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+/**
+ * EntityAttributesMetadataFilter.cpp
+ *
+ * Adds EntityAttributes tags to entities.
+ */
+
+#include "internal.h"
+#include "saml2/metadata/Metadata.h"
+#include "saml2/metadata/MetadataFilter.h"
+
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/casts.hpp>
+#include <boost/lambda/lambda.hpp>
+#include <boost/shared_ptr.hpp>
+#include <boost/iterator/indirect_iterator.hpp>
+#include <xmltooling/logging.h>
+
+using namespace opensaml::saml2;
+using namespace opensaml::saml2md;
+using namespace xmltooling::logging;
+using namespace xmltooling;
+using namespace boost::lambda;
+using namespace boost;
+using namespace std;
+
+namespace opensaml {
+    namespace saml2md {
+
+        class SAML_DLLLOCAL EntityAttributesMetadataFilter : public MetadataFilter
+        {
+        public:
+            EntityAttributesMetadataFilter(const DOMElement* e);
+            ~EntityAttributesMetadataFilter() {}
+
+            const char* getId() const { return ENTITYATTR_METADATA_FILTER; }
+            void doFilter(XMLObject& xmlObject) const;
+
+        private:
+            void filterEntity(EntityDescriptor* entity) const;
+            void filterGroup(EntitiesDescriptor* entities) const;
+
+            vector< boost::shared_ptr<Attribute> > m_attributes;
+            typedef multimap<xstring,const Attribute*> applymap_t;
+            applymap_t m_applyMap;
+        };
+
+        MetadataFilter* SAML_DLLLOCAL EntityAttributesMetadataFilterFactory(const DOMElement* const & e)
+        {
+            return new EntityAttributesMetadataFilter(e);
+        }
+
+        static const XMLCh Entity[] =   UNICODE_LITERAL_6(E,n,t,i,t,y);
+
+    };
+};
+
+
+EntityAttributesMetadataFilter::EntityAttributesMetadataFilter(const DOMElement* e)
+{
+    // Contains ordered set of Attribute and Entity elements.
+    // We track each Attribute we find, and then consume an Entity by adding.
+    // a mapping from the Entity to every Attribute seen to that point.
+    DOMElement* child = XMLHelper::getFirstChildElement(e);
+    while (child) {
+        if (XMLHelper::isNodeNamed(child, samlconstants::SAML20_NS, Attribute::LOCAL_NAME)) {
+            boost::shared_ptr<XMLObject> obj(AttributeBuilder::buildOneFromElement(child));
+            m_attributes.push_back(boost::shared_dynamic_cast<Attribute>(obj));
+        }
+        else if (XMLString::equals(child->getLocalName(), Entity)) {
+            const XMLCh* eid = child->getTextContent();
+            if (eid && *eid) {
+                for (vector< boost::shared_ptr<Attribute> >::const_iterator a = m_attributes.begin(); a != m_attributes.end(); ++a)
+                    m_applyMap.insert(applymap_t::value_type(eid, a->get()));
+            }
+        }
+        child = XMLHelper::getNextSiblingElement(child);
+    }
+}
+
+void EntityAttributesMetadataFilter::doFilter(XMLObject& xmlObject) const
+{
+    EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(&xmlObject);
+    if (group) {
+        filterGroup(group);
+    }
+    else {
+        EntityDescriptor* entity = dynamic_cast<EntityDescriptor*>(&xmlObject);
+        if (entity) {
+            filterEntity(entity);
+        }
+        else {
+            throw MetadataFilterException(ENTITYATTR_METADATA_FILTER" MetadataFilter was given an improper metadata instance to filter.");
+        }
+    }
+}
+
+void EntityAttributesMetadataFilter::filterGroup(EntitiesDescriptor* entities) const
+{
+    const vector<EntityDescriptor*>& v = const_cast<const EntitiesDescriptor*>(entities)->getEntityDescriptors();
+    for_each(v.begin(), v.end(), lambda::bind(&EntityAttributesMetadataFilter::filterEntity, this, _1));
+
+    const vector<EntitiesDescriptor*>& v2 = const_cast<const EntitiesDescriptor*>(entities)->getEntitiesDescriptors();
+    for_each(v2.begin(), v2.end(), lambda::bind(&EntityAttributesMetadataFilter::filterGroup, this, _1));
+}
+
+void EntityAttributesMetadataFilter::filterEntity(EntityDescriptor* entity) const
+{
+    if (entity->getEntityID()) {
+        pair<applymap_t::const_iterator,applymap_t::const_iterator> tags = m_applyMap.equal_range(entity->getEntityID());
+        if (tags.first != tags.second) {
+            Extensions* exts = entity->getExtensions();
+            if (!exts) {
+                entity->setExtensions(ExtensionsBuilder::buildExtensions());
+                exts = entity->getExtensions();
+            }
+            EntityAttributes* wrapper = nullptr;
+            const vector<XMLObject*>& children = const_cast<const Extensions*>(exts)->getUnknownXMLObjects();
+            XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
+            if (xo) {
+                wrapper = dynamic_cast<EntityAttributes*>(xo);
+            }
+            else {
+                wrapper = EntityAttributesBuilder::buildEntityAttributes();
+                exts->getUnknownXMLObjects().push_back(wrapper);
+            }
+            VectorOf(Attribute) attrs = wrapper->getAttributes();
+            for (; tags.first != tags.second; ++tags.first) {
+                auto_ptr<Attribute> np(tags.first->second->cloneAttribute());
+                attrs.push_back(np.get());
+                np.release();
+            }
+        }
+    }
+}

diff --git a/saml/saml2/metadata/impl/EntityRoleMetadataFilter.cpp b/saml/saml2/metadata/impl/EntityRoleMetadataFilter.cpp
index c6feb6d..cce0b39 100644 (file)
--- a/saml/saml2/metadata/impl/EntityRoleMetadataFilter.cpp
+++ b/saml/saml2/metadata/impl/EntityRoleMetadataFilter.cpp
@@ -29,7 +29,6 @@
 #include "saml2/metadata/MetadataFilter.h"
 
 #include <xmltooling/logging.h>
-#include <xmltooling/util/NDC.h>
 
 using namespace opensaml::saml2md;
 using namespace xmltooling::logging;
@@ -95,7 +94,7 @@ EntityRoleMetadataFilter::EntityRoleMetadataFilter(const DOMElement* e)
             else if (*q == AuthzDecisionQueryDescriptorType::TYPE_QNAME)
                 m_authzq = true;
             else
-                m_roles.insert(*q.get());
+                m_roles.insert(*q);
         }
         e = XMLHelper::getNextSiblingElement(e, RetainedRole);
     }
@@ -103,33 +102,27 @@ EntityRoleMetadataFilter::EntityRoleMetadataFilter(const DOMElement* e)
 
 void EntityRoleMetadataFilter::doFilter(XMLObject& xmlObject) const
 {
-#ifdef _DEBUG
-    NDC ndc("doFilter");
-#endif
-
-    try {
-        doFilter(dynamic_cast<EntitiesDescriptor&>(xmlObject));
-        return;
-    }
-    catch (bad_cast) {
-    }
-
-    try {
-        doFilter(dynamic_cast<EntityDescriptor&>(xmlObject));
-        return;
+    EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(&xmlObject);
+    if (group) {
+        doFilter(*group);
     }
-    catch (bad_cast) {
+    else {
+        EntityDescriptor* entity = dynamic_cast<EntityDescriptor*>(&xmlObject);
+        if (entity) {
+            doFilter(*entity);
+        }
+        else {
+            throw MetadataFilterException(ENTITYROLE_METADATA_FILTER" MetadataFilter was given an improper metadata instance to filter.");
+        }
     }
-
-    throw MetadataFilterException("EntityRoleWhiteList MetadataFilter was given an improper metadata instance to filter.");
 }
 
 void EntityRoleMetadataFilter::doFilter(EntitiesDescriptor& entities) const
 {
-    Category& log=Category::getInstance(SAML_LOGCAT".MetadataFilter.EntityRoleWhiteList");
+    Category& log=Category::getInstance(SAML_LOGCAT".MetadataFilter."ENTITYROLE_METADATA_FILTER);
 
-    VectorOf(EntityDescriptor) v=entities.getEntityDescriptors();
-    for (VectorOf(EntityDescriptor)::size_type i=0; i<v.size(); ) {
+    VectorOf(EntityDescriptor) v = entities.getEntityDescriptors();
+    for (VectorOf(EntityDescriptor)::size_type i = 0; i < v.size(); ) {
         doFilter(*v[i]);
         if (m_removeRolelessEntityDescriptors) {
             const EntityDescriptor& e = const_cast<const EntityDescriptor&>(*v[i]);
@@ -151,8 +144,8 @@ void EntityRoleMetadataFilter::doFilter(EntitiesDescriptor& entities) const
         i++;
     }
 
-    VectorOf(EntitiesDescriptor) groups=entities.getEntitiesDescriptors();
-    for (VectorOf(EntitiesDescriptor)::size_type j=0; j<groups.size(); ) {
+    VectorOf(EntitiesDescriptor) groups = entities.getEntitiesDescriptors();
+    for (VectorOf(EntitiesDescriptor)::size_type j = 0; j < groups.size(); ) {
         EntitiesDescriptor* group = groups[j];
         doFilter(*group);
         if (m_removeEmptyEntitiesDescriptors && group->getEntitiesDescriptors().empty() && group->getEntityDescriptors().empty()) {
@@ -191,7 +184,7 @@ void EntityRoleMetadataFilter::doFilter(EntityDescriptor& entity) const
         entity.getAuthzDecisionQueryDescriptorTypes().clear();
 
     VectorOf(RoleDescriptor) v = entity.getRoleDescriptors();
-    for (VectorOf(RoleDescriptor)::size_type i=0; i<v.size(); ) {
+    for (VectorOf(RoleDescriptor)::size_type i = 0; i < v.size(); ) {
         const xmltooling::QName* type = v[i]->getSchemaType();
         if (!type || m_roles.find(*type) != m_roles.end())
             v.erase(v.begin() + i);

diff --git a/saml/saml2/metadata/impl/FolderMetadataProvider.cpp b/saml/saml2/metadata/impl/FolderMetadataProvider.cpp
index 46bbc31..a6b61e3 100644 (file)
--- a/saml/saml2/metadata/impl/FolderMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/FolderMetadataProvider.cpp
@@ -59,6 +59,7 @@ namespace opensaml {
         static const XMLCh Chaining[] =             UNICODE_LITERAL_8(C,h,a,i,n,i,n,g);
         static const XMLCh _MetadataProvider[] =    UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);
         static const XMLCh discoveryFeed[] =        UNICODE_LITERAL_13(d,i,s,c,o,v,e,r,y,F,e,e,d);
+        static const XMLCh dropDOM[] =              UNICODE_LITERAL_7(d,r,o,p,D,O,M);
         static const XMLCh legacyOrgNames[] =       UNICODE_LITERAL_14(l,e,g,a,c,y,O,r,g,N,a,m,e,s);
         static const XMLCh path[] =                 UNICODE_LITERAL_4(p,a,t,h);
         static const XMLCh precedence[] =           UNICODE_LITERAL_10(p,r,e,c,e,d,e,n,c,e);
@@ -143,6 +144,8 @@ namespace opensaml {
                     child->setAttributeNS(nullptr, discoveryFeed, e->getAttributeNS(nullptr, discoveryFeed));
                 if (e->hasAttributeNS(nullptr, legacyOrgNames))
                     child->setAttributeNS(nullptr, legacyOrgNames, e->getAttributeNS(nullptr, legacyOrgNames));
+                if (e->hasAttributeNS(nullptr, dropDOM))
+                    child->setAttributeNS(nullptr, dropDOM, e->getAttributeNS(nullptr, dropDOM));
 
                 DOMElement* filter = XMLHelper::getFirstChildElement(e);
                 while (filter) {

diff --git a/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp b/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
index 04094d7..16a79d2 100644 (file)
--- a/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
+++ b/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
@@ -43,16 +43,6 @@ MetadataCredentialCriteria::MetadataCredentialCriteria(const RoleDescriptor& rol
     }
 }
 
-void MetadataCredentialCriteria::reset()
-{
-    CredentialCriteria::reset();
-    const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(m_role.getParent());
-    if (entity) {
-        auto_ptr_char name(entity->getEntityID());
-        setPeerName(name.get());
-    }
-}
-
 bool MetadataCredentialCriteria::matches(const Credential& credential) const
 {
     const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());

diff --git a/saml/saml2/metadata/impl/MetadataImpl.cpp b/saml/saml2/metadata/impl/MetadataImpl.cpp
index be7815e..89f39e8 100644 (file)
--- a/saml/saml2/metadata/impl/MetadataImpl.cpp
+++ b/saml/saml2/metadata/impl/MetadataImpl.cpp
@@ -44,14 +44,14 @@
 #include <xmltooling/util/XMLHelper.h>
 
 #include <ctime>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/if.hpp>
+#include <boost/lambda/lambda.hpp>
 #include <xercesc/util/XMLUniDefs.hpp>
 #include <xsec/framework/XSECDefs.hpp>
 
 using namespace samlconstants;
 using namespace opensaml::saml2md;
-using namespace opensaml::saml2;
-using namespace xmlencryption;
-using namespace xmlsignature;
 using namespace xmltooling;
 using namespace std;
 using xmlconstants::XMLSIG_NS;
@@ -113,9 +113,7 @@ namespace opensaml {
             }
 
             void _clone(const localizedNameTypeImpl& src) {
-                setLang(src.getLang());
-                if (src.m_LangPrefix)
-                    m_LangPrefix = XMLString::replicate(src.m_LangPrefix);
+                IMPL_CLONE_FOREIGN_ATTRIB(Lang);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(localizedNameType);
@@ -179,9 +177,7 @@ namespace opensaml {
             }
 
             void _clone(const localizedURITypeImpl& src) {
-                setLang(src.getLang());
-                if (src.m_LangPrefix)
-                    m_LangPrefix = XMLString::replicate(src.m_LangPrefix);
+                IMPL_CLONE_FOREIGN_ATTRIB(Lang);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(localizedURIType);
@@ -292,11 +288,7 @@ namespace opensaml {
 
             ExtensionsImpl(const ExtensionsImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                    if (*i) {
-                        getUnknownXMLObjects().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
             }
 
             IMPL_XMLOBJECT_CLONE(Extensions);
@@ -349,23 +341,10 @@ namespace opensaml {
                     : AbstractXMLObject(src), AbstractComplexElement(src),
                         AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
-                for (vector<OrganizationName*>::const_iterator i=src.m_OrganizationNames.begin(); i!=src.m_OrganizationNames.end(); i++) {
-                    if (*i) {
-                        getOrganizationNames().push_back((*i)->cloneOrganizationName());
-                    }
-                }
-                for (vector<OrganizationDisplayName*>::const_iterator j=src.m_OrganizationDisplayNames.begin(); j!=src.m_OrganizationDisplayNames.end(); j++) {
-                    if (*j) {
-                        getOrganizationDisplayNames().push_back((*j)->cloneOrganizationDisplayName());
-                    }
-                }
-                for (vector<OrganizationURL*>::const_iterator k=src.m_OrganizationURLs.begin(); k!=src.m_OrganizationURLs.end(); k++) {
-                    if (*k) {
-                        getOrganizationURLs().push_back((*k)->cloneOrganizationURL());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILD(Extensions);
+                IMPL_CLONE_TYPED_CHILDREN(OrganizationName);
+                IMPL_CLONE_TYPED_CHILDREN(OrganizationDisplayName);
+                IMPL_CLONE_TYPED_CHILDREN(OrganizationURL);
             }
 
             IMPL_XMLOBJECT_CLONE(Organization);
@@ -437,25 +416,13 @@ namespace opensaml {
                     : AbstractXMLObject(src), AbstractComplexElement(src),
                         AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
-                if (src.getCompany())
-                    setCompany(src.getCompany()->cloneCompany());
-                if (src.getGivenName())
-                    setGivenName(src.getGivenName()->cloneGivenName());
-                if (src.getSurName())
-                    setSurName(src.getSurName()->cloneSurName());
-
-                for (vector<EmailAddress*>::const_iterator i=src.m_EmailAddresss.begin(); i!=src.m_EmailAddresss.end(); i++) {
-                    if (*i) {
-                        getEmailAddresss().push_back((*i)->cloneEmailAddress());
-                    }
-                }
-                for (vector<TelephoneNumber*>::const_iterator j=src.m_TelephoneNumbers.begin(); j!=src.m_TelephoneNumbers.end(); j++) {
-                    if (*j) {
-                        getTelephoneNumbers().push_back((*j)->cloneTelephoneNumber());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(ContactType);
+                IMPL_CLONE_TYPED_CHILD(Extensions);
+                IMPL_CLONE_TYPED_CHILD(Company);
+                IMPL_CLONE_TYPED_CHILD(GivenName);
+                IMPL_CLONE_TYPED_CHILD(SurName);
+                IMPL_CLONE_TYPED_CHILDREN(EmailAddress);
+                IMPL_CLONE_TYPED_CHILDREN(TelephoneNumber);
             }
 
             IMPL_XMLOBJECT_CLONE(ContactPerson);
@@ -521,7 +488,7 @@ namespace opensaml {
             AdditionalMetadataLocationImpl(const AdditionalMetadataLocationImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setNamespace(src.getNamespace());
+                IMPL_CLONE_ATTRIB(Namespace);
             }
 
             IMPL_XMLOBJECT_CLONE(AdditionalMetadataLocation);
@@ -564,14 +531,9 @@ namespace opensaml {
             KeyDescriptorImpl(const KeyDescriptorImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setUse(src.getUse());
-                if (src.getKeyInfo())
-                    setKeyInfo(src.getKeyInfo()->cloneKeyInfo());
-                for (vector<EncryptionMethod*>::const_iterator i=src.m_EncryptionMethods.begin(); i!=src.m_EncryptionMethods.end(); i++) {
-                    if (*i) {
-                        getEncryptionMethods().push_back((*i)->cloneEncryptionMethod());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Use);
+                IMPL_CLONE_TYPED_CHILD(KeyInfo);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(EncryptionMethod,xmlencryption);
             }
 
             IMPL_XMLOBJECT_CLONE(KeyDescriptor);
@@ -633,14 +595,10 @@ namespace opensaml {
             }
 
             void _clone(const EndpointTypeImpl& src) {
-                setBinding(src.getBinding());
-                setLocation(src.getLocation());
-                setResponseLocation(src.getResponseLocation());
-                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                    if (*i) {
-                        getUnknownXMLObjects().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Binding);
+                IMPL_CLONE_ATTRIB(Location);
+                IMPL_CLONE_ATTRIB(ResponseLocation);
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(EndpointType);
@@ -716,8 +674,8 @@ namespace opensaml {
 
             void _clone(const IndexedEndpointTypeImpl& src) {
                 EndpointTypeImpl::_clone(src);
-                setIndex(src.m_Index);
-                isDefault(src.m_isDefault);
+                IMPL_CLONE_INTEGER_ATTRIB(Index);
+                IMPL_CLONE_BOOLEAN_ATTRIB(isDefault);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(IndexedEndpointType);
@@ -931,41 +889,29 @@ namespace opensaml {
             }
 
             void _clone(const RoleDescriptorImpl& src) {
-                setID(src.getID());
-                setProtocolSupportEnumeration(src.getProtocolSupportEnumeration());
-                setErrorURL(src.getErrorURL());
-                setValidUntil(src.getValidUntil());
-                setCacheDuration(src.getCacheDuration());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
-                if (src.getOrganization())
-                    setOrganization(src.getOrganization()->cloneOrganization());
-
-                for (vector<KeyDescriptor*>::const_iterator i=src.m_KeyDescriptors.begin(); i!=src.m_KeyDescriptors.end(); i++) {
-                    if (*i) {
-                        getKeyDescriptors().push_back((*i)->cloneKeyDescriptor());
-                    }
-                }
-                for (vector<ContactPerson*>::const_iterator j=src.m_ContactPersons.begin(); j!=src.m_ContactPersons.end(); j++) {
-                    if (*j) {
-                        getContactPersons().push_back((*j)->cloneContactPerson());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(ID);
+                IMPL_CLONE_ATTRIB(ProtocolSupportEnumeration);
+                IMPL_CLONE_ATTRIB(ErrorURL);
+                IMPL_CLONE_ATTRIB(ValidUntil);
+                IMPL_CLONE_ATTRIB(CacheDuration);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILD(Extensions);
+                IMPL_CLONE_TYPED_CHILD(Organization);
+                IMPL_CLONE_TYPED_CHILDREN(KeyDescriptor);
+                IMPL_CLONE_TYPED_CHILDREN(ContactPerson);
             }
 
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -1113,11 +1059,7 @@ namespace opensaml {
 
             void _clone(const RoleDescriptorTypeImpl& src) {
                 RoleDescriptorImpl::_clone(src);
-                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                    if (*i) {
-                        getUnknownXMLObjects().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(RoleDescriptorType);
@@ -1170,26 +1112,10 @@ namespace opensaml {
 
             void _clone(const SSODescriptorTypeImpl& src) {
                 RoleDescriptorImpl::_clone(src);
-                for (vector<ArtifactResolutionService*>::const_iterator i=src.m_ArtifactResolutionServices.begin(); i!=src.m_ArtifactResolutionServices.end(); i++) {
-                    if (*i) {
-                        getArtifactResolutionServices().push_back((*i)->cloneArtifactResolutionService());
-                    }
-                }
-                for (vector<SingleLogoutService*>::const_iterator j=src.m_SingleLogoutServices.begin(); j!=src.m_SingleLogoutServices.end(); j++) {
-                    if (*j) {
-                        getSingleLogoutServices().push_back((*j)->cloneSingleLogoutService());
-                    }
-                }
-                for (vector<ManageNameIDService*>::const_iterator k=src.m_ManageNameIDServices.begin(); k!=src.m_ManageNameIDServices.end(); k++) {
-                    if (*k) {
-                        getManageNameIDServices().push_back((*k)->cloneManageNameIDService());
-                    }
-                }
-                for (vector<NameIDFormat*>::const_iterator m=src.m_NameIDFormats.begin(); m!=src.m_NameIDFormats.end(); m++) {
-                    if (*m) {
-                        getNameIDFormats().push_back((*m)->cloneNameIDFormat());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(ArtifactResolutionService);
+                IMPL_CLONE_TYPED_CHILDREN(SingleLogoutService);
+                IMPL_CLONE_TYPED_CHILDREN(ManageNameIDService);
+                IMPL_CLONE_TYPED_CHILDREN(NameIDFormat);
             }
 
             SSODescriptorType* cloneSSODescriptorType() const {
@@ -1248,32 +1174,12 @@ namespace opensaml {
 
             void _clone(const IDPSSODescriptorImpl& src) {
                 SSODescriptorTypeImpl::_clone(src);
-                WantAuthnRequestsSigned(src.m_WantAuthnRequestsSigned);
-                for (vector<SingleSignOnService*>::const_iterator i=src.m_SingleSignOnServices.begin(); i!=src.m_SingleSignOnServices.end(); i++) {
-                    if (*i) {
-                        getSingleSignOnServices().push_back((*i)->cloneSingleSignOnService());
-                    }
-                }
-                for (vector<NameIDMappingService*>::const_iterator j=src.m_NameIDMappingServices.begin(); j!=src.m_NameIDMappingServices.end(); j++) {
-                    if (*j) {
-                        getNameIDMappingServices().push_back((*j)->cloneNameIDMappingService());
-                    }
-                }
-                for (vector<AssertionIDRequestService*>::const_iterator k=src.m_AssertionIDRequestServices.begin(); k!=src.m_AssertionIDRequestServices.end(); k++) {
-                    if (*k) {
-                        getAssertionIDRequestServices().push_back((*k)->cloneAssertionIDRequestService());
-                    }
-                }
-                for (vector<AttributeProfile*>::const_iterator m=src.m_AttributeProfiles.begin(); m!=src.m_AttributeProfiles.end(); m++) {
-                    if (*m) {
-                        getAttributeProfiles().push_back((*m)->cloneAttributeProfile());
-                    }
-                }
-                for (vector<Attribute*>::const_iterator n=src.m_Attributes.begin(); n!=src.m_Attributes.end(); n++) {
-                    if (*n) {
-                        getAttributes().push_back((*n)->cloneAttribute());
-                    }
-                }
+                IMPL_CLONE_BOOLEAN_ATTRIB(WantAuthnRequestsSigned);
+                IMPL_CLONE_TYPED_CHILDREN(SingleSignOnService);
+                IMPL_CLONE_TYPED_CHILDREN(NameIDMappingService);
+                IMPL_CLONE_TYPED_CHILDREN(AssertionIDRequestService);
+                IMPL_CLONE_TYPED_CHILDREN(AttributeProfile);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(IDPSSODescriptor);
@@ -1338,15 +1244,11 @@ namespace opensaml {
                     : AbstractXMLObject(src), AbstractComplexElement(src),
                         AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setName(src.getName());
-                setNameFormat(src.getNameFormat());
-                setFriendlyName(src.getFriendlyName());
-                isRequired(src.m_isRequired);
-                for (vector<XMLObject*>::const_iterator i=src.m_AttributeValues.begin(); i!=src.m_AttributeValues.end(); i++) {
-                    if (*i) {
-                        getAttributeValues().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Name);
+                IMPL_CLONE_ATTRIB(NameFormat);
+                IMPL_CLONE_ATTRIB(FriendlyName);
+                IMPL_CLONE_BOOLEAN_ATTRIB(isRequired);
+                IMPL_CLONE_XMLOBJECT_CHILDREN(AttributeValue);
             }
 
             IMPL_XMLOBJECT_CLONE2(RequestedAttribute,Attribute);
@@ -1428,23 +1330,11 @@ namespace opensaml {
             AttributeConsumingServiceImpl(const AttributeConsumingServiceImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setIndex(src.m_Index);
-                isDefault(src.m_isDefault);
-                for (vector<ServiceName*>::const_iterator i=src.m_ServiceNames.begin(); i!=src.m_ServiceNames.end(); i++) {
-                    if (*i) {
-                        getServiceNames().push_back((*i)->cloneServiceName());
-                    }
-                }
-                for (vector<ServiceDescription*>::const_iterator j=src.m_ServiceDescriptions.begin(); j!=src.m_ServiceDescriptions.end(); j++) {
-                    if (*j) {
-                        getServiceDescriptions().push_back((*j)->cloneServiceDescription());
-                    }
-                }
-                for (vector<RequestedAttribute*>::const_iterator k=src.m_RequestedAttributes.begin(); k!=src.m_RequestedAttributes.end(); k++) {
-                    if (*k) {
-                        getRequestedAttributes().push_back((*k)->cloneRequestedAttribute());
-                    }
-                }
+                IMPL_CLONE_INTEGER_ATTRIB(Index);
+                IMPL_CLONE_BOOLEAN_ATTRIB(isDefault);
+                IMPL_CLONE_TYPED_CHILDREN(ServiceName);
+                IMPL_CLONE_TYPED_CHILDREN(ServiceDescription);
+                IMPL_CLONE_TYPED_CHILDREN(RequestedAttribute);
             }
 
             IMPL_XMLOBJECT_CLONE(AttributeConsumingService);
@@ -1500,18 +1390,10 @@ namespace opensaml {
 
             void _clone(const SPSSODescriptorImpl& src) {
                 SSODescriptorTypeImpl::_clone(src);
-                AuthnRequestsSigned(src.m_AuthnRequestsSigned);
-                WantAssertionsSigned(src.m_WantAssertionsSigned);
-                for (vector<AssertionConsumerService*>::const_iterator i=src.m_AssertionConsumerServices.begin(); i!=src.m_AssertionConsumerServices.end(); i++) {
-                    if (*i) {
-                        getAssertionConsumerServices().push_back((*i)->cloneAssertionConsumerService());
-                    }
-                }
-                for (vector<AttributeConsumingService*>::const_iterator j=src.m_AttributeConsumingServices.begin(); j!=src.m_AttributeConsumingServices.end(); j++) {
-                    if (*j) {
-                        getAttributeConsumingServices().push_back((*j)->cloneAttributeConsumingService());
-                    }
-                }
+                IMPL_CLONE_BOOLEAN_ATTRIB(AuthnRequestsSigned);
+                IMPL_CLONE_BOOLEAN_ATTRIB(WantAssertionsSigned);
+                IMPL_CLONE_TYPED_CHILDREN(AssertionConsumerService);
+                IMPL_CLONE_TYPED_CHILDREN(AttributeConsumingService);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(SPSSODescriptor);
@@ -1576,21 +1458,9 @@ namespace opensaml {
 
             void _clone(const AuthnAuthorityDescriptorImpl& src) {
                 RoleDescriptorImpl::_clone(src);
-                for (vector<AuthnQueryService*>::const_iterator i=src.m_AuthnQueryServices.begin(); i!=src.m_AuthnQueryServices.end(); i++) {
-                    if (*i) {
-                        getAuthnQueryServices().push_back((*i)->cloneAuthnQueryService());
-                    }
-                }
-                for (vector<AssertionIDRequestService*>::const_iterator j=src.m_AssertionIDRequestServices.begin(); j!=src.m_AssertionIDRequestServices.end(); j++) {
-                    if (*j) {
-                        getAssertionIDRequestServices().push_back((*j)->cloneAssertionIDRequestService());
-                    }
-                }
-                for (vector<NameIDFormat*>::const_iterator k=src.m_NameIDFormats.begin(); k!=src.m_NameIDFormats.end(); k++) {
-                    if (*k) {
-                        getNameIDFormats().push_back((*k)->cloneNameIDFormat());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(AuthnQueryService);
+                IMPL_CLONE_TYPED_CHILDREN(AssertionIDRequestService);
+                IMPL_CLONE_TYPED_CHILDREN(NameIDFormat);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AuthnAuthorityDescriptor);
@@ -1635,21 +1505,9 @@ namespace opensaml {
 
             void _clone(const PDPDescriptorImpl& src) {
                 RoleDescriptorImpl::_clone(src);
-                for (vector<AuthzService*>::const_iterator i=src.m_AuthzServices.begin(); i!=src.m_AuthzServices.end(); i++) {
-                    if (*i) {
-                        getAuthzServices().push_back((*i)->cloneAuthzService());
-                    }
-                }
-                for (vector<AssertionIDRequestService*>::const_iterator j=src.m_AssertionIDRequestServices.begin(); j!=src.m_AssertionIDRequestServices.end(); j++) {
-                    if (*j) {
-                        getAssertionIDRequestServices().push_back((*j)->cloneAssertionIDRequestService());
-                    }
-                }
-                for (vector<NameIDFormat*>::const_iterator k=src.m_NameIDFormats.begin(); k!=src.m_NameIDFormats.end(); k++) {
-                    if (*k) {
-                        getNameIDFormats().push_back((*k)->cloneNameIDFormat());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(AuthzService);
+                IMPL_CLONE_TYPED_CHILDREN(AssertionIDRequestService);
+                IMPL_CLONE_TYPED_CHILDREN(NameIDFormat);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(PDPDescriptor);
@@ -1702,31 +1560,11 @@ namespace opensaml {
 
             void _clone(const AttributeAuthorityDescriptorImpl& src) {
                 RoleDescriptorImpl::_clone(src);
-                for (vector<AttributeService*>::const_iterator i=src.m_AttributeServices.begin(); i!=src.m_AttributeServices.end(); i++) {
-                    if (*i) {
-                        getAttributeServices().push_back((*i)->cloneAttributeService());
-                    }
-                }
-                for (vector<AssertionIDRequestService*>::const_iterator j=src.m_AssertionIDRequestServices.begin(); j!=src.m_AssertionIDRequestServices.end(); j++) {
-                    if (*j) {
-                        getAssertionIDRequestServices().push_back((*j)->cloneAssertionIDRequestService());
-                    }
-                }
-                for (vector<NameIDFormat*>::const_iterator k=src.m_NameIDFormats.begin(); k!=src.m_NameIDFormats.end(); k++) {
-                    if (*k) {
-                        getNameIDFormats().push_back((*k)->cloneNameIDFormat());
-                    }
-                }
-                for (vector<AttributeProfile*>::const_iterator m=src.m_AttributeProfiles.begin(); m!=src.m_AttributeProfiles.end(); m++) {
-                    if (*m) {
-                        getAttributeProfiles().push_back((*m)->cloneAttributeProfile());
-                    }
-                }
-                for (vector<Attribute*>::const_iterator n=src.m_Attributes.begin(); n!=src.m_Attributes.end(); n++) {
-                    if (*n) {
-                        getAttributes().push_back((*n)->cloneAttribute());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(AttributeService);
+                IMPL_CLONE_TYPED_CHILDREN(AssertionIDRequestService);
+                IMPL_CLONE_TYPED_CHILDREN(NameIDFormat);
+                IMPL_CLONE_TYPED_CHILDREN(AttributeProfile);
+                IMPL_CLONE_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AttributeAuthorityDescriptor);
@@ -1777,12 +1615,8 @@ namespace opensaml {
 
             void _clone(const QueryDescriptorTypeImpl& src) {
                 RoleDescriptorImpl::_clone(src);
-                WantAssertionsSigned(src.m_WantAssertionsSigned);
-                for (vector<NameIDFormat*>::const_iterator m=src.m_NameIDFormats.begin(); m!=src.m_NameIDFormats.end(); m++) {
-                    if (*m) {
-                        getNameIDFormats().push_back((*m)->cloneNameIDFormat());
-                    }
-                }
+                IMPL_CLONE_BOOLEAN_ATTRIB(WantAssertionsSigned);
+                IMPL_CLONE_TYPED_CHILDREN(NameIDFormat);
             }
 
             QueryDescriptorType* cloneQueryDescriptorType() const {
@@ -1840,11 +1674,7 @@ namespace opensaml {
 
             void _clone(const AttributeQueryDescriptorTypeImpl& src) {
                 QueryDescriptorTypeImpl::_clone(src);
-                for (vector<AttributeConsumingService*>::const_iterator j=src.m_AttributeConsumingServices.begin(); j!=src.m_AttributeConsumingServices.end(); j++) {
-                    if (*j) {
-                        getAttributeConsumingServices().push_back((*j)->cloneAttributeConsumingService());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(AttributeConsumingService);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AttributeQueryDescriptorType);
@@ -1870,11 +1700,7 @@ namespace opensaml {
 
             void _clone(const AuthzDecisionQueryDescriptorTypeImpl& src) {
                 QueryDescriptorTypeImpl::_clone(src);
-                for (vector<ActionNamespace*>::const_iterator j=src.m_ActionNamespaces.begin(); j!=src.m_ActionNamespaces.end(); j++) {
-                    if (*j) {
-                        getActionNamespaces().push_back((*j)->cloneActionNamespace());
-                    }
-                }
+                IMPL_CLONE_TYPED_CHILDREN(ActionNamespace);
             }
 
             IMPL_XMLOBJECT_CLONE_EX(AuthzDecisionQueryDescriptorType);
@@ -1929,25 +1755,14 @@ namespace opensaml {
                     : AbstractXMLObject(src), AbstractComplexElement(src),
                         AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setID(src.getID());
-                setAffiliationOwnerID(src.getAffiliationOwnerID());
-                setValidUntil(src.getValidUntil());
-                setCacheDuration(src.getCacheDuration());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
-
-                for (vector<KeyDescriptor*>::const_iterator i=src.m_KeyDescriptors.begin(); i!=src.m_KeyDescriptors.end(); i++) {
-                    if (*i) {
-                        getKeyDescriptors().push_back((*i)->cloneKeyDescriptor());
-                    }
-                }
-                for (vector<AffiliateMember*>::const_iterator j=src.m_AffiliateMembers.begin(); j!=src.m_AffiliateMembers.end(); j++) {
-                    if (*j) {
-                        getAffiliateMembers().push_back((*j)->cloneAffiliateMember());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(ID);
+                IMPL_CLONE_ATTRIB(AffiliationOwnerID);
+                IMPL_CLONE_ATTRIB(ValidUntil);
+                IMPL_CLONE_ATTRIB(CacheDuration);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILD(Extensions);
+                IMPL_CLONE_TYPED_CHILDREN(KeyDescriptor);
+                IMPL_CLONE_TYPED_CHILDREN(AffiliateMember);
             }
 
             IMPL_XMLOBJECT_CLONE(AffiliationDescriptor);
@@ -1955,14 +1770,14 @@ namespace opensaml {
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -2078,87 +1893,29 @@ namespace opensaml {
                     : AbstractXMLObject(src), AbstractComplexElement(src),
                         AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setID(src.getID());
-                setEntityID(src.getEntityID());
-                setValidUntil(src.getValidUntil());
-                setCacheDuration(src.getCacheDuration());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
-                if (src.getAffiliationDescriptor())
-                    setAffiliationDescriptor(src.getAffiliationDescriptor()->cloneAffiliationDescriptor());
-                if (src.getOrganization())
-                    setOrganization(src.getOrganization()->cloneOrganization());
-
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        IDPSSODescriptor* idp=dynamic_cast<IDPSSODescriptor*>(*i);
-                        if (idp) {
-                            getIDPSSODescriptors().push_back(idp->cloneIDPSSODescriptor());
-                            continue;
-                        }
-
-                        SPSSODescriptor* sp=dynamic_cast<SPSSODescriptor*>(*i);
-                        if (sp) {
-                            getSPSSODescriptors().push_back(sp->cloneSPSSODescriptor());
-                            continue;
-                        }
-
-                        AuthnAuthorityDescriptor* authn=dynamic_cast<AuthnAuthorityDescriptor*>(*i);
-                        if (authn) {
-                            getAuthnAuthorityDescriptors().push_back(authn->cloneAuthnAuthorityDescriptor());
-                            continue;
-                        }
-
-                        AttributeAuthorityDescriptor* attr=dynamic_cast<AttributeAuthorityDescriptor*>(*i);
-                        if (attr) {
-                            getAttributeAuthorityDescriptors().push_back(attr->cloneAttributeAuthorityDescriptor());
-                            continue;
-                        }
-
-                        PDPDescriptor* pdp=dynamic_cast<PDPDescriptor*>(*i);
-                        if (pdp) {
-                            getPDPDescriptors().push_back(pdp->clonePDPDescriptor());
-                            continue;
-                        }
-
-                        AuthnQueryDescriptorType* authnq=dynamic_cast<AuthnQueryDescriptorType*>(*i);
-                        if (authnq) {
-                            getAuthnQueryDescriptorTypes().push_back(authnq->cloneAuthnQueryDescriptorType());
-                            continue;
-                        }
-
-                        AttributeQueryDescriptorType* attrq=dynamic_cast<AttributeQueryDescriptorType*>(*i);
-                        if (attrq) {
-                            getAttributeQueryDescriptorTypes().push_back(attrq->cloneAttributeQueryDescriptorType());
-                            continue;
-                        }
-
-                        AuthzDecisionQueryDescriptorType* authzq=dynamic_cast<AuthzDecisionQueryDescriptorType*>(*i);
-                        if (authzq) {
-                            getAuthzDecisionQueryDescriptorTypes().push_back(authzq->cloneAuthzDecisionQueryDescriptorType());
-                            continue;
-                        }
-
-                        RoleDescriptor* role=dynamic_cast<RoleDescriptor*>(*i);
-                        if (role) {
-                            getRoleDescriptors().push_back(role->cloneRoleDescriptor());
-                            continue;
-                        }
-                    }
-                }
-
-                for (vector<ContactPerson*>::const_iterator j=src.m_ContactPersons.begin(); j!=src.m_ContactPersons.end(); j++) {
-                    if (*j) {
-                        getContactPersons().push_back((*j)->cloneContactPerson());
-                    }
-                }
-                for (vector<AdditionalMetadataLocation*>::const_iterator k=src.m_AdditionalMetadataLocations.begin(); k!=src.m_AdditionalMetadataLocations.end(); k++) {
-                    if (*k) {
-                        getAdditionalMetadataLocations().push_back((*k)->cloneAdditionalMetadataLocation());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(ID);
+                IMPL_CLONE_ATTRIB(EntityID);
+                IMPL_CLONE_ATTRIB(ValidUntil);
+                IMPL_CLONE_ATTRIB(CacheDuration);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILD(Extensions);
+                IMPL_CLONE_TYPED_CHILD(AffiliationDescriptor);
+                IMPL_CLONE_TYPED_CHILD(Organization);
+
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(IDPSSODescriptor);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(SPSSODescriptor);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AuthnAuthorityDescriptor);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AttributeAuthorityDescriptor);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(PDPDescriptor);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AuthnQueryDescriptorType);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AttributeQueryDescriptorType);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(AuthzDecisionQueryDescriptorType);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(RoleDescriptor);
+                IMPL_CLONE_CHILDBAG_END;
+
+                IMPL_CLONE_TYPED_CHILDREN(ContactPerson);
+                IMPL_CLONE_TYPED_CHILDREN(AdditionalMetadataLocation);
             }
 
             IMPL_XMLOBJECT_CLONE(EntityDescriptor);
@@ -2166,14 +1923,14 @@ namespace opensaml {
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -2320,30 +2077,17 @@ namespace opensaml {
             EntitiesDescriptorImpl(const EntitiesDescriptorImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setID(src.getID());
-                setName(src.getName());
-                setValidUntil(src.getValidUntil());
-                setCacheDuration(src.getCacheDuration());
-                if (src.getSignature())
-                    setSignature(src.getSignature()->cloneSignature());
-                if (src.getExtensions())
-                    setExtensions(src.getExtensions()->cloneExtensions());
-
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        EntityDescriptor* e=dynamic_cast<EntityDescriptor*>(*i);
-                        if (e) {
-                            getEntityDescriptors().push_back(e->cloneEntityDescriptor());
-                            continue;
-                        }
+                IMPL_CLONE_ATTRIB(ID);
+                IMPL_CLONE_ATTRIB(Name);
+                IMPL_CLONE_ATTRIB(ValidUntil);
+                IMPL_CLONE_ATTRIB(CacheDuration);
+                IMPL_CLONE_TYPED_CHILD(Signature);
+                IMPL_CLONE_TYPED_CHILD(Extensions);
 
-                        EntitiesDescriptor* es=dynamic_cast<EntitiesDescriptor*>(*i);
-                        if (es) {
-                            getEntitiesDescriptors().push_back(es->cloneEntitiesDescriptor());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(EntityDescriptor);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(EntitiesDescriptor);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(EntitiesDescriptor);
@@ -2351,14 +2095,14 @@ namespace opensaml {
             //IMPL_TYPED_CHILD(Signature);
             // Need customized setter.
         protected:
-            Signature* m_Signature;
+            xmlsignature::Signature* m_Signature;
             list<XMLObject*>::iterator m_pos_Signature;
         public:
-            Signature* getSignature() const {
+            xmlsignature::Signature* getSignature() const {
                 return m_Signature;
             }
 
-            void setSignature(Signature* sig) {
+            void setSignature(xmlsignature::Signature* sig) {
                 prepareForAssignment(m_Signature,sig);
                 *m_pos_Signature=m_Signature=sig;
                 // Sync content reference back up.
@@ -2444,21 +2188,10 @@ namespace opensaml {
 
             EntityAttributesImpl(const EntityAttributesImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        Attribute* a=dynamic_cast<Attribute*>(*i);
-                        if (a) {
-                            getAttributes().push_back(a->cloneAttribute());
-                            continue;
-                        }
-
-                        saml2::Assertion* as=dynamic_cast<saml2::Assertion*>(*i);
-                        if (as) {
-                            getAssertions().push_back(as->cloneAssertion());
-                            continue;
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_FOREIGN_CHILD_IN_BAG(Attribute,saml2);
+                    IMPL_CLONE_TYPED_FOREIGN_CHILD_IN_BAG(Assertion,saml2);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(EntityAttributes);
@@ -2490,12 +2223,8 @@ namespace opensaml {
 
             DigestMethodImpl(const DigestMethodImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src), m_Algorithm(nullptr) {
-                setAlgorithm(src.getAlgorithm());
-                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                    if (*i) {
-                        getUnknownXMLObjects().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Algorithm);
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
             }
 
             IMPL_XMLOBJECT_CLONE(DigestMethod);
@@ -2542,14 +2271,10 @@ namespace opensaml {
             SigningMethodImpl(const SigningMethodImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setAlgorithm(src.getAlgorithm());
-                setMinKeySize(src.m_MinKeySize);
-                setMaxKeySize(src.m_MaxKeySize);
-                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i) {
-                    if (*i) {
-                        getUnknownXMLObjects().push_back((*i)->clone());
-                    }
-                }
+                IMPL_CLONE_ATTRIB(Algorithm);
+                IMPL_CLONE_INTEGER_ATTRIB(MinKeySize);
+                IMPL_CLONE_INTEGER_ATTRIB(MaxKeySize);
+                IMPL_CLONE_XMLOBJECT_CHILDREN(UnknownXMLObject);
             }
 
             IMPL_XMLOBJECT_CLONE(SigningMethod);
@@ -2659,9 +2384,7 @@ namespace opensaml {
             KeywordsImpl(const KeywordsImpl& src)
                     : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setLang(src.getLang());
-                if (src.m_LangPrefix)
-                    m_LangPrefix = XMLString::replicate(src.m_LangPrefix);
+                IMPL_CLONE_FOREIGN_ATTRIB(Lang);
             }
 
             IMPL_XMLOBJECT_CLONE(Keywords);
@@ -2725,11 +2448,9 @@ namespace opensaml {
 
             LogoImpl(const LogoImpl& src) : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
-                setLang(src.getLang());
-                if (src.m_LangPrefix)
-                    m_LangPrefix = XMLString::replicate(src.m_LangPrefix);
-                setHeight(src.m_Height);
-                setWidth(src.m_Width);
+                IMPL_CLONE_FOREIGN_ATTRIB(Lang);
+                IMPL_CLONE_INTEGER_ATTRIB(Height);
+                IMPL_CLONE_INTEGER_ATTRIB(Width);
             }
 
             IMPL_XMLOBJECT_CLONE(Logo);
@@ -2781,49 +2502,15 @@ namespace opensaml {
 
             UIInfoImpl(const UIInfoImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        DisplayName* dn=dynamic_cast<DisplayName*>(*i);
-                        if (dn) {
-                            getDisplayNames().push_back(dn->cloneDisplayName());
-                            continue;
-                        }
-
-                        Description* des=dynamic_cast<Description*>(*i);
-                        if (des) {
-                            getDescriptions().push_back(des->cloneDescription());
-                            continue;
-                        }
-
-                        Keywords* key=dynamic_cast<Keywords*>(*i);
-                        if (key) {
-                            getKeywordss().push_back(key->cloneKeywords());
-                            continue;
-                        }
-
-                                               Logo* logo=dynamic_cast<Logo*>(*i);
-                        if (logo) {
-                            getLogos().push_back(logo->cloneLogo());
-                            continue;
-                        }
-
-                        InformationURL* inf=dynamic_cast<InformationURL*>(*i);
-                        if (inf) {
-                            getInformationURLs().push_back(inf->cloneInformationURL());
-                            continue;
-                        }
-
-                        PrivacyStatementURL* priv=dynamic_cast<PrivacyStatementURL*>(*i);
-                        if (priv) {
-                            getPrivacyStatementURLs().push_back(priv->clonePrivacyStatementURL());
-                            continue;
-                        }
-
-                        if (*i) {
-                            getUnknownXMLObjects().push_back((*i)->clone());
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(DisplayName);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Description);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Keywords);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(Logo);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(InformationURL);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(PrivacyStatementURL);
+                    IMPL_CLONE_XMLOBJECT_CHILD_IN_BAG(UnknownXMLObject);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(UIInfo);
@@ -2870,31 +2557,12 @@ namespace opensaml {
 
             DiscoHintsImpl(const DiscoHintsImpl& src)
                     : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
-                for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
-                    if (*i) {
-                        IPHint* ip=dynamic_cast<IPHint*>(*i);
-                        if (ip) {
-                            getIPHints().push_back(ip->cloneIPHint());
-                            continue;
-                        }
-
-                        DomainHint* dom=dynamic_cast<DomainHint*>(*i);
-                        if (dom) {
-                            getDomainHints().push_back(dom->cloneDomainHint());
-                            continue;
-                        }
-
-                        GeolocationHint* geo=dynamic_cast<GeolocationHint*>(*i);
-                        if (geo) {
-                            getGeolocationHints().push_back(geo->cloneGeolocationHint());
-                            continue;
-                        }
-
-                        if (*i) {
-                            getUnknownXMLObjects().push_back((*i)->clone());
-                        }
-                    }
-                }
+                IMPL_CLONE_CHILDBAG_BEGIN;
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(IPHint);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(DomainHint);
+                    IMPL_CLONE_TYPED_CHILD_IN_BAG(GeolocationHint);
+                    IMPL_CLONE_XMLOBJECT_CHILD_IN_BAG(UnknownXMLObject);
+                IMPL_CLONE_CHILDBAG_END;
             }
 
             IMPL_XMLOBJECT_CLONE(DiscoHints);

diff --git a/saml/saml2/metadata/impl/MetadataProvider.cpp b/saml/saml2/metadata/impl/MetadataProvider.cpp
index 719f8cd..33c852c 100644 (file)
--- a/saml/saml2/metadata/impl/MetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/MetadataProvider.cpp
@@ -29,6 +29,7 @@
 #include "saml2/metadata/MetadataProvider.h"
 
 #include <algorithm>
+#include <boost/lambda/lambda.hpp>
 #include <xercesc/util/XMLUniDefs.hpp>
 #include <xmltooling/logging.h>
 #include <xmltooling/unicode.h>
@@ -39,6 +40,8 @@ using namespace opensaml::saml2md;
 using namespace opensaml;
 using namespace xmltooling::logging;
 using namespace xmltooling;
+using namespace boost::lambda;
+using namespace boost;
 using namespace std;
 
 namespace opensaml {
@@ -53,6 +56,7 @@ namespace opensaml {
         SAML_DLLLOCAL PluginManager<MetadataFilter,string,const DOMElement*>::Factory SignatureMetadataFilterFactory;
         SAML_DLLLOCAL PluginManager<MetadataFilter,string,const DOMElement*>::Factory RequireValidUntilMetadataFilterFactory;
         SAML_DLLLOCAL PluginManager<MetadataFilter,string,const DOMElement*>::Factory EntityRoleMetadataFilterFactory;
+        SAML_DLLLOCAL PluginManager<MetadataFilter,string,const DOMElement*>::Factory EntityAttributesMetadataFilterFactory;
     };
 };
 
@@ -75,6 +79,8 @@ void SAML_API opensaml::saml2md::registerMetadataFilters()
     // additional name matching Java code
     SAMLConfig::getConfig().MetadataFilterManager.registerFactory("RequiredValidUntil", RequireValidUntilMetadataFilterFactory);
     SAMLConfig::getConfig().MetadataFilterManager.registerFactory(ENTITYROLE_METADATA_FILTER, EntityRoleMetadataFilterFactory);
+    SAMLConfig::getConfig().MetadataFilterManager.registerFactory(ENTITYATTR_METADATA_FILTER, EntityAttributesMetadataFilterFactory);
+
 }
 
 static const XMLCh _MetadataFilter[] =  UNICODE_LITERAL_14(M,e,t,a,d,a,t,a,F,i,l,t,e,r);
@@ -83,9 +89,9 @@ static const XMLCh Whitelist[] =        UNICODE_LITERAL_23(W,h,i,t,e,l,i,s,t,M,e
 static const XMLCh SigFilter[] =        UNICODE_LITERAL_23(S,i,g,n,a,t,u,r,e,M,e,t,a,d,a,t,a,F,i,l,t,e,r);
 static const XMLCh Exclude[] =          UNICODE_LITERAL_7(E,x,c,l,u,d,e);
 static const XMLCh Include[] =          UNICODE_LITERAL_7(I,n,c,l,u,d,e);
-static const XMLCh type[] =             UNICODE_LITERAL_4(t,y,p,e);
+static const XMLCh _type[] =            UNICODE_LITERAL_4(t,y,p,e);
 
-MetadataProvider::MetadataProvider(const DOMElement* e)
+MetadataProvider::MetadataProvider(const DOMElement* e) : m_filterContext(nullptr)
 {
 #ifdef _DEBUG
     NDC ndc("MetadataProvider");
@@ -98,10 +104,15 @@ MetadataProvider::MetadataProvider(const DOMElement* e)
         DOMElement* child = XMLHelper::getFirstChildElement(e);
         while (child) {
             if (XMLString::equals(child->getLocalName(), _MetadataFilter)) {
-                string t = XMLHelper::getAttrString(child, nullptr, type);
+                string t = XMLHelper::getAttrString(child, nullptr, _type);
                 if (!t.empty()) {
                     log.info("building MetadataFilter of type %s", t.c_str());
-                    m_filters.push_back(conf.MetadataFilterManager.newPlugin(t.c_str(), child));
+                    auto_ptr<MetadataFilter> np(conf.MetadataFilterManager.newPlugin(t.c_str(), child));
+                    m_filters.push_back(np.get());
+                    np.release();
+                }
+                else {
+                    log.error("MetadataFilter element missing type attribute");
                 }
             }
             else if (XMLString::equals(child->getLocalName(), SigFilter)) {
@@ -129,14 +140,12 @@ MetadataProvider::MetadataProvider(const DOMElement* e)
     }
     catch (XMLToolingException& ex) {
         log.error("caught exception while installing filters: %s", ex.what());
-        for_each(m_filters.begin(),m_filters.end(),xmltooling::cleanup<MetadataFilter>());
         throw;
     }
 }
 
 MetadataProvider::~MetadataProvider()
 {
-    for_each(m_filters.begin(), m_filters.end(), xmltooling::cleanup<MetadataFilter>());
 }
 
 const char* MetadataProvider::getId() const
@@ -151,24 +160,24 @@ void MetadataProvider::addMetadataFilter(MetadataFilter* newFilter)
 
 MetadataFilter* MetadataProvider::removeMetadataFilter(MetadataFilter* oldFilter)
 {
-    for (vector<MetadataFilter*>::iterator i=m_filters.begin(); i!=m_filters.end(); i++) {
-        if (oldFilter==(*i)) {
-            m_filters.erase(i);
-            return oldFilter;
-        }
+    ptr_vector<MetadataFilter>::iterator i = find_if(m_filters.begin(), m_filters.end(), (&_1 == oldFilter));
+    if (i != m_filters.end()) {
+        return m_filters.release(i).release();
     }
     return nullptr;
 }
 
+void MetadataProvider::setContext(const MetadataFilterContext* ctx)
+{
+    m_filterContext = ctx;
+}
+
 void MetadataProvider::doFilters(XMLObject& xmlObject) const
 {
-#ifdef _DEBUG
-    NDC ndc("doFilters");
-#endif
-    Category& log=Category::getInstance(SAML_LOGCAT".Metadata");
-    for (std::vector<MetadataFilter*>::const_iterator i=m_filters.begin(); i!=m_filters.end(); i++) {
-        log.info("applying metadata filter (%s)", (*i)->getId());
-        (*i)->doFilter(xmlObject);
+    Category& log = Category::getInstance(SAML_LOGCAT".Metadata");
+    for (ptr_vector<MetadataFilter>::const_iterator i = m_filters.begin(); i != m_filters.end(); i++) {
+        log.info("applying metadata filter (%s)", i->getId());
+        i->doFilter(m_filterContext, xmlObject);
     }
 }
 
@@ -208,13 +217,13 @@ MetadataProvider::Criteria::~Criteria()
 
 void MetadataProvider::Criteria::reset()
 {
-    entityID_unicode=nullptr;
-    entityID_ascii=nullptr;
-    artifact=nullptr;
-    role=nullptr;
-    protocol=nullptr;
-    protocol2=nullptr;
-    validOnly=true;
+    entityID_unicode = nullptr;
+    entityID_ascii = nullptr;
+    artifact = nullptr;
+    role = nullptr;
+    protocol = nullptr;
+    protocol2 = nullptr;
+    validOnly = true;
 }
 
 MetadataFilter::MetadataFilter()
@@ -224,3 +233,22 @@ MetadataFilter::MetadataFilter()
 MetadataFilter::~MetadataFilter()
 {
 }
+
+void MetadataFilter::doFilter(const MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const
+{
+    // Default call into deprecated method.
+    doFilter(xmlObject);
+}
+
+void MetadataFilter::doFilter(xmltooling::XMLObject& xmlObject) const
+{
+    // Empty default for deprecated method.
+}
+
+MetadataFilterContext::MetadataFilterContext()
+{
+}
+
+MetadataFilterContext::~MetadataFilterContext()
+{
+}

diff --git a/saml/saml2/metadata/impl/NameEntityMatcher.cpp b/saml/saml2/metadata/impl/NameEntityMatcher.cpp
new file mode 100644 (file)
index 0000000..7eb65b0
--- /dev/null
+++ b/saml/saml2/metadata/impl/NameEntityMatcher.cpp
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+/**
+ * NameEntityMatcher.cpp
+ *
+ * EntityMatcher that matches based on name.
+ */
+
+#include "internal.h"
+#include "saml2/metadata/EntityMatcher.h"
+#include "saml2/metadata/Metadata.h"
+
+using namespace opensaml::saml2md;
+using namespace opensaml;
+using namespace xmltooling;
+using namespace std;
+
+namespace opensaml {
+    namespace saml2md {
+        class SAML_DLLLOCAL NameEntityMatcher : public EntityMatcher
+        {
+        public:
+            NameEntityMatcher(const DOMElement* e)
+                    : m_name(e ? e->getAttributeNS(nullptr, EntitiesDescriptor::NAME_ATTRIB_NAME) : nullptr) {
+                if (!m_name || !*m_name)
+                    throw XMLToolingException("Name EntityMatcher missing required Name attribute.");
+            }
+            ~NameEntityMatcher() {}
+
+            bool matches(const EntityDescriptor& entity) const;
+
+        private:
+            const XMLCh* m_name;
+        };
+
+        EntityMatcher* SAML_DLLLOCAL NameEntityMatcherFactory(const DOMElement* const & e)
+        {
+            return new NameEntityMatcher(e);
+        }
+
+        SAML_DLLLOCAL PluginManager<EntityMatcher,string,const DOMElement*>::Factory EntityAttributesEntityMatcherFactory;
+    };
+};
+
+void SAML_API opensaml::saml2md::registerEntityMatchers()
+{
+    SAMLConfig::getConfig().EntityMatcherManager.registerFactory(NAME_ENTITY_MATCHER, NameEntityMatcherFactory);
+    SAMLConfig::getConfig().EntityMatcherManager.registerFactory(ENTITYATTR_ENTITY_MATCHER, EntityAttributesEntityMatcherFactory);
+}
+
+EntityMatcher::EntityMatcher()
+{
+}
+
+EntityMatcher::~EntityMatcher()
+{
+}
+
+bool NameEntityMatcher::matches(const EntityDescriptor& entity) const
+{
+    if (XMLString::equals(m_name, entity.getEntityID()))
+        return true;
+    const EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(entity.getParent());
+    while (group) {
+        if (XMLString::equals(m_name, group->getName()))
+            return true;
+        group = dynamic_cast<EntitiesDescriptor*>(group->getParent());
+    }
+    return false;
+}

diff --git a/saml/saml2/metadata/impl/NullMetadataProvider.cpp b/saml/saml2/metadata/impl/NullMetadataProvider.cpp
index 68f97ca..51e4de2 100644 (file)
--- a/saml/saml2/metadata/impl/NullMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/NullMetadataProvider.cpp
@@ -39,21 +39,19 @@ namespace opensaml {
         class SAML_DLLLOCAL NullMetadataProvider : public DynamicMetadataProvider
         {
         public:
-            NullMetadataProvider(const DOMElement* e) : DynamicMetadataProvider(e), m_template(nullptr) {
+            NullMetadataProvider(const DOMElement* e) : DynamicMetadataProvider(e) {
                 e = XMLHelper::getFirstChildElement(e, samlconstants::SAML20MD_NS, EntityDescriptor::LOCAL_NAME);
                 if (e)
-                    m_template = dynamic_cast<EntityDescriptor*>(XMLObjectBuilder::buildOneFromElement(const_cast<DOMElement*>(e)));
+                    m_template.reset(dynamic_cast<EntityDescriptor*>(XMLObjectBuilder::buildOneFromElement(const_cast<DOMElement*>(e))));
             }
 
-            virtual ~NullMetadataProvider() {
-                delete m_template;
-            }
+            virtual ~NullMetadataProvider() {}
 
         protected:
             EntityDescriptor* resolve(const char* entityID) const;
 
         private:
-            EntityDescriptor* m_template;
+            auto_ptr<EntityDescriptor> m_template;
         }; 
 
         MetadataProvider* SAML_DLLLOCAL NullMetadataProviderFactory(const DOMElement* const & e)
@@ -66,7 +64,7 @@ namespace opensaml {
 EntityDescriptor* NullMetadataProvider::resolve(const char* entityID) const
 {
     // Resolving for us just means fabricating a new dummy element.
-    EntityDescriptor* entity = m_template ? m_template->cloneEntityDescriptor() : EntityDescriptorBuilder::buildEntityDescriptor();
+    EntityDescriptor* entity = m_template.get() ? m_template->cloneEntityDescriptor() : EntityDescriptorBuilder::buildEntityDescriptor();
     auto_ptr_XMLCh temp(entityID);
     entity->setEntityID(temp.get());
     return entity;

diff --git a/saml/saml2/metadata/impl/ObservableMetadataProvider.cpp b/saml/saml2/metadata/impl/ObservableMetadataProvider.cpp
index b286b0c..a2a7248 100644 (file)
--- a/saml/saml2/metadata/impl/ObservableMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/ObservableMetadataProvider.cpp
@@ -27,10 +27,12 @@
 #include "internal.h"
 #include "saml2/metadata/ObservableMetadataProvider.h"
 
+#include <boost/bind.hpp>
 #include <xmltooling/util/Threads.h>
 
 using namespace opensaml::saml2md;
 using namespace xmltooling;
+using namespace boost;
 using namespace std;
 
 ObservableMetadataProvider::ObservableMetadataProvider(const xercesc::DOMElement* e)
@@ -40,15 +42,18 @@ ObservableMetadataProvider::ObservableMetadataProvider(const xercesc::DOMElement
 
 ObservableMetadataProvider::~ObservableMetadataProvider()
 {
-    delete m_observerLock;
 }
 
 void ObservableMetadataProvider::emitChangeEvent() const
 {
     Lock lock(m_observerLock);
-    for (vector<const Observer*>::const_iterator i=m_observers.begin(); i!=m_observers.end(); i++) {
-        (*i)->onEvent(*this);
-    }
+    for_each(m_observers.begin(), m_observers.end(), boost::bind(&Observer::onEvent, _1, boost::cref(*this)));
+}
+
+void ObservableMetadataProvider::emitChangeEvent(const EntityDescriptor& entity) const
+{
+    Lock lock(m_observerLock);
+    for_each(m_observers.begin(), m_observers.end(), boost::bind(&Observer::onEvent, _1, boost::cref(*this), boost::cref(entity)));
 }
 
 void ObservableMetadataProvider::addObserver(const Observer* newObserver) const
@@ -60,11 +65,10 @@ void ObservableMetadataProvider::addObserver(const Observer* newObserver) const
 const ObservableMetadataProvider::Observer* ObservableMetadataProvider::removeObserver(const Observer* oldObserver) const
 {
     Lock lock(m_observerLock);
-    for (vector<const Observer*>::iterator i=m_observers.begin(); i!=m_observers.end(); i++) {
-        if (oldObserver==(*i)) {
-            m_observers.erase(i);
-            return oldObserver;
-        }
+    vector<const Observer*>::iterator i = find(m_observers.begin(), m_observers.end(), oldObserver);
+    if (i != m_observers.end()) {
+        m_observers.erase(i);
+        return oldObserver;
     }
     return nullptr;
 }
@@ -76,3 +80,8 @@ ObservableMetadataProvider::Observer::Observer()
 ObservableMetadataProvider::Observer::~Observer()
 {
 }
+
+void ObservableMetadataProvider::Observer::onEvent(const ObservableMetadataProvider& provider, const EntityDescriptor&) const
+{ 
+    onEvent(provider);
+}

diff --git a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp
index 6b4e82b..da3e787 100644 (file)
--- a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp
+++ b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp
@@ -49,29 +49,11 @@ using namespace std;
 namespace opensaml {
     namespace saml2md {
 
-        class SAML_DLLLOCAL DummyCredentialResolver : public CredentialResolver
-        {
-        public:
-            DummyCredentialResolver() {}
-            ~DummyCredentialResolver() {}
-
-            Lockable* lock() {return this;}
-            void unlock() {}
-
-            const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
-            vector<const Credential*>::size_type resolve(
-                vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
-                ) const {return 0;}
-        };
-
         class SAML_DLLLOCAL SignatureMetadataFilter : public MetadataFilter
         {
         public:
             SignatureMetadataFilter(const DOMElement* e);
-            ~SignatureMetadataFilter() {
-                delete m_credResolver;
-                delete m_trust;
-            }
+            ~SignatureMetadataFilter() {}
 
             const char* getId() const { return SIGNATURE_METADATA_FILTER; }
             void doFilter(XMLObject& xmlObject) const;
@@ -82,8 +64,8 @@ namespace opensaml {
             void verifySignature(Signature* sig, const XMLCh* peerName) const;
 
             bool m_verifyRoles,m_verifyName;
-            CredentialResolver* m_credResolver;
-            SignatureTrustEngine* m_trust;
+            auto_ptr<CredentialResolver> m_credResolver,m_dummyResolver;
+            auto_ptr<SignatureTrustEngine> m_trust;
             SignatureProfileValidator m_profileValidator;
             Category& m_log;
         };
@@ -108,12 +90,11 @@ static const XMLCh verifyName[] =           UNICODE_LITERAL_10(v,e,r,i,f,y,N,a,m
 SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e)
     : m_verifyRoles(XMLHelper::getAttrBool(e, false, verifyRoles)),
         m_verifyName(XMLHelper::getAttrBool(e, true, verifyName)),
-        m_credResolver(nullptr), m_trust(nullptr),
         m_log(Category::getInstance(SAML_LOGCAT".MetadataFilter.Signature"))
 {
     if (e && e->hasAttributeNS(nullptr,certificate)) {
         // Use a file-based credential resolver rooted here.
-        m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e);
+        m_credResolver.reset(XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e));
         return;
     }
 
@@ -121,7 +102,7 @@ SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e)
     if (sub) {
         string t = XMLHelper::getAttrString(sub, nullptr, type);
         if (!t.empty()) {
-            m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), sub);
+            m_credResolver.reset(XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), sub));
             return;
         }
     }
@@ -131,10 +112,15 @@ SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e)
         string t = XMLHelper::getAttrString(sub, nullptr, type);
         if (!t.empty()) {
             TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), sub);
-            if (!(m_trust = dynamic_cast<SignatureTrustEngine*>(trust))) {
+            SignatureTrustEngine* sigTrust = dynamic_cast<SignatureTrustEngine*>(trust);
+            if (!sigTrust) {
                 delete trust;
                 throw MetadataFilterException("TrustEngine-based SignatureMetadataFilter requires a SignatureTrustEngine plugin.");
             }
+            m_trust.reset(sigTrust);
+            m_dummyResolver.reset(XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(DUMMY_CREDENTIAL_RESOLVER, nullptr));
+            if (!m_dummyResolver.get())
+                throw MetadataFilterException("Error creating dummy CredentialResolver.");
             return;
         }
     }
@@ -153,7 +139,7 @@ void SignatureMetadataFilter::doFilter(XMLObject& xmlObject) const
         doFilter(entities, true);
         return;
     }
-    catch (bad_cast) {
+    catch (bad_cast&) {
     }
     catch (exception& ex) {
         m_log.warn("filtering out group at root of instance after failed signature check: %s", ex.what());
@@ -165,7 +151,7 @@ void SignatureMetadataFilter::doFilter(XMLObject& xmlObject) const
         doFilter(entity, true);
         return;
     }
-    catch (bad_cast) {
+    catch (bad_cast&) {
     }
     catch (exception& ex) {
         m_log.warn("filtering out entity at root of instance after failed signature check: %s", ex.what());
@@ -182,8 +168,8 @@ void SignatureMetadataFilter::doFilter(EntitiesDescriptor& entities, bool rootOb
         throw MetadataFilterException("Root metadata element was unsigned.");
     verifySignature(sig, entities.getName());
 
-    VectorOf(EntityDescriptor) v=entities.getEntityDescriptors();
-    for (VectorOf(EntityDescriptor)::size_type i=0; i<v.size(); ) {
+    VectorOf(EntityDescriptor) v = entities.getEntityDescriptors();
+    for (VectorOf(EntityDescriptor)::size_type i = 0; i < v.size(); ) {
         try {
             doFilter(*(v[i]));
             i++;
@@ -195,8 +181,8 @@ void SignatureMetadataFilter::doFilter(EntitiesDescriptor& entities, bool rootOb
         }
     }
 
-    VectorOf(EntitiesDescriptor) w=entities.getEntitiesDescriptors();
-    for (VectorOf(EntitiesDescriptor)::size_type j=0; j<w.size(); ) {
+    VectorOf(EntitiesDescriptor) w = entities.getEntitiesDescriptors();
+    for (VectorOf(EntitiesDescriptor)::size_type j = 0; j < w.size(); ) {
         try {
             doFilter(*w[j], false);
             j++;
@@ -219,8 +205,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
     if (!m_verifyRoles)
         return;
 
-    VectorOf(IDPSSODescriptor) idp=entity.getIDPSSODescriptors();
-    for (VectorOf(IDPSSODescriptor)::size_type i=0; i<idp.size(); ) {
+    VectorOf(IDPSSODescriptor) idp = entity.getIDPSSODescriptors();
+    for (VectorOf(IDPSSODescriptor)::size_type i = 0; i < idp.size(); ) {
         try {
             verifySignature(idp[i]->getSignature(), entity.getEntityID());
             i++;
@@ -234,8 +220,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(SPSSODescriptor) sp=entity.getSPSSODescriptors();
-    for (VectorOf(SPSSODescriptor)::size_type i=0; i<sp.size(); ) {
+    VectorOf(SPSSODescriptor) sp = entity.getSPSSODescriptors();
+    for (VectorOf(SPSSODescriptor)::size_type i = 0; i < sp.size(); ) {
         try {
             verifySignature(sp[i]->getSignature(), entity.getEntityID());
             i++;
@@ -249,8 +235,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(AuthnAuthorityDescriptor) authn=entity.getAuthnAuthorityDescriptors();
-    for (VectorOf(AuthnAuthorityDescriptor)::size_type i=0; i<authn.size(); ) {
+    VectorOf(AuthnAuthorityDescriptor) authn = entity.getAuthnAuthorityDescriptors();
+    for (VectorOf(AuthnAuthorityDescriptor)::size_type i = 0; i < authn.size(); ) {
         try {
             verifySignature(authn[i]->getSignature(), entity.getEntityID());
             i++;
@@ -264,8 +250,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(AttributeAuthorityDescriptor) aa=entity.getAttributeAuthorityDescriptors();
-    for (VectorOf(AttributeAuthorityDescriptor)::size_type i=0; i<aa.size(); ) {
+    VectorOf(AttributeAuthorityDescriptor) aa = entity.getAttributeAuthorityDescriptors();
+    for (VectorOf(AttributeAuthorityDescriptor)::size_type i = 0; i < aa.size(); ) {
         try {
             verifySignature(aa[i]->getSignature(), entity.getEntityID());
             i++;
@@ -279,8 +265,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(PDPDescriptor) pdp=entity.getPDPDescriptors();
-    for (VectorOf(AuthnAuthorityDescriptor)::size_type i=0; i<pdp.size(); ) {
+    VectorOf(PDPDescriptor) pdp = entity.getPDPDescriptors();
+    for (VectorOf(AuthnAuthorityDescriptor)::size_type i = 0; i < pdp.size(); ) {
         try {
             verifySignature(pdp[i]->getSignature(), entity.getEntityID());
             i++;
@@ -294,8 +280,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(AuthnQueryDescriptorType) authnq=entity.getAuthnQueryDescriptorTypes();
-    for (VectorOf(AuthnQueryDescriptorType)::size_type i=0; i<authnq.size(); ) {
+    VectorOf(AuthnQueryDescriptorType) authnq = entity.getAuthnQueryDescriptorTypes();
+    for (VectorOf(AuthnQueryDescriptorType)::size_type i = 0; i < authnq.size(); ) {
         try {
             verifySignature(authnq[i]->getSignature(), entity.getEntityID());
             i++;
@@ -309,8 +295,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(AttributeQueryDescriptorType) attrq=entity.getAttributeQueryDescriptorTypes();
-    for (VectorOf(AttributeQueryDescriptorType)::size_type i=0; i<attrq.size(); ) {
+    VectorOf(AttributeQueryDescriptorType) attrq = entity.getAttributeQueryDescriptorTypes();
+    for (VectorOf(AttributeQueryDescriptorType)::size_type i = 0; i < attrq.size(); ) {
         try {
             verifySignature(attrq[i]->getSignature(), entity.getEntityID());
             i++;
@@ -324,8 +310,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(AuthzDecisionQueryDescriptorType) authzq=entity.getAuthzDecisionQueryDescriptorTypes();
-    for (VectorOf(AuthzDecisionQueryDescriptorType)::size_type i=0; i<authzq.size(); ) {
+    VectorOf(AuthzDecisionQueryDescriptorType) authzq = entity.getAuthzDecisionQueryDescriptorTypes();
+    for (VectorOf(AuthzDecisionQueryDescriptorType)::size_type i = 0; i < authzq.size(); ) {
         try {
             verifySignature(authzq[i]->getSignature(), entity.getEntityID());
             i++;
@@ -339,8 +325,8 @@ void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject
         }
     }
 
-    VectorOf(RoleDescriptor) v=entity.getRoleDescriptors();
-    for (VectorOf(RoleDescriptor)::size_type i=0; i<v.size(); ) {
+    VectorOf(RoleDescriptor) v = entity.getRoleDescriptors();
+    for (VectorOf(RoleDescriptor)::size_type i = 0; i < v.size(); ) {
         try {
             verifySignature(v[i]->getSignature(), entity.getEntityID());
             i++;
@@ -379,12 +365,12 @@ void SignatureMetadataFilter::verifySignature(Signature* sig, const XMLCh* peerN
     cc.setUsage(Credential::SIGNING_CREDENTIAL);
     cc.setSignature(*sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
 
-    if (m_credResolver) {
+    if (m_credResolver.get()) {
         if (peerName) {
             auto_ptr_char pname(peerName);
             cc.setPeerName(pname.get());
         }
-        Locker locker(m_credResolver);
+        Locker locker(m_credResolver.get());
         vector<const Credential*> creds;
         if (m_credResolver->resolve(creds,&cc)) {
             SignatureValidator sigValidator;
@@ -403,13 +389,12 @@ void SignatureMetadataFilter::verifySignature(Signature* sig, const XMLCh* peerN
             throw MetadataFilterException("CredentialResolver did not supply any candidate keys.");
         }
     }
-    else if (m_trust) {
+    else if (m_trust.get()) {
         if (m_verifyName && peerName) {
             auto_ptr_char pname(peerName);
             cc.setPeerName(pname.get());
         }
-        DummyCredentialResolver dummy;
-        if (m_trust->validate(*sig, dummy, &cc))
+        if (m_trust->validate(*sig, *m_dummyResolver, &cc))
             return;
         throw MetadataFilterException("TrustEngine unable to verify signature.");
     }

diff --git a/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp b/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp
index ecedc3e..016745d 100644 (file)
--- a/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp
+++ b/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp
@@ -25,15 +25,16 @@
  */
 
 #include "internal.h"
+#include "saml2/metadata/EntityMatcher.h"
 #include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/MetadataFilter.h"
 
 #include <boost/bind.hpp>
-#include <boost/iterator/indirect_iterator.hpp>
+#include <boost/scoped_ptr.hpp>
 #include <xmltooling/logging.h>
-#include <xmltooling/util/NDC.h>
 
 using namespace opensaml::saml2md;
+using namespace opensaml::saml2;
 using namespace xmltooling::logging;
 using namespace xmltooling;
 using namespace boost;
@@ -41,7 +42,6 @@ using namespace std;
 
 namespace opensaml {
     namespace saml2md {
-
         class SAML_DLLLOCAL WhitelistMetadataFilter : public MetadataFilter
         {
         public:
@@ -52,15 +52,11 @@ namespace opensaml {
             void doFilter(XMLObject& xmlObject) const;
 
         private:
-            void doFilter(EntitiesDescriptor& entities) const;
-
-            bool found(const XMLCh* id) const {
-                if (!id)
-                    return false;
-                return m_set.count(id)==1;
-            }
+            void filterGroup(EntitiesDescriptor*) const;
+            bool included(const EntityDescriptor&) const;
 
-            set<xstring> m_set;
+            set<xstring> m_entities;
+            scoped_ptr<EntityMatcher> m_matcher;
         };
 
         MetadataFilter* SAML_DLLLOCAL WhitelistMetadataFilterFactory(const DOMElement* const & e)
@@ -68,57 +64,56 @@ namespace opensaml {
             return new WhitelistMetadataFilter(e);
         }
 
+        static const XMLCh Include[] = UNICODE_LITERAL_7(I,n,c,l,u,d,e);
+        static const XMLCh _matcher[] = UNICODE_LITERAL_7(m,a,t,c,h,e,r);
     };
 };
 
-static const XMLCh Include[] =  UNICODE_LITERAL_7(I,n,c,l,u,d,e);
 
 WhitelistMetadataFilter::WhitelistMetadataFilter(const DOMElement* e)
 {
-    e = XMLHelper::getFirstChildElement(e);
+    string matcher(XMLHelper::getAttrString(e, nullptr, _matcher));
+    if (!matcher.empty())
+        m_matcher.reset(SAMLConfig::getConfig().EntityMatcherManager.newPlugin(matcher.c_str(), e));
+
+    e = XMLHelper::getFirstChildElement(e, Include);
     while (e) {
-        if (XMLString::equals(e->getLocalName(), Include) && e->hasChildNodes()) {
-            m_set.insert(e->getFirstChild()->getTextContent());
+        if (e->hasChildNodes()) {
+            const XMLCh* incl = e->getTextContent();
+            if (incl && *incl)
+                m_entities.insert(incl);
         }
-        e = XMLHelper::getNextSiblingElement(e);
+        e = XMLHelper::getNextSiblingElement(e, Include);
     }
 }
 
 void WhitelistMetadataFilter::doFilter(XMLObject& xmlObject) const
 {
-#ifdef _DEBUG
-    NDC ndc("doFilter");
-#endif
-
-    try {
-        doFilter(dynamic_cast<EntitiesDescriptor&>(xmlObject));
-        return;
-    }
-    catch (bad_cast&) {
+    EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(&xmlObject);
+    if (group) {
+        filterGroup(group);
     }
-
-    try {
-        EntityDescriptor& entity = dynamic_cast<EntityDescriptor&>(xmlObject);
-        if (!found(entity.getEntityID()))
-            throw MetadataFilterException("WhitelistMetadataFilter instructed to filter the root/only entity in the metadata.");
-        return;
-    }
-    catch (bad_cast&) {
+    else {
+        EntityDescriptor* entity = dynamic_cast<EntityDescriptor*>(&xmlObject);
+        if (entity) {
+            if (!included(*entity))
+                throw MetadataFilterException(WHITELIST_METADATA_FILTER" MetadataFilter instructed to filter the root/only entity in the metadata.");
+        }
+        else {
+            throw MetadataFilterException(WHITELIST_METADATA_FILTER" MetadataFilter was given an improper metadata instance to filter.");
+        }
     }
-
-    throw MetadataFilterException("WhitelistMetadataFilter was given an improper metadata instance to filter.");
 }
 
-void WhitelistMetadataFilter::doFilter(EntitiesDescriptor& entities) const
+void WhitelistMetadataFilter::filterGroup(EntitiesDescriptor* entities) const
 {
-    Category& log=Category::getInstance(SAML_LOGCAT".MetadataFilter.Whitelist");
-
-    VectorOf(EntityDescriptor) v=entities.getEntityDescriptors();
-    for (VectorOf(EntityDescriptor)::size_type i=0; i<v.size(); ) {
-        const XMLCh* id=v[i]->getEntityID();
-        if (!found(id)) {
-            auto_ptr_char id2(id);
-            log.info("filtering out non-whitelisted entity (%s)", id2.get());
+    Category& log = Category::getInstance(SAML_LOGCAT".MetadataFilter."WHITELIST_METADATA_FILTER);
+
+    VectorOf(EntityDescriptor) v = entities->getEntityDescriptors();
+    for (VectorOf(EntityDescriptor)::size_type i = 0; i < v.size(); ) {
+        if (!included(*v[i])) {
+            auto_ptr_char id(v[i]->getEntityID());
+            log.info("filtering out non-whitelisted entity (%s)", id.get());
             v.erase(v.begin() + i);
         }
         else {
@@ -126,11 +121,18 @@ void WhitelistMetadataFilter::doFilter(EntitiesDescriptor& entities) const
         }
     }
 
-    const vector<EntitiesDescriptor*>& groups=const_cast<const EntitiesDescriptor&>(entities).getEntitiesDescriptors();
-    for_each(
-        make_indirect_iterator(groups.begin()), make_indirect_iterator(groups.end()),
-        boost::bind(
-            static_cast<void (WhitelistMetadataFilter::*)(EntitiesDescriptor&) const>(&WhitelistMetadataFilter::doFilter), boost::ref(this), _1
-            )
-        );
+    const vector<EntitiesDescriptor*>& groups = const_cast<const EntitiesDescriptor*>(entities)->getEntitiesDescriptors();
+    for_each(groups.begin(), groups.end(), boost::bind(&WhitelistMetadataFilter::filterGroup, this, _1));
+}
+
+bool WhitelistMetadataFilter::included(const EntityDescriptor& entity) const
+{
+    // Check for entityID.
+    if (entity.getEntityID() && !m_entities.empty() && m_entities.count(entity.getEntityID()) > 0)
+        return true;
+
+    if (m_matcher && m_matcher->matches(entity))
+        return true;
+
+    return false;
 }

diff --git a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
index c65f693..bfb0361 100644 (file)
--- a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
@@ -50,6 +50,7 @@
 using namespace opensaml::saml2md;
 using namespace xmltooling::logging;
 using namespace xmltooling;
+using namespace boost;
 using namespace std;
 
 #if defined (_MSC_VER)
@@ -68,7 +69,6 @@ namespace opensaml {
 
             virtual ~XMLMetadataProvider() {
                 shutdown();
-                delete m_object;
             }
 
             void init() {
@@ -124,7 +124,7 @@ namespace opensaml {
             }
 
             const XMLObject* getMetadata() const {
-                return m_object;
+                return m_object.get();
             }
 
         protected:
@@ -136,8 +136,8 @@ namespace opensaml {
             void index(time_t& validUntil);
             time_t computeNextRefresh();
 
-            XMLObject* m_object;
-            bool m_discoveryFeed;
+            scoped_ptr<XMLObject> m_object;
+            bool m_discoveryFeed,m_dropDOM;
             double m_refreshDelayFactor;
             unsigned int m_backoffFactor;
             time_t m_minRefreshDelay,m_maxRefreshDelay,m_lastValidUntil;
@@ -149,6 +149,7 @@ namespace opensaml {
         }
 
         static const XMLCh discoveryFeed[] =        UNICODE_LITERAL_13(d,i,s,c,o,v,e,r,y,F,e,e,d);
+        static const XMLCh dropDOM[] =              UNICODE_LITERAL_7(d,r,o,p,D,O,M);
         static const XMLCh minRefreshDelay[] =      UNICODE_LITERAL_15(m,i,n,R,e,f,r,e,s,h,D,e,l,a,y);
         static const XMLCh refreshDelayFactor[] =   UNICODE_LITERAL_18(r,e,f,r,e,s,h,D,e,l,a,y,F,a,c,t,o,r);
     };
@@ -161,7 +162,8 @@ namespace opensaml {
 XMLMetadataProvider::XMLMetadataProvider(const DOMElement* e)
     : MetadataProvider(e), AbstractMetadataProvider(e), DiscoverableMetadataProvider(e),
         ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML"), false),
-        m_object(nullptr), m_discoveryFeed(XMLHelper::getAttrBool(e, true, discoveryFeed)),
+        m_discoveryFeed(XMLHelper::getAttrBool(e, true, discoveryFeed)),
+        m_dropDOM(XMLHelper::getAttrBool(e, true, dropDOM)),
         m_refreshDelayFactor(0.75), m_backoffFactor(1),
         m_minRefreshDelay(XMLHelper::getAttrInt(e, 600, minRefreshDelay)),
         m_maxRefreshDelay(m_reloadInterval), m_lastValidUntil(SAMLTIME_MAX)
@@ -198,7 +200,7 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
     XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : nullptr);
 
     // Unmarshall objects, binding the document.
-    auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(raw.second, true));
+    scoped_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(raw.second, true));
     docjanitor.release();
 
     if (!dynamic_cast<const EntitiesDescriptor*>(xmlObject.get()) && !dynamic_cast<const EntityDescriptor*>(xmlObject.get()))
@@ -210,11 +212,17 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
     try {
         SchemaValidators.validate(xmlObject.get());
     }
-    catch (exception& ex) {
+    catch (std::exception& ex) {
         m_log.error("metadata intance failed manual validation checking: %s", ex.what());
         throw MetadataException("Metadata instance failed manual validation checking.");
     }
 
+    const TimeBoundSAMLObject* validityCheck = dynamic_cast<TimeBoundSAMLObject*>(xmlObject.get());
+    if (!validityCheck || !validityCheck->isValid()) {
+        m_log.error("metadata instance was invalid at time of acquisition");
+        throw MetadataException("Metadata instance was invalid at time of acquisition.");
+    }
+
     // This is the best place to take a backup, since it's superficially "correct" metadata.
     string backupKey;
     if (!backup && !m_backing.empty()) {
@@ -226,16 +234,16 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
             ofstream backer(backupKey.c_str());
             backer << *(raw.second->getOwnerDocument());
         }
-        catch (exception& ex) {
+        catch (std::exception& ex) {
             m_log.crit("exception while backing up metadata: %s", ex.what());
             backupKey.erase();
         }
     }
 
     try {
-        doFilters(*xmlObject.get());
+        doFilters(*xmlObject);
     }
-    catch (exception&) {
+    catch (std::exception&) {
         if (!backupKey.empty())
             remove(backupKey.c_str());
         throw;
@@ -250,16 +258,17 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
         preserveCacheTag();
     }
 
-    xmlObject->releaseThisAndChildrenDOM();
-    xmlObject->setDocument(nullptr);
+    if (m_dropDOM) {
+        xmlObject->releaseThisAndChildrenDOM();
+        xmlObject->setDocument(nullptr);
+    }
 
     // Swap it in after acquiring write lock if necessary.
     if (m_lock)
         m_lock->wrlock();
     SharedLock locker(m_lock, false);
     bool changed = m_object!=nullptr;
-    delete m_object;
-    m_object = xmlObject.release();
+    m_object.swap(xmlObject);
     m_lastValidUntil = SAMLTIME_MAX;
     index(m_lastValidUntil);
     if (m_discoveryFeed)
@@ -304,14 +313,16 @@ pair<bool,DOMElement*> XMLMetadataProvider::background_load()
             return load(true);
         throw;
     }
-    catch (exception&) {
+    catch (std::exception& ex) {
         if (!m_local) {
             m_reloadInterval = m_minRefreshDelay * m_backoffFactor++;
             if (m_reloadInterval > m_maxRefreshDelay)
                 m_reloadInterval = m_maxRefreshDelay;
             m_log.warn("adjusted reload interval to %u seconds", m_reloadInterval);
-            if (!m_loaded && !m_backing.empty())
+            if (!m_loaded && !m_backing.empty()) {
+                m_log.warn("trying backup file, exception loading remote resource: %s", ex.what());
                 return load(true);
+            }
         }
         throw;
     }
@@ -328,7 +339,7 @@ time_t XMLMetadataProvider::computeNextRefresh()
     else {
         // Compute the smaller of the validUntil / cacheDuration constraints.
         time_t ret = m_lastValidUntil - now;
-        const CacheableSAMLObject* cacheable = dynamic_cast<const CacheableSAMLObject*>(m_object);
+        const CacheableSAMLObject* cacheable = dynamic_cast<const CacheableSAMLObject*>(m_object.get());
         if (cacheable && cacheable->getCacheDuration())
             ret = min(ret, cacheable->getCacheDurationEpoch());
             
@@ -348,10 +359,10 @@ time_t XMLMetadataProvider::computeNextRefresh()
 void XMLMetadataProvider::index(time_t& validUntil)
 {
     clearDescriptorIndex();
-    EntitiesDescriptor* group=dynamic_cast<EntitiesDescriptor*>(m_object);
+    EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(m_object.get());
     if (group) {
         indexGroup(group, validUntil);
         return;
     }
-    indexEntity(dynamic_cast<EntityDescriptor*>(m_object), validUntil);
+    indexEntity(dynamic_cast<EntityDescriptor*>(m_object.get()), validUntil);
 }

diff --git a/saml/util/SAMLConstants.cpp b/saml/util/SAMLConstants.cpp
index 731693f..dff0aa9 100644 (file)
--- a/saml/util/SAMLConstants.cpp
+++ b/saml/util/SAMLConstants.cpp
@@ -188,6 +188,17 @@ const XMLCh samlconstants::SAML20P_THIRDPARTY_EXT_NS[] = // urn:oasis:names:tc:S
 
 const XMLCh samlconstants::SAML20P_THIRDPARTY_EXT_PREFIX[] = UNICODE_LITERAL_6(t,h,r,p,t,y);
 
+const XMLCh samlconstants::SAML20P_ASYNCSLO_EXT_NS[] = // urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_p, chLatin_r, chLatin_o, chLatin_t, chLatin_o, chLatin_c, chLatin_o, chLatin_l, chColon,
+  chLatin_e, chLatin_x, chLatin_t, chColon,
+  chLatin_a, chLatin_s, chLatin_y, chLatin_n, chLatin_c, chDash, chLatin_s, chLatin_l, chLatin_o, chNull
+};
+
+const XMLCh samlconstants::SAML20P_ASYNCSLO_EXT_PREFIX[] = UNICODE_LITERAL_4(a,s,l,o);
+
 const XMLCh samlconstants::SAML20_ATTRIBUTE_EXT_NS[] = // urn:oasis:names:tc:SAML:attribute:ext
 { chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
   chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,

diff --git a/saml/util/SAMLConstants.h b/saml/util/SAMLConstants.h
index 6a9d2a5..f74dfb6 100644 (file)
--- a/saml/util/SAMLConstants.h
+++ b/saml/util/SAMLConstants.h
@@ -128,6 +128,12 @@ namespace samlconstants {
     /** SAML Third-Party Request Protocol Extension QName prefix ("thrpty") */
     extern SAML_API const XMLCh SAML20P_THIRDPARTY_EXT_PREFIX[];
 
+    /** SAML Asynchronous Logout Protocol Extension XML Namespace ("urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo") */
+    extern SAML_API const XMLCh SAML20P_ASYNCSLO_EXT_NS[];
+
+    /** SAML Asynchronous Logout Protocol Extension QName prefix ("aslo") */
+    extern SAML_API const XMLCh SAML20P_ASYNCSLO_EXT_PREFIX[];
+
     /** SAML Attribute Extension XML Namespace ("urn:oasis:names:tc:SAML:attribute:ext") */
     extern SAML_API const XMLCh SAML20_ATTRIBUTE_EXT_NS[];
 

diff --git a/samlsign/Makefile.am b/samlsign/Makefile.am
index 4d85e6f..0aa8f18 100644 (file)
--- a/samlsign/Makefile.am
+++ b/samlsign/Makefile.am
@@ -6,4 +6,4 @@ samlsign_SOURCES = samlsign.cpp
 
 samlsign_LDADD = $(top_builddir)/saml/libsaml.la
 
-EXTRA_DIST = samlsign.vcxproj
+EXTRA_DIST = samlsign.vcxproj resource.h samlsign.rc
\ No newline at end of file

diff --git a/samlsign/resource.h b/samlsign/resource.h
new file mode 100644 (file)
index 0000000..1818905
--- /dev/null
+++ b/samlsign/resource.h
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by utility resource scripts
+//
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1000
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif

diff --git a/samlsign/samlsign.rc b/samlsign/samlsign.rc
new file mode 100644 (file)
index 0000000..38f2e11
--- /dev/null
+++ b/samlsign/samlsign.rc
@@ -0,0 +1,109 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (U.S.) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+#ifdef _WIN32
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+#endif //_WIN32
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 2,5,0,0
+ PRODUCTVERSION 2,5,0,0
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x1L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "Comments", "\0"
+            VALUE "CompanyName", "Shibboleth Consortium\0"
+            VALUE "FileDescription", "OpenSAML Signature Utility\0"
+            VALUE "FileVersion", "2, 5, 0, 0\0"
+            VALUE "InternalName", "samlsign\0"
+            VALUE "LegalCopyright", "Copyright © 2012 UCAID\0"
+            VALUE "LegalTrademarks", "\0"
+            VALUE "OriginalFilename", "samlsign.exe\0"
+            VALUE "PrivateBuild", "\0"
+            VALUE "ProductName", "OpenSAML 2.5.0\0"
+            VALUE "ProductVersion", "2, 5, 0, 0\0"
+            VALUE "SpecialBuild", "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // !_MAC
+
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+#endif    // English (U.S.) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+

diff --git a/samlsign/samlsign.vcxproj b/samlsign/samlsign.vcxproj
index edcf283..8731933 100644 (file)
--- a/samlsign/samlsign.vcxproj
+++ b/samlsign/samlsign.vcxproj
@@ -179,6 +179,12 @@
       <ReferenceOutputAssembly>false</ReferenceOutputAssembly>\r
     </ProjectReference>\r
   </ItemGroup>\r
+  <ItemGroup>\r
+    <ClInclude Include="resource.h" />\r
+  </ItemGroup>\r
+  <ItemGroup>\r
+    <ResourceCompile Include="samlsign.rc" />\r
+  </ItemGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
   <ImportGroup Label="ExtensionTargets">\r
   </ImportGroup>\r

diff --git a/samltest/binding.h b/samltest/binding.h
index a455499..13cda7d 100644 (file)
--- a/samltest/binding.h
+++ b/samltest/binding.h
@@ -27,6 +27,8 @@
 #include <saml/binding/SecurityPolicyRule.h>
 #include <saml/saml2/metadata/Metadata.h>
 #include <saml/saml2/metadata/MetadataProvider.h>
+
+#include <boost/scoped_ptr.hpp>
 #include <xmltooling/io/HTTPRequest.h>
 #include <xmltooling/io/HTTPResponse.h>
 #include <xmltooling/security/Credential.h>
@@ -41,9 +43,9 @@ using namespace xmlsignature;
 class SAMLBindingBaseTestCase : public HTTPRequest, public HTTPResponse
 {
 protected:
-    CredentialResolver* m_creds; 
-    MetadataProvider* m_metadata;
-    TrustEngine* m_trust;
+    boost::scoped_ptr<CredentialResolver> m_creds;
+    boost::scoped_ptr<MetadataProvider> m_metadata;
+    boost::scoped_ptr<TrustEngine> m_trust;
     map<string,string> m_fields;
     map<string,string> m_headers;
     string m_method,m_url,m_query;
@@ -52,9 +54,6 @@ protected:
 
 public:
     void setUp() {
-        m_creds=nullptr;
-        m_metadata=nullptr;
-        m_trust=nullptr;
         m_fields.clear();
         m_headers.clear();
         m_method.erase();
@@ -72,8 +71,8 @@ public:
             auto_ptr_XMLCh file(s.c_str());
             doc->getDocumentElement()->setAttributeNS(nullptr,path.get(),file.get());
     
-            m_metadata = SAMLConfig::getConfig().MetadataProviderManager.newPlugin(
-                XML_METADATA_PROVIDER,doc->getDocumentElement()
+            m_metadata.reset(
+                SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER, doc->getDocumentElement())
                 );
             m_metadata->init();
 
@@ -81,11 +80,11 @@ public:
             ifstream in2(config.c_str());
             DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);
             XercesJanitor<DOMDocument> janitor2(doc2);
-            m_creds = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(
-                FILESYSTEM_CREDENTIAL_RESOLVER,doc2->getDocumentElement()
+            m_creds.reset(
+                XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, doc2->getDocumentElement())
                 );
                 
-            m_trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, nullptr);
+            m_trust.reset(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, nullptr));
 
             m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(MESSAGEFLOW_POLICY_RULE,nullptr));
             m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(SIMPLESIGNING_POLICY_RULE,nullptr));
@@ -101,13 +100,10 @@ public:
     
     void tearDown() {
         for_each(m_rules.begin(), m_rules.end(), xmltooling::cleanup<SecurityPolicyRule>());
+        m_trust.reset();
+        m_metadata.reset();
+        m_creds.reset();
         m_rules.clear();
-        delete m_creds;
-        delete m_metadata;
-        delete m_trust;
-        m_creds=nullptr;
-        m_metadata=nullptr;
-        m_trust=nullptr;
         m_fields.clear();
         m_headers.clear();
         m_method.erase();
@@ -259,7 +255,7 @@ public:
         pch+=strlen("action=\"");
         m_url = html_decode(page.substr(pch-page.c_str(),strchr(pch,'"')-pch));
 
-        while (pch=strstr(pch,"<input type=\"hidden\" name=\"")) {
+        while ((pch = strstr(pch,"<input type=\"hidden\" name=\""))) {
             pch+=strlen("<input type=\"hidden\" name=\"");
             string name = page.substr(pch-page.c_str(),strchr(pch,'"')-pch);
             pch=strstr(pch,"value=\"");

diff --git a/samltest/data/saml2/metadata/InCommon-metadata.xml b/samltest/data/saml2/metadata/InCommon-metadata.xml
index 762b8d9..cde81b9 100644 (file)
--- a/samltest/data/saml2/metadata/InCommon-metadata.xml
+++ b/samltest/data/saml2/metadata/InCommon-metadata.xml
@@ -1,19157 +1 @@
-<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="urn:mace:incommon" validUntil="2009-04-07T23:00:00Z" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-<ds:SignedInfo>
-<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"></ds:CanonicalizationMethod>
-<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
-<ds:Reference URI="">
-<ds:Transforms>
-<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"></ds:Transform>
-</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
-<ds:DigestValue>p+JSM/+xbG99qUGukve1bxjOiVc=</ds:DigestValue>
-</ds:Reference>
-</ds:SignedInfo>
-<ds:SignatureValue>
-t6reKavBWgapPpvak9uIcZqHnXS/idirV7BEPMpL4WjdvcvC53Gszx2NGicVAU4nusEOv7hzO1RK
-D7pm/wcaiSY01zYGAlJE7eELbD7IhyBX7ClBU8on1K2gmHN2qmsjAHktDbRV/GeYASNPjmXj9yNs
-CUi4tGzEWJdTpmQK6zWkVbwvcoD6c3Kdix7Vp7Re4bc4hXuFLfQXnn6BoWVXnoGPJ48mA6hUXLkc
-ih5CT4c8PLIvUOgzLEz8axITeZSP6QaPSpbpqOcNsZ5HI+tOIX2qAQrWKnBoKRgtSglvFvMpHA6u
-u1wTiG4RDPM5hUfKvrme63tGo/mHLBU9On0d8w==
-</ds:SignatureValue>
-<ds:KeyInfo>
-<ds:X509Data>
-<ds:X509Certificate>
-MIIFqTCCBJGgAwIBAgICAWYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoT
-E0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MB4XDTA4MDYyMDE0MTcxN1oXDTEwMDYyMTE0MTcxN1owJzElMCMGA1UEAxMcZmVkb3Au
-aW5jb21tb25mZWRlcmF0aW9uLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAo
-XZK5/nRuWY+S91CMPsXloDc5vGo8O/xcqkUNUow+C34NlgnZX4zq2BjZ1WTAk3yLaF00qYOK18R0
-LMpHjYmEbtvtNrjEvtaZwalo83TyRNKHfqvBG3bxOkoYpo8jZ9MkHxskCgjXWLnPu+TCB7GiDgBL
-Q2VEk/UneKHlNc0Y1drBr1HfiRR73lAIUXNG/iRGXyBLqvyyFPasZv/oBWmsJZqI2T8jlmdSZbMG
-66yWGMp9dKoJyb44fYGVlyo5j8arxyiXAEz4QIdoFhmm1k1wSQnJDHtYaxwpf72wywps9P6GLqGk
-g8z+sxPWEgP8QqZWhwNJqAtVbNh+TDkBpXsCAwEAAaOCAq4wggKqMA4GA1UdDwEB/wQEAwIFoDAM
-BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU5ij9
-YLU5zQ6K75kPgVpyQ2N/lPswfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYB
-BQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZo
-dHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJwYD
-VR0RBCAwHoIcZmVkb3AuaW5jb21tb25mZWRlcmF0aW9uLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEA
-sU4ImEEd2xJniwlx/yO4O6ZsfmPGiM/DBXuiW9hc2X3p34eQfJapvC2EoASU1kbqRp9UvYvHuIc8
-n30EFPUeOAFOUMSKAXLqSJYa4bS8aZ0f4sZlzjHll6ke6sS0bSx+rWhzPQGPtv28KdnbyPgCdEzp
-3xN9qJQp/OMF1ApiA9/GerSToH7yE+iG/aG/rwzK6rtqQZCJNaXDmbiEPDuXcn36fgAkoHk6VNgX
-7wS5NbNEHMQbiXvj5EUHDEB3SLwG5i5q9n5MSqxdZgYrhmCHgs4wRAOcCOwlzNic2LdOHrtvhsYu
-4kfcmIZTJ93D6CsRJ0kIgnwVTtLUPpAfjDUKZw==
-</ds:X509Certificate>
-<ds:X509Certificate>
-MIIFmjCCBIKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT
-SW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkwHhcNMDQwMzMwMjAzNDAwWhcNMTQwMzI5MjAzNDAwWjBWMQswCQYDVQQGEwJVUzEcMBoG
-A1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRGjKsUM2QAupLAaWx
-82/CWPalKjKFY8UPmz0T3gf7tJPztTy1Zq8pD0WFRLcQeSBKZGCu8upe8X966b6TZ5yuoUDA754I
-f0DWismuHNoMgRR/l0UvZmPWDGRWd3NBTB8/soLA4EbqFf5Xq8MOJKhPtzcDR33gtaAb3oilZ+ZT
-pnhTFFrn/qXrAKcSDBpuW2JRpi3xaF/hTPI097oUShOzD1Zj21UYLA6iSFVN+1wlfwilf2KFNK/+
-zbkCge6wgipZyXxaOAam6ncqmkxy+hy/OiJMmdB+6xkO0xXSBUUcqxJrOcUQhA1vntgb3q5zOJIS
-XhC4RAReA0HyBp/wd0iDAgMBAAGjggJxMIICbTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUky3IYRitY+ObZbOd3Y2TuufKY0UwfgYDVR0jBHcwdYAUky3IYRitY+Ob
-ZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6
-aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjANBgkqhkiG9w0BAQUFAAOCAQEAZfgKUPA+Ky+Ou/vclMlF
-TMlUGspfbNSdG/fmIq+E/Lv1d2c73Am1zGhOpxgdkM8SE+BPnXW2rl71/N8gaqwgBBxkpwn410si
-umxlDTwV3HoVFvCGWylNy9o8OE1LyTCqfo8PRwrMzhwcagDgD813BIyjuJg/JQz1LnHMocIW/Jli
-gloSIzF1O435/+ckfWXQsmBIhvV5TmA3ZrcycrI1cHGEZqrCXL0FMZLSr+Vady/tFbVojqI8pSub
-SMxNkZectePTBjVj1Qeb4hmG8jRv/fwy1Iw6OFH8RKny8nQaO5mOe/fF/swEsMVU9TDpvLIgbhTw
-nP7Nhfotgaxf5wG8WA==
-</ds:X509Certificate>
-</ds:X509Data>
-</ds:KeyInfo></ds:Signature>
-
-<!-- The Ohio State University -->
-<EntityDescriptor entityID="urn:mace:incommon:osu.edu">
-  <IDPSSODescriptor errorURL="https://webauth.service.ohio-state.edu/support.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">osu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.service.ohio-state.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 322, expires on Thu May 20 15:24:05 2010 GMT -->
-          <ds:X509Certificate>
-MIIFtTCCBJ2gAwIBAgICAUIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUxOTE1MjQwNVoXDTEwMDUy
-MDE1MjQwNVowKTEnMCUGA1UEAxMed2ViYXV0aC5zZXJ2aWNlLm9oaW8tc3RhdGUu
-ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUUm25GQ1FD5TYol
-gF+VvsypXudx8IfPvNasV3Z4jRk9CIRoQmZj8/GiNEqYMywz6gzxAd9KiPFvBE14
-46I2TLj3OAn7TRgxICotT7axbDQrw68IFVL36s48iATcR2XDAWOV68uOxdl9EOrD
-TUkQ/pNWdvguBw9H8YtJtLn/4oXFg0uAmNacIJD4f/P2xb4FIsIgw+yzqEFbUsdM
-iUznHWHHhgiEKc8zFMLDMoect5UKtd5bW+Xtx4DvlllQ3XJC6G1LAOcNz3nMO6y3
-0uGp6JYN568eNhzUEzDvZxFePdAmSQFKPfrswVmYu2JyElvFGIIm/LtjaCHywJmv
-UnQX0wIDAQABo4ICuDCCArQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT0ke+3aXir
-xGq/a4CfPCxl3El0aTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCkGA1Ud
-EQQiMCCCHndlYmF1dGguc2VydmljZS5vaGlvLXN0YXRlLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEACb/lHdUqKlo2PJIPBdmTR9fat0mQDNL1zofMt+LND+Yc7Emdw1Ix
-KdB5GtcQdXIzY57MsPo0w7PCxn5px1G5xKtV38XUJr6Q5Uj1QxncU0EGzoM01xil
-g9Y7aqu41pv5wbJH5RsGT6MEalkz2AS7Ft1XBoHA5FINJWziLMEWIJzse9N2RENE
-grlOlf6obsIfcoLf5YwO8T/9FJ3lVkN03JqravG4nSGkhm5KTYxMT8iT5aRjPDaD
-91In7opPeWlX+zBxujpIM0y0ZMhzeF65EMY79d+1ppIlsM4ZTPSCRCxc2/ZAGgew
-6qA+TUVvyJew0YDIbOhjCd6mhTWJisEOnA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.service.ohio-state.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.service.ohio-state.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">osu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.service.ohio-state.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 322, expires on Thu May 20 15:24:05 2010 GMT -->
-          <ds:X509Certificate>
-MIIFtTCCBJ2gAwIBAgICAUIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUxOTE1MjQwNVoXDTEwMDUy
-MDE1MjQwNVowKTEnMCUGA1UEAxMed2ViYXV0aC5zZXJ2aWNlLm9oaW8tc3RhdGUu
-ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUUm25GQ1FD5TYol
-gF+VvsypXudx8IfPvNasV3Z4jRk9CIRoQmZj8/GiNEqYMywz6gzxAd9KiPFvBE14
-46I2TLj3OAn7TRgxICotT7axbDQrw68IFVL36s48iATcR2XDAWOV68uOxdl9EOrD
-TUkQ/pNWdvguBw9H8YtJtLn/4oXFg0uAmNacIJD4f/P2xb4FIsIgw+yzqEFbUsdM
-iUznHWHHhgiEKc8zFMLDMoect5UKtd5bW+Xtx4DvlllQ3XJC6G1LAOcNz3nMO6y3
-0uGp6JYN568eNhzUEzDvZxFePdAmSQFKPfrswVmYu2JyElvFGIIm/LtjaCHywJmv
-UnQX0wIDAQABo4ICuDCCArQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT0ke+3aXir
-xGq/a4CfPCxl3El0aTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCkGA1Ud
-EQQiMCCCHndlYmF1dGguc2VydmljZS5vaGlvLXN0YXRlLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEACb/lHdUqKlo2PJIPBdmTR9fat0mQDNL1zofMt+LND+Yc7Emdw1Ix
-KdB5GtcQdXIzY57MsPo0w7PCxn5px1G5xKtV38XUJr6Q5Uj1QxncU0EGzoM01xil
-g9Y7aqu41pv5wbJH5RsGT6MEalkz2AS7Ft1XBoHA5FINJWziLMEWIJzse9N2RENE
-grlOlf6obsIfcoLf5YwO8T/9FJ3lVkN03JqravG4nSGkhm5KTYxMT8iT5aRjPDaD
-91In7opPeWlX+zBxujpIM0y0ZMhzeF65EMY79d+1ppIlsM4ZTPSCRCxc2/ZAGgew
-6qA+TUVvyJew0YDIbOhjCd6mhTWJisEOnA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.service.ohio-state.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Ohio State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Ohio State University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.osu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Scott Cantor</GivenName>
-    <EmailAddress>cantor.2@osu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Authentication Support</GivenName>
-    <EmailAddress>webauth-admin@lists.acs.ohio-state.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Authentication Support</GivenName>
-    <EmailAddress>webauth-admin@lists.acs.ohio-state.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://carmenwiki.osu.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>carmenwiki.osu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 392, expires on Thu Jul 29 18:10:28 2010 GMT -->
-          <ds:X509Certificate>
-MIIFlTCCBH2gAwIBAgICAYgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcyODE4MTAyOFoXDTEwMDcy
-OTE4MTAyOFowHTEbMBkGA1UEAxMSY2FybWVud2lraS5vc3UuZWR1MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Xoc/aCE362tPXWTfzBoq0bgs5VtF9k5
-CFq1XCgQgoHGrZqjUyUb8fEYHPmjbGgu1h04yxyYtPL7duiS4YPOu3dURNfCrAEf
-OUHeu3M8ecu2QRyvwGiEHVldtl/uvXoaUpUM8y92wI+P98iH6Hi4byXClJkZ5bXN
-4Yb9ghFNc9qeKUG5hhoMkyoUCyoxk//dE6dgITcvk+AzgKmuUlqbl6Dk6S3yICL3
-vVISpxudZeIcGwVFiJxpJtwq3sgOm7YtjKsBV4g85l7GfhSgjKYzYGaCc/z7ejh5
-7wZjAFw7vqfjP4v0e8CXt3wKNmbj4+SvsT4pYHcB0IcgF9uEEC/hfQIDAQABo4IC
-pDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBStll0GFrZjSSF5tw7cR90hKnXe
-MzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSB
-pTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcw
-AoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJp
-ZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRw
-Oi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Js
-cy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEB
-MEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJjYXJtZW53aWtpLm9z
-dS5lZHUwDQYJKoZIhvcNAQEFBQADggEBAGgjrFBrxDygCxMGP8V6/yFuwwlSwhjD
-jSZ63LzGIzRX1keIHrlGT2jWLVA6y6oL1qaV45MO4P14AwIJemqqeSU4lGbfVnS+
-9Tje5HkHnsZnrDtwIYwXCrXzOKgCWNGoute9i7bAnvEWJ7fJv66vyWUQRB0rP/TH
-siNxoU6YFa1BA6PYblUohUmpW2rNSd8CXnUE+doDoAY2WIn+eEMf5xwUlZRd16sJ
-yfeHDGnI+28mr9yKtvTOMcJAB4yEfTNddRatzKcTctcaeWWxxYlBVkZU7+sE5VkE
-vn6SFfiifTB93LB1SUiNePrHbsF4agD6JqwnAmIzv6BBuPJ0WbR4W/Q=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://carmenwiki.osu.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://carmenwiki.osu.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://carmenwiki.it.ohio-state.edu/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://carmenwiki.it.ohio-state.edu/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Ohio State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Ohio State University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.osu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Scott Cantor</GivenName>
-    <EmailAddress>cantor.2@osu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Travis Ritter</GivenName>
-    <EmailAddress>ritter.18@osu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>OIT Help Desk</GivenName>
-    <EmailAddress>8help@osu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Cornell University -->
-<EntityDescriptor entityID="urn:mace:incommon:cornell.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">cornell.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shiborigin.cit.cornell.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 304, expires on Mon Apr 26 17:04:34 2010 GMT -->
-          <ds:X509Certificate>
-MIIFKTCCBBGgAwIBAgICATAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQyNTE3MDQzNFoXDTEwMDQy
-NjE3MDQzNFowJTEjMCEGA1UEAxMac2hpYm9yaWdpbi5jaXQuY29ybmVsbC5lZHUw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvYvPHKfcDaf0o5MQaUoMHebrov
-ms4o1vJldpOA3OAAGJy4LMOijSfXAPMAtTPkhK/k0LSbu3akDQchAjQO8/qmem2r
-BJ6QB45AVk5fQCgHFCa7C3bhQFe+C450MbQpRisuN+uZ8qarPcl1IJvl36s3n7Kk
-FzJR+KqJFRdoJHQjAgMBAAGjggK0MIICsDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYE
-FJ2gwY6kAlCuVsOt8blpSxkGIcp1MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2N
-k7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVk
-ZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9p
-bmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9j
-YS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNh
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRw
-Oi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5w
-ZGYwJQYDVR0RBB4wHIIac2hpYm9yaWdpbi5jaXQuY29ybmVsbC5lZHUwDQYJKoZI
-hvcNAQEFBQADggEBAGrqbnciSZbkJu3yRQ7mmpiLhD9ulOwxNEX1yR9tDI+1quC9
-apE19xPlCbOe55rzRbE1AEAJpZCv+7HHCpNmLer7lUwqS+/oynkyJMfT7HXj5F8z
-0Pl6ZMP7RaqxBnDpsDJvuhCD3aqyN4qr4dwC9Oey7+a+B9PbDH0TRYwZWaqKnOTs
-kUCeZ1T9yO7kdweikqouwnKJaEQ6fUo2isQ4ZFPXqZF0DMNRN1ucBPfHw1FWmx5/
-xHMZZ3jlyOqBqSOCPvBAZ9BnJx84ZlzQBwAFF8UJhHdHTLZqB7+QwyoC/c6b4Llh
-/Lr0TvxhSmj80C1KoGtxFauwAcNCJ+PMbV9u5PU=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shiborigin.cit.cornell.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">cornell.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shiborigin.cit.cornell.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 304, expires on Mon Apr 26 17:04:34 2010 GMT -->
-          <ds:X509Certificate>
-MIIFKTCCBBGgAwIBAgICATAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQyNTE3MDQzNFoXDTEwMDQy
-NjE3MDQzNFowJTEjMCEGA1UEAxMac2hpYm9yaWdpbi5jaXQuY29ybmVsbC5lZHUw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvYvPHKfcDaf0o5MQaUoMHebrov
-ms4o1vJldpOA3OAAGJy4LMOijSfXAPMAtTPkhK/k0LSbu3akDQchAjQO8/qmem2r
-BJ6QB45AVk5fQCgHFCa7C3bhQFe+C450MbQpRisuN+uZ8qarPcl1IJvl36s3n7Kk
-FzJR+KqJFRdoJHQjAgMBAAGjggK0MIICsDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYE
-FJ2gwY6kAlCuVsOt8blpSxkGIcp1MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2N
-k7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVk
-ZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9p
-bmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9j
-YS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNh
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRw
-Oi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5w
-ZGYwJQYDVR0RBB4wHIIac2hpYm9yaWdpbi5jaXQuY29ybmVsbC5lZHUwDQYJKoZI
-hvcNAQEFBQADggEBAGrqbnciSZbkJu3yRQ7mmpiLhD9ulOwxNEX1yR9tDI+1quC9
-apE19xPlCbOe55rzRbE1AEAJpZCv+7HHCpNmLer7lUwqS+/oynkyJMfT7HXj5F8z
-0Pl6ZMP7RaqxBnDpsDJvuhCD3aqyN4qr4dwC9Oey7+a+B9PbDH0TRYwZWaqKnOTs
-kUCeZ1T9yO7kdweikqouwnKJaEQ6fUo2isQ4ZFPXqZF0DMNRN1ucBPfHw1FWmx5/
-xHMZZ3jlyOqBqSOCPvBAZ9BnJx84ZlzQBwAFF8UJhHdHTLZqB7+QwyoC/c6b4Llh
-/Lr0TvxhSmj80C1KoGtxFauwAcNCJ+PMbV9u5PU=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shiborigin.cit.cornell.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Cornell University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Cornell University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.cornell.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Andrea Beesing</GivenName>
-    <EmailAddress>amb3@cornell.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Steve Edgar</GivenName>
-    <EmailAddress>se10@cornell.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Joy Veronneau</GivenName>
-    <EmailAddress>jv11@cornell.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Online Computer Library Center Inc. -->
-<EntityDescriptor entityID="https://shib.oclc.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.oclc.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 176, expires on Thu Jun 26 18:19:32 2008 GMT -->
-          <ds:X509Certificate>
-MIIFSTCCBDGgAwIBAgICALAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDYyNzE4MTkzMloXDTA4MDYy
-NjE4MTkzMlowUjELMAkGA1UEBhMCVVMxKzApBgNVBAoTIk9ubGluZSBDb21wdXRl
-ciBMaWJyYXJ5IENlbnRlciBJbmMxFjAUBgNVBAMTDXNoaWIub2NsYy5vcmcwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANODf3pvYSwk9XiWcefHjeZYTP3v9REs
-yZIVdo6Iov50aLIRI21ids2hmdy/VGK2NXoyXUDDqr6F1nVo9pk8dcN5KQvezOwl
-idGoyusL4dUBJUhZZ79+fK96nz+nUtoxmT0O+KsyBj0F/ztbtvGeCvqyzOrUVwNo
-2u62pqvgByRtAgMBAAGjggKnMIICozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFC62
-hLC2A/yJEh4tj4hVVk0HRC3UMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-gY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-XgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8v
-aW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYw
-GAYDVR0RBBEwD4INc2hpYi5vY2xjLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAs0Dt
-a/N6UrBMdp1t8xGmyvlDMv7+eFpwQ5r05mH+rQCKad6MZpnWrBSaMm8b7dcc9swk
-rXOc65BHoYnl2eFDcVX9xKOBKpxAqC6ehctoEW3f8FlPjqsfSUS2BLl4OYACFd6o
-d2dzOeQo2GCjeOC4sev8A15oRywNZ8VkTwnz7mC3YFjjpqebcLDmSdWzBQSHIxmt
-XVMmhanBEljDxWjveV/1S5y0+htIOF/1J3+oHt5nTEffNd3l0YpwpAc29JShprXL
-vRDCKYXw5t/xWHLaL6jXEPBsLkPP5Lf5Vwel+LpWNlH6xnTu6YBJ8fugSahHnp47
-HjEizS/MzOnlgoD2wA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.oclc.org:2443/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.oclc.org:2443/Shibboleth.shire" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://shib.oclc.org:2080/Shibboleth.shire" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://shib.oclc.org:2080/Shibboleth.sso/SAML/POST" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Online Computer Library Center Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Online Computer Library Center Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.oclc.org</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Richard Scranton</GivenName>
-    <EmailAddress>shibboleth@oclc.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Sharon Ramsay</GivenName>
-    <EmailAddress>shibboleth@oclc.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Eva Marie Allen</GivenName>
-    <EmailAddress>shibboleth@oclc.org</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California - Office of the President -->
-<EntityDescriptor entityID="urn:mace:incommon:ucop.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucop.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibidp.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 281, expires on Sun Mar 14 20:11:41 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICARkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMxMzIwMTE0MVoXDTEwMDMx
-NDIwMTE0MVowGzEZMBcGA1UEAxMQc2hpYmlkcC51Y29wLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoqHzLNFnLXR3mE461WO5nvsKqP4wHu8lMpXVZPNU
-AAyhF2DISX7C4v8ypAKLOm3FiVZfcHNjcCsOS0Y8j9v3CEEMRiQuH8in8m8s56YC
-yAdgTiToPFhAGesXPvUdbk+XEW7eGSiyzT/Qif/9jNo06aHtPEuFv8Yrx+OodGJY
-neMCAwEAAaOCAqowggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUY69aLgM0ExrS
-MQBPUTQORjby2hswfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREE
-FDASghBzaGliaWRwLnVjb3AuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQC/6mAjVI1B
-7CAcIaCwi77XaDkB/2cOgD/IYfOhVdRZQGOOtdGoqFwbyd/BwZnnoEOnUvtW/7pj
-kn+1dlan61PpQ6VYk+Vo0wRMef1by4XCkZfBiBwVeRZpZgLmKulkaiTBfnWq+1LI
-8XXXkAxWadhPdvU8NApfRmBuA1VC2+1+LXzbX7HIr8Tiu8acSbxm1icXPltpboQt
-3PN/vauhxbpcVk4GQ+AUJVyIRGFnOYG3g7WwhNbKprsCp8QWaG9S2iJBaq+Uf1tk
-V4BvcztYov8m2yRcvrbN1OJQXikUGbr7xTmtrTH91fk34+VG09lzh5kqrJmuaaJi
-B7L9WxthC0C6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibidp.ucop.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibidp.ucop.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucop.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibidp.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 281, expires on Sun Mar 14 20:11:41 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICARkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMxMzIwMTE0MVoXDTEwMDMx
-NDIwMTE0MVowGzEZMBcGA1UEAxMQc2hpYmlkcC51Y29wLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoqHzLNFnLXR3mE461WO5nvsKqP4wHu8lMpXVZPNU
-AAyhF2DISX7C4v8ypAKLOm3FiVZfcHNjcCsOS0Y8j9v3CEEMRiQuH8in8m8s56YC
-yAdgTiToPFhAGesXPvUdbk+XEW7eGSiyzT/Qif/9jNo06aHtPEuFv8Yrx+OodGJY
-neMCAwEAAaOCAqowggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUY69aLgM0ExrS
-MQBPUTQORjby2hswfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREE
-FDASghBzaGliaWRwLnVjb3AuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQC/6mAjVI1B
-7CAcIaCwi77XaDkB/2cOgD/IYfOhVdRZQGOOtdGoqFwbyd/BwZnnoEOnUvtW/7pj
-kn+1dlan61PpQ6VYk+Vo0wRMef1by4XCkZfBiBwVeRZpZgLmKulkaiTBfnWq+1LI
-8XXXkAxWadhPdvU8NApfRmBuA1VC2+1+LXzbX7HIr8Tiu8acSbxm1icXPltpboQt
-3PN/vauhxbpcVk4GQ+AUJVyIRGFnOYG3g7WwhNbKprsCp8QWaG9S2iJBaq+Uf1tk
-V4BvcztYov8m2yRcvrbN1OJQXikUGbr7xTmtrTH91fk34+VG09lzh5kqrJmuaaJi
-B7L9WxthC0C6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibidp.ucop.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>UCOP DataCenter HelpDesk</GivenName>
-    <EmailAddress>ucopdatacenter.helpdesk@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Munish Malik</GivenName>
-    <EmailAddress>aig@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Paul Weiss</GivenName>
-    <EmailAddress>Paul.Weiss@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="http://p-pio-project01.ucop.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>p-pio-project01.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 373, expires on Sun Jul  4 18:14:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAXUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMzE4MTQyM1oXDTEwMDcw
-NDE4MTQyM1owIzEhMB8GA1UEAxMYcC1waW8tcHJvamVjdDAxLnVjb3AuZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNGeD+uQIDGwJf6ea+vz1YNMcRzDf2
-g/nsSZKyrwmcyUyBlocfnsb2clmVPnU5mJd/8D0fEmj6wappthMbZCj9hOpjHuek
-HEhtwdDFEGZNsfthNpDGsTPa5J5yjOhyRO6KA9P9y1NygayBIM+RSvez7CkkwEVx
-pL8uDysWPHG15QIDAQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU
-9prVMJ2D9tE8rF/A/v7C41aHbzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREE
-HDAaghhwLXBpby1wcm9qZWN0MDEudWNvcC5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AI3eosABhS3zZ6leyRUQ6woMxW66N9WlxAfAKTwOBgvK3qvUTUtl9IE3cpHGubHF
-vyQtYKexrroKtI4CqGyQDOKkr+zjCOzjhw+evSFQB2+y5B9NToTh3Iz7em6jKO1q
-oKff+fTeh2gZYend3fOHx0NTAo45jutXnMNgh2y7zHIFAw/xJh5vSxR2I1oQdhLY
-TDpwKQDboGhUqNaDi1t9u8ed2Mlb/OxrJg+aXMa2AKkstr3GebOSKEAGYYld3DtW
-495qWcwA0UKNXO1qxFq6a/7kqFaWNp63l3Do2/5/CtSsdotoVbyjHt2uEhBMPj1I
-264Ea1cXN683jfsTpp9jPik=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://p-pio-project01.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Carla Raffetto</GivenName>
-    <EmailAddress>Carla.Raffetto@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jon Bertsch</GivenName>
-    <EmailAddress>Jon.Bertsch@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jim Kassenbrock</GivenName>
-    <EmailAddress>Jim.Kassenbrock@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://atyourserviceonline.ucop.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 245, expires on Thu Jan  7 22:14:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAPUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEwNzIyMTQwNloXDTEwMDEw
-NzIyMTQwNlowHjEcMBoGA1UEAxMTc2hpYmJvbGV0aC51Y29wLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAvIag1Pw+uwVNL3fZ+5p+QbcvpNWdsbgNh93u
-XA7jRUW1SSLMjpWTcnOJy9zNKiAPDRzRc5PaaQKDb5rYHiRSiMR4Tr6du+CjKHY4
-BD3wJ8jTpNwrQLBfehuCVzXXN5D7HOYuszn99ICPCe745SgVm08rgzyN0Rq1Ltvb
-Bb7kDBUCAwEAAaOCAq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/z2FIX
-mRtxdqns/O28HZTIVE8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-ugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNV
-HREEFzAVghNzaGliYm9sZXRoLnVjb3AuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCI
-bc5nSVbe3KYzYau9xNgZY4Nm89qYkjOPOpqSHy0FJdaQ/U1B4+UfCeGQ7X2LEQpZ
-ifr/Sspi/ZX52XfLDhF/xNdqdXX2sxMJP9pE87ylASA/kv7wrP6wa41sK3nzZFui
-7q1ATDnBa6KK36jrDUQ5kNgpJWkI2ciLgp2OrY8qvf+2Kzyduu9cf17EKHz8+B8J
-3tHGwOL0ibFcysNr6St86ew2dBhuTjfTEbPAgDhS+zN6W+3bFAoFSN7g4ZxQ+26x
-bxdeFplDCHDM23rn8WvW7fOxk8c0y2ZVefVnkXgJALOSQnUxKgd4B2GajbyWZkgk
-I7H2JGwCMNhsubHXB1Yl
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://atyourserviceonline.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Munish Malik</GivenName>
-    <EmailAddress>Munish.Malik@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Donna Yamasaki</GivenName>
-    <EmailAddress>Donna.Yamasaki@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ersqa.ucop.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sseqa.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 229, expires on Wed Nov 19 21:08:30 2008 GMT -->
-          <ds:X509Certificate>
-MIIFLTCCBBWgAwIBAgICAOUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTEyMDIxMDgzMFoXDTA4MTEx
-OTIxMDgzMFowNTELMAkGA1UEBhMCVVMxDTALBgNVBAoTBFVDT1AxFzAVBgNVBAMT
-DnNzZXFhLnVjb3AuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXVevc
-N7IYhaIDSe8MHjf7vNHH9TPIiekRnLwbMU3psFIKeMb4uA3ifFXfh9/qfvtCcwn5
-NDC61neFVvLkU6uvbmsTvCyEfBkoabAxrQ54e0Z6QaL8ugXz+3Pw9k70+8Y8zp9S
-4+3SvfaUPGiVsTw3dcl8Ch9iPa8Tpdxp47AfBwIDAQABo4ICqDCCAqQwDgYDVR0P
-AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMB0GA1UdDgQWBBTrVmTQ0pYfMqTet0mKgYZEUk+J4TB+BgNVHSMEdzB1
-gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNV
-BAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYB
-BQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpo
-dHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBC
-BggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDnNzZXFhLnVjb3AuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQCFhqkFmF5EXpuZ7d9vQHVTB7HO6EXIYFcbYUespDRS
-H/6YV2K+Hr86NdPcScaVDHPYXvSEP5bFuG3mWMJYrOErMdFdXTZirAQA4mPB6aBq
-JaPKhu9Csjvo+ivmURG/UhIpFfh4fn8C7E6EyZ8XlBOftjhQs8cQqHYpfHAbVLUZ
-sqD0SCkaZG9ro0IFmnldTDG5xzddSn/vlYjAoxpyb5rbbbq6QNzjyfJeFa3mp8+n
-tqsM7pxVvId8Dh5hRkTzzmdHw1o1HpiVmrNCiJq2tY1bGqeeqC8FFJyvDMZuOaTu
-psG/l8Pu3seGi4HTZzh2dAgguq27VZnzzYVkTuhlsC14
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ersqa.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Steven Hunter</GivenName>
-    <EmailAddress>Steven.Hunter@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Munish Malik</GivenName>
-    <EmailAddress>Munish.Malik@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Barbara Vanden Borre</GivenName>
-    <EmailAddress>Barbara.VandenBorre@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ers.ucop.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 245, expires on Thu Jan  7 22:14:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAPUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEwNzIyMTQwNloXDTEwMDEw
-NzIyMTQwNlowHjEcMBoGA1UEAxMTc2hpYmJvbGV0aC51Y29wLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAvIag1Pw+uwVNL3fZ+5p+QbcvpNWdsbgNh93u
-XA7jRUW1SSLMjpWTcnOJy9zNKiAPDRzRc5PaaQKDb5rYHiRSiMR4Tr6du+CjKHY4
-BD3wJ8jTpNwrQLBfehuCVzXXN5D7HOYuszn99ICPCe745SgVm08rgzyN0Rq1Ltvb
-Bb7kDBUCAwEAAaOCAq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/z2FIX
-mRtxdqns/O28HZTIVE8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-ugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNV
-HREEFzAVghNzaGliYm9sZXRoLnVjb3AuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCI
-bc5nSVbe3KYzYau9xNgZY4Nm89qYkjOPOpqSHy0FJdaQ/U1B4+UfCeGQ7X2LEQpZ
-ifr/Sspi/ZX52XfLDhF/xNdqdXX2sxMJP9pE87ylASA/kv7wrP6wa41sK3nzZFui
-7q1ATDnBa6KK36jrDUQ5kNgpJWkI2ciLgp2OrY8qvf+2Kzyduu9cf17EKHz8+B8J
-3tHGwOL0ibFcysNr6St86ew2dBhuTjfTEbPAgDhS+zN6W+3bFAoFSN7g4ZxQ+26x
-bxdeFplDCHDM23rn8WvW7fOxk8c0y2ZVefVnkXgJALOSQnUxKgd4B2GajbyWZkgk
-I7H2JGwCMNhsubHXB1Yl
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ers.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Steven Hunter</GivenName>
-    <EmailAddress>Steven.Hunter@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Munish Malik</GivenName>
-    <EmailAddress>Munish.Malik@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Barbara Vanden Borre</GivenName>
-    <EmailAddress>Barbara.VandenBorre@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://p-pio-project01.ucop.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>p-pio-project01.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 373, expires on Sun Jul  4 18:14:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAXUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMzE4MTQyM1oXDTEwMDcw
-NDE4MTQyM1owIzEhMB8GA1UEAxMYcC1waW8tcHJvamVjdDAxLnVjb3AuZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNGeD+uQIDGwJf6ea+vz1YNMcRzDf2
-g/nsSZKyrwmcyUyBlocfnsb2clmVPnU5mJd/8D0fEmj6wappthMbZCj9hOpjHuek
-HEhtwdDFEGZNsfthNpDGsTPa5J5yjOhyRO6KA9P9y1NygayBIM+RSvez7CkkwEVx
-pL8uDysWPHG15QIDAQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU
-9prVMJ2D9tE8rF/A/v7C41aHbzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREE
-HDAaghhwLXBpby1wcm9qZWN0MDEudWNvcC5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AI3eosABhS3zZ6leyRUQ6woMxW66N9WlxAfAKTwOBgvK3qvUTUtl9IE3cpHGubHF
-vyQtYKexrroKtI4CqGyQDOKkr+zjCOzjhw+evSFQB2+y5B9NToTh3Iz7em6jKO1q
-oKff+fTeh2gZYend3fOHx0NTAo45jutXnMNgh2y7zHIFAw/xJh5vSxR2I1oQdhLY
-TDpwKQDboGhUqNaDi1t9u8ed2Mlb/OxrJg+aXMa2AKkstr3GebOSKEAGYYld3DtW
-495qWcwA0UKNXO1qxFq6a/7kqFaWNp63l3Do2/5/CtSsdotoVbyjHt2uEhBMPj1I
-264Ea1cXN683jfsTpp9jPik=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://p-pio-project01.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Carla Raffetto</GivenName>
-    <EmailAddress>Carla.Raffetto@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jon Bertsch</GivenName>
-    <EmailAddress>Jon.Bertsch@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jim Kassenbrock</GivenName>
-    <EmailAddress>Jim.Kassenbrock@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://sseqa3.ucop.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sseqa.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 229, expires on Wed Nov 19 21:08:30 2008 GMT -->
-          <ds:X509Certificate>
-MIIFLTCCBBWgAwIBAgICAOUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTEyMDIxMDgzMFoXDTA4MTEx
-OTIxMDgzMFowNTELMAkGA1UEBhMCVVMxDTALBgNVBAoTBFVDT1AxFzAVBgNVBAMT
-DnNzZXFhLnVjb3AuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXVevc
-N7IYhaIDSe8MHjf7vNHH9TPIiekRnLwbMU3psFIKeMb4uA3ifFXfh9/qfvtCcwn5
-NDC61neFVvLkU6uvbmsTvCyEfBkoabAxrQ54e0Z6QaL8ugXz+3Pw9k70+8Y8zp9S
-4+3SvfaUPGiVsTw3dcl8Ch9iPa8Tpdxp47AfBwIDAQABo4ICqDCCAqQwDgYDVR0P
-AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMB0GA1UdDgQWBBTrVmTQ0pYfMqTet0mKgYZEUk+J4TB+BgNVHSMEdzB1
-gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNV
-BAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYB
-BQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpo
-dHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBC
-BggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDnNzZXFhLnVjb3AuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQCFhqkFmF5EXpuZ7d9vQHVTB7HO6EXIYFcbYUespDRS
-H/6YV2K+Hr86NdPcScaVDHPYXvSEP5bFuG3mWMJYrOErMdFdXTZirAQA4mPB6aBq
-JaPKhu9Csjvo+ivmURG/UhIpFfh4fn8C7E6EyZ8XlBOftjhQs8cQqHYpfHAbVLUZ
-sqD0SCkaZG9ro0IFmnldTDG5xzddSn/vlYjAoxpyb5rbbbq6QNzjyfJeFa3mp8+n
-tqsM7pxVvId8Dh5hRkTzzmdHw1o1HpiVmrNCiJq2tY1bGqeeqC8FFJyvDMZuOaTu
-psG/l8Pu3seGi4HTZzh2dAgguq27VZnzzYVkTuhlsC14
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sseqa3.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Donna Yamasaki</GivenName>
-    <EmailAddress>Donna.Yamasaki@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Munish Malik</GivenName>
-    <EmailAddress>Munish.Malik@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://sseqa.ucop.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sseqa.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 229, expires on Wed Nov 19 21:08:30 2008 GMT -->
-          <ds:X509Certificate>
-MIIFLTCCBBWgAwIBAgICAOUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTEyMDIxMDgzMFoXDTA4MTEx
-OTIxMDgzMFowNTELMAkGA1UEBhMCVVMxDTALBgNVBAoTBFVDT1AxFzAVBgNVBAMT
-DnNzZXFhLnVjb3AuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXVevc
-N7IYhaIDSe8MHjf7vNHH9TPIiekRnLwbMU3psFIKeMb4uA3ifFXfh9/qfvtCcwn5
-NDC61neFVvLkU6uvbmsTvCyEfBkoabAxrQ54e0Z6QaL8ugXz+3Pw9k70+8Y8zp9S
-4+3SvfaUPGiVsTw3dcl8Ch9iPa8Tpdxp47AfBwIDAQABo4ICqDCCAqQwDgYDVR0P
-AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMB0GA1UdDgQWBBTrVmTQ0pYfMqTet0mKgYZEUk+J4TB+BgNVHSMEdzB1
-gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNV
-BAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYB
-BQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpo
-dHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBC
-BggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDnNzZXFhLnVjb3AuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQCFhqkFmF5EXpuZ7d9vQHVTB7HO6EXIYFcbYUespDRS
-H/6YV2K+Hr86NdPcScaVDHPYXvSEP5bFuG3mWMJYrOErMdFdXTZirAQA4mPB6aBq
-JaPKhu9Csjvo+ivmURG/UhIpFfh4fn8C7E6EyZ8XlBOftjhQs8cQqHYpfHAbVLUZ
-sqD0SCkaZG9ro0IFmnldTDG5xzddSn/vlYjAoxpyb5rbbbq6QNzjyfJeFa3mp8+n
-tqsM7pxVvId8Dh5hRkTzzmdHw1o1HpiVmrNCiJq2tY1bGqeeqC8FFJyvDMZuOaTu
-psG/l8Pu3seGi4HTZzh2dAgguq27VZnzzYVkTuhlsC14
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sseqa.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Donna Yamasaki</GivenName>
-    <EmailAddress>Donna.Yamasaki@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Munish Malik</GivenName>
-    <EmailAddress>Munish.Malik@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="http://webdev.ucop.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webdev.ucop.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 190, expires on Sat Jul 26 18:35:29 2008 GMT -->
-          <ds:X509Certificate>
-MIIFQzCCBCugAwIBAgICAL4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcyNzE4MzUyOVoXDTA4MDcy
-NjE4MzUyOVowSjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYTEYMBYGA1UEAxMPd2ViZGV2LnVjb3AuZWR1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDJjHlkOn4zkVQdr5ss1wxLToYVlt/yckW62i170loD
-2/p0jIxDOHeAwlp5faabmYirN8O5WwX/RcVaX+jDYbfeVeu2xA2g4ptsfVtb1zR4
-d1uttVfaz3G+k9zHXfnjYaefcrPd1/8N7aTB4aYNr8rgkVJDR/OjHxoVBvJCTwvU
-1QIDAQABo4ICqTCCAqUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBS1KLFuzPOWwR81
-TMQ48E9MjGPxmTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6Bggr
-BgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-CgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBoGA1UdEQQT
-MBGCD3dlYmRldi51Y29wLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAfo7eq4zjZp6S
-+4sfdRt+jhLuLRLoTVTmb7eO3ZAUruG76KAFFjZ06ELE40gQQofgYvjmE+nRHi8I
-TDrAMW9ghYTSig7WAsx6LVWkULbNforaVr768BEVKgmvUTaVk2RrVeW4+3MAj1Ap
-r7XLITtsjaF82Pc0mNHHHcKn8JHxhrRpNKYaOEdT+GSq8YB4CUoXA5JkQ85GUEzs
-EilcNu2sx/N7MBt5TUoHbFXykT5FM1uNvq9jWS6IsYYh0YC6lu76+YJCVQXF+aRE
-/cfw6dDGy2Xi+SykXHNgDf/eyp/DvjeMIMoaBjzKoDpZjjIkA15wZcBSxv34Upoj
-zmtusaYTmA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://webdev.ucop.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California - Office of the President</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California - Office of the President</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucop.edu/welcome.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Ashley Gould</GivenName>
-    <EmailAddress>Ashley.Gould@ucop.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jon Bertsch</GivenName>
-    <EmailAddress>Jon.Bertsch@ucop.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California-Irvine -->
-<EntityDescriptor entityID="urn:mace:incommon:uci.edu">
-  <IDPSSODescriptor errorURL="http://shib.nacs.uci.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uci.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 409, expires on Thu Aug 19 18:20:31 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAZkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxODE4MjAzMVoXDTEwMDgx
-OTE4MjAzMVowHDEaMBgGA1UEAxMRc2hpYi5uYWNzLnVjaS5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAM3aTDMZEOxxCdqIFSyYNNMnLXa/ga0rFGFm+mi8
-P8Q2eCAIsHU4BzcHE+K81FibygijyYz/v9KiOXw8M41hzmm8xbr5X28ZU7K0F4zn
-uhG6vU+6Laxt0gxhixP/DvDh0uZVxrjL8emJPDgVjixAYbjJGO3FOiIW+cUbcFhX
-sSwxAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFBczFfDCfZYv
-TQGAdyuDIQ3Yf2feMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNo
-aWIubmFjcy51Y2kuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBfECXwdqYkc+0wlj78
-Go7cA9z0ONqyjRLByqRGOVr9EfDcZfxdIyCIoB3iO/3Cu++QDCX5uE6ia8J9b112
-y5em+lt86mdvzL+IU8CVFKmLemnKCEs2fS5jxgicUMsFw7jBGJW2oI/lmKIUcc+0
-IckRIM/9kfQ56CPQvs+3WEfaMWhUzfI3aKQuLKyFbB+cd/+WPrOs+wa8hLChMXvs
-M99kqriQfptOWDH6G7M+74vP748jQ7fvQvOwXJWMomUTTDvh46OOC2+0peWbp7vw
-T9nDZwcuxh7Zt4DYlWYyv/fUxU6HAGuGjW+vFBTdseOwwQdjz0MOSacxAs4m8lP2
-mfmc
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 205, expires on Tue Aug 19 21:29:49 2008 GMT -->
-          <ds:X509Certificate>
-MIIFTzCCBDegAwIBAgICAM0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgyMDIxMjk0OVoXDTA4MDgx
-OTIxMjk0OVowVDELMAkGA1UEBhMCQ0ExKTAnBgNVBAoTIFVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYSwgSXJ2aW5lMRowGAYDVQQDExFzaGliLm5hY3MudWNpLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnQoG26tJ1DobPTi5DnRAkGXQe3x8
-irw/yCR3T2QqHIkyYBRrDkKHwnFZ89D23OCex3pFRWGXSzZoEUpgSX3f+1oHc7lc
-dvehDEEnfytH3did4/S1VeVH6V42NdKvo9Oc8TgjaNpBb/5evTXLQR/dXNZjBeTI
-dBD2M0sCQbIZpF0CAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-EIfW3ZGcblB6RVzLj9MwjP529UowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAcBgNVHREEFTATghFzaGliLm5hY3MudWNpLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEANLYFFyJoThPIxzvWutgMx6wt9nAIV8Q1KWGMpuWxBbHG/VUxs5KNNbvYzTNA
-Hrk2ibbS1Zh+qLyLbEa4U6vsCHFZTp/nHp/erSfDQY5gRN6YCF+IsU0rai9wpvl/
-KnE2E3zXKFk31cUNNzerDEtLG8WqQq0+sn83V6Mnba02q+FTbAdRInonXWwHEu/V
-oHWUqdbiJRR26BMd6mzIOhhTCWylXjE8ta+t6P/oqx0OxEDeYwVNREm+zShRUaIK
-kH2xvURRwy7yuutFgKctj14GZS1kEdLelxuAMXVwTTWGOFX3g8oRoayUtdYzXPFB
-QWD2CJoHgwnjrDNYZ9LA6+s2/Q==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.nacs.uci.edu/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.nacs.uci.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uci.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 409, expires on Thu Aug 19 18:20:31 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAZkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxODE4MjAzMVoXDTEwMDgx
-OTE4MjAzMVowHDEaMBgGA1UEAxMRc2hpYi5uYWNzLnVjaS5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAM3aTDMZEOxxCdqIFSyYNNMnLXa/ga0rFGFm+mi8
-P8Q2eCAIsHU4BzcHE+K81FibygijyYz/v9KiOXw8M41hzmm8xbr5X28ZU7K0F4zn
-uhG6vU+6Laxt0gxhixP/DvDh0uZVxrjL8emJPDgVjixAYbjJGO3FOiIW+cUbcFhX
-sSwxAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFBczFfDCfZYv
-TQGAdyuDIQ3Yf2feMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNo
-aWIubmFjcy51Y2kuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBfECXwdqYkc+0wlj78
-Go7cA9z0ONqyjRLByqRGOVr9EfDcZfxdIyCIoB3iO/3Cu++QDCX5uE6ia8J9b112
-y5em+lt86mdvzL+IU8CVFKmLemnKCEs2fS5jxgicUMsFw7jBGJW2oI/lmKIUcc+0
-IckRIM/9kfQ56CPQvs+3WEfaMWhUzfI3aKQuLKyFbB+cd/+WPrOs+wa8hLChMXvs
-M99kqriQfptOWDH6G7M+74vP748jQ7fvQvOwXJWMomUTTDvh46OOC2+0peWbp7vw
-T9nDZwcuxh7Zt4DYlWYyv/fUxU6HAGuGjW+vFBTdseOwwQdjz0MOSacxAs4m8lP2
-mfmc
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 205, expires on Tue Aug 19 21:29:49 2008 GMT -->
-          <ds:X509Certificate>
-MIIFTzCCBDegAwIBAgICAM0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgyMDIxMjk0OVoXDTA4MDgx
-OTIxMjk0OVowVDELMAkGA1UEBhMCQ0ExKTAnBgNVBAoTIFVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYSwgSXJ2aW5lMRowGAYDVQQDExFzaGliLm5hY3MudWNpLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnQoG26tJ1DobPTi5DnRAkGXQe3x8
-irw/yCR3T2QqHIkyYBRrDkKHwnFZ89D23OCex3pFRWGXSzZoEUpgSX3f+1oHc7lc
-dvehDEEnfytH3did4/S1VeVH6V42NdKvo9Oc8TgjaNpBb/5evTXLQR/dXNZjBeTI
-dBD2M0sCQbIZpF0CAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-EIfW3ZGcblB6RVzLj9MwjP529UowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAcBgNVHREEFTATghFzaGliLm5hY3MudWNpLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEANLYFFyJoThPIxzvWutgMx6wt9nAIV8Q1KWGMpuWxBbHG/VUxs5KNNbvYzTNA
-Hrk2ibbS1Zh+qLyLbEa4U6vsCHFZTp/nHp/erSfDQY5gRN6YCF+IsU0rai9wpvl/
-KnE2E3zXKFk31cUNNzerDEtLG8WqQq0+sn83V6Mnba02q+FTbAdRInonXWwHEu/V
-oHWUqdbiJRR26BMd6mzIOhhTCWylXjE8ta+t6P/oqx0OxEDeYwVNREm+zShRUaIK
-kH2xvURRwy7yuutFgKctj14GZS1kEdLelxuAMXVwTTWGOFX3g8oRoayUtdYzXPFB
-QWD2CJoHgwnjrDNYZ9LA6+s2/Q==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.nacs.uci.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Irvine</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Irvine</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uci.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Brian Roode</GivenName>
-    <EmailAddress>bgroode@uci.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>NACS Response Center</GivenName>
-    <EmailAddress>nacs@uci.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Chris Peters</GivenName>
-    <EmailAddress>cjpeters@uci.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://kualidev.adcom.uci.edu/kuali-dev">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>kualidev.adcom.uci.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 144, expires on Wed Apr  9 21:14:39 2008 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICAJAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDQxMDIxMTQzOVoXDTA4MDQw
-OTIxMTQzOVowWTELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIFVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYSwgSXJ2aW5lMR8wHQYDVQQDExZrdWFsaWRldi5hZGNvbS51Y2ku
-ZWR1MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJogywpxEdm1F1F/NLsIxs4chuE3
-hrzT9JgM2p07GOVoqfSVC5/5KomuMtVAj8UvwWbn6R95xyP+/L96K2fVG30CAwEA
-AaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUO2f+3r7GAnn7RSNRhxms
-mUauqYYwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJ
-BgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQD
-EyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUH
-AQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNB
-IElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAhBgNVHREEGjAYghZr
-dWFsaWRldi5hZGNvbS51Y2kuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAbGfxubvyU
-onnn37LGJcCfpjo8pllj0+JZEJiMECsdUeu/2NLP/QQEh+RQ3EaqUprNS+2NZ+sE
-IJwARYw5jFJYCI0F2LYQE2dzs9KdirLqvkTkdeL4hymCFGOuxAl+mIyrJM3YB6yC
-55wxnI8jHf7d6lE78/08L4JXYln9gDjFlS9KCaAOBhMT1Nfo6RM+mxfYkLwAdcf3
-u8r+VWzCOn2nDJAq0NGCMaEQwQVPKB20eijTvFAfSrWgT8e9hJfc2FnErJHvpihg
-y5/+eF4BxITHeNAR3Hjl49BeF2aLD/z/g4h0XEn+JvEXZNT8y8yrYQyquYyo29QR
-rFS9mMMhUj99
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://kualidev.adcom.uci.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://kualidev.adcom.uci.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Irvine</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Irvine</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uci.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Josh Drummond</GivenName>
-    <EmailAddress>jdrummon@uci.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Josh Drummond</GivenName>
-    <EmailAddress>jdrummon@uci.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shib.nacs.uci.edu/cgi-bin/printenv">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 205, expires on Tue Aug 19 21:29:49 2008 GMT -->
-          <ds:X509Certificate>
-MIIFTzCCBDegAwIBAgICAM0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgyMDIxMjk0OVoXDTA4MDgx
-OTIxMjk0OVowVDELMAkGA1UEBhMCQ0ExKTAnBgNVBAoTIFVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYSwgSXJ2aW5lMRowGAYDVQQDExFzaGliLm5hY3MudWNpLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnQoG26tJ1DobPTi5DnRAkGXQe3x8
-irw/yCR3T2QqHIkyYBRrDkKHwnFZ89D23OCex3pFRWGXSzZoEUpgSX3f+1oHc7lc
-dvehDEEnfytH3did4/S1VeVH6V42NdKvo9Oc8TgjaNpBb/5evTXLQR/dXNZjBeTI
-dBD2M0sCQbIZpF0CAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-EIfW3ZGcblB6RVzLj9MwjP529UowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAcBgNVHREEFTATghFzaGliLm5hY3MudWNpLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEANLYFFyJoThPIxzvWutgMx6wt9nAIV8Q1KWGMpuWxBbHG/VUxs5KNNbvYzTNA
-Hrk2ibbS1Zh+qLyLbEa4U6vsCHFZTp/nHp/erSfDQY5gRN6YCF+IsU0rai9wpvl/
-KnE2E3zXKFk31cUNNzerDEtLG8WqQq0+sn83V6Mnba02q+FTbAdRInonXWwHEu/V
-oHWUqdbiJRR26BMd6mzIOhhTCWylXjE8ta+t6P/oqx0OxEDeYwVNREm+zShRUaIK
-kH2xvURRwy7yuutFgKctj14GZS1kEdLelxuAMXVwTTWGOFX3g8oRoayUtdYzXPFB
-QWD2CJoHgwnjrDNYZ9LA6+s2/Q==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.nacs.uci.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://shib.nacs.uci.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Irvine</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Irvine</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uci.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Paul Main</GivenName>
-    <EmailAddress>pmain@uci.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Brian Roode</GivenName>
-    <EmailAddress>bgroode@uci.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Washington -->
-<EntityDescriptor entityID="urn:mace:incommon:washington.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">washington.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>hs.so.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 181, expires on Sat Jul 12 14:14:54 2008 GMT -->
-          <ds:X509Certificate>
-MIIFVTCCBD2gAwIBAgICALUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcxMzE0MTQ1NFoXDTA4MDcx
-MjE0MTQ1NFowUzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-V2FzaGluZ3RvbjEhMB8GA1UEAxMYaHMuc28uY2FjLndhc2hpbmd0b24uZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4dWTuTXf/+9CiNOiJDENlK0XAOpxn
-UnIuAILtX+3Sqp8RhQ6o1W47c2YTaasZ4K+ve71upHmJqq8n4UeSDdqRcDCwT99V
-g9db8/XMTqzEiGt5D0tW+FlK+WPwH8dsM4kX/br3ioBFatxOElsSl9wjftHQZq1A
-YzlHOnBlLwmR5QIDAQABo4ICsjCCAq4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQW
-ZkL/7ESmQDxxsBIojqQ8IVO5OjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MCMGA1UdEQQcMBqCGGhzLnNvLmNhYy53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEAAqPrA6RJV0SAjcuw4fh/wgWkkquq8WKeE8LWYcgn80onbHK/PWCM
-YruDYhaDAJI3vb4WHHWCuH0s4VaRviWE6K7ehaG+EABIWcsOhkfuAh1oxnFNe4QD
-83L1tPWfuEOLiUVeudVLR1cXw6ndjX5VMWyI6BkUrXFJJvzoaEO5u2Q7YZ3/Ya0O
-oFRt5Y2FB6c0HYnNENE8K6ppJnF7VCSBcoDsgJkeZkOftF7Xbk8y6kLX7OXlPrJ8
-vt3XeruO2/yI/3J4/MF8SZp3M+XfGlbIiYIX8zvW4yjJXWOZCxp/TruKGepu0JDT
-9OQA6rhpizUa/AhJ0SIZSPeSMLzVl1wN8Q==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>hs.so.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 363, expires on Fri Jul  2 17:14:58 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAWswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTQ1OFoXDTEwMDcw
-MjE3MTQ1OFowIzEhMB8GA1UEAxMYaHMuc28uY2FjLndhc2hpbmd0b24uZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4dWTuTXf/+9CiNOiJDENlK0XAOpxn
-UnIuAILtX+3Sqp8RhQ6o1W47c2YTaasZ4K+ve71upHmJqq8n4UeSDdqRcDCwT99V
-g9db8/XMTqzEiGt5D0tW+FlK+WPwH8dsM4kX/br3ioBFatxOElsSl9wjftHQZq1A
-YzlHOnBlLwmR5QIDAQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQW
-ZkL/7ESmQDxxsBIojqQ8IVO5OjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREE
-HDAaghhocy5zby5jYWMud2FzaGluZ3Rvbi5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AJE8ZO/iG7t6NShHj54fJZjjZ93EJBZuTEQtdnQXX/PMxZzHcL+WmZWe80DN6xpG
-ulHreYQ5fLcbYbXFXBDSJW9loB+QVdS6FMqItBfSx4p4w/d10qLhStaqwMJKNftu
-NG0IT9QuBINk27qe11JG1PSnLe+UxiXDwpXXBtOm3O4fQU+9zC/+o0cDkKPCmsy7
-ChdhD7B5WglDN5Luk0DELimVpPcoVrQE9FI8p99qsrNfNV0gQ1rRWWmUm2gXxbgG
-F/0lRUvuOtZn574/bV8mNy6qLB2IOYHBFdBP/gId5H4kq6dk1a0BPo9mU3cf72gY
-DPOLvimWD3y1b649nqm2IT4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://hs.so.cac.washington.edu/shibboleth/HS"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">washington.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aa.so.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 180, expires on Sat Jul 12 14:14:50 2008 GMT -->
-          <ds:X509Certificate>
-MIIFVTCCBD2gAwIBAgICALQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcxMzE0MTQ1MFoXDTA4MDcx
-MjE0MTQ1MFowUzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-V2FzaGluZ3RvbjEhMB8GA1UEAxMYYWEuc28uY2FjLndhc2hpbmd0b24uZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUb1WFq7sEsaXKt/wD5sdfK6klW2Um
-hgL9kQ/GGqcglPXmlbqUuhoj8Joso4LPZgVpjvm4R5pRi/fYzksJMw1vBrmHAJXV
-3gv6hvgOeFVDkCWYnEnR5fajjSAkC1hol2hLo6SPX2HlgZPcjKo15A0A5ZTsRltm
-+UFrCmrc/azkZwIDAQABo4ICsjCCAq4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSR
-AXakoETHe1EXGcqpdCAuAOUUdjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MCMGA1UdEQQcMBqCGGFhLnNvLmNhYy53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEApzL/nQyOwUoijwgCD9LZNsZHeRhsS/qlJ1GXj9ZC9QmEdIYNXgJK
-P5Xt02+wlG7H9HYcQTC7jXoPi85ChnhaAlIv9Vw8Nr3+UKkOXRWTEh0UjwOKZItR
-PU6br0WamSZPXq6QK+cD33XqTJiPYMyeeEBIuo+8L4D3tLDV9o34i/FPJtj/YlT6
-Q+QPnQztQRfxx7h8a2DOTb+1oquF/d+KMxagppMEXAebE+UCFeN/tCHHtXCec7Kp
-ODW8+Bh30C1JCorfGKZ0FpaoTnPld9RlFUHS6EesXWuLS1yCi4sj3id+1aqQy4nN
-Pwj+c1oQWrxHIzrU/R6RwnWRH01J/MdZMg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aa.so.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 361, expires on Fri Jul  2 17:14:40 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAWkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTQ0MFoXDTEwMDcw
-MjE3MTQ0MFowIzEhMB8GA1UEAxMYYWEuc28uY2FjLndhc2hpbmd0b24uZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUb1WFq7sEsaXKt/wD5sdfK6klW2Um
-hgL9kQ/GGqcglPXmlbqUuhoj8Joso4LPZgVpjvm4R5pRi/fYzksJMw1vBrmHAJXV
-3gv6hvgOeFVDkCWYnEnR5fajjSAkC1hol2hLo6SPX2HlgZPcjKo15A0A5ZTsRltm
-+UFrCmrc/azkZwIDAQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSR
-AXakoETHe1EXGcqpdCAuAOUUdjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREE
-HDAaghhhYS5zby5jYWMud2FzaGluZ3Rvbi5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AKSdO8/mh2EV7H4OFxPj2O+eISS7Njo5b325Q1Ab4HZeIrnCYAVtMIXVQdd9gv9W
-TlPvH9KjAeilegDP9Me+ZLv/lvYmti/1uoidglSu6nMPbfb3vM9xs0U+xD5tN9cq
-/Gt50vmPFai+LFKvfsVTo9qibBgN6Wgz63a6+JFRlWIUgtcaEPRMj61fqmQSwBsW
-qaKEBISsbBeuJrER5g9gY5nXjWAMfOFP/NKIa36lfEu9a4/npT8w2EUMTu9AbRxI
-4YHFHdW1YmFGcqUhmqzYiAjPWzIaATnpbRQenxWgC0wiB2y9/w2uMKQWC1DT+3UK
-jct+5mL5DERlqptPz1WirFw=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.so.cac.washington.edu/shibboleth/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Nathan Dors</GivenName>
-    <EmailAddress>pubcookie@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Nathan Dors</GivenName>
-    <EmailAddress>dors@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://arrow.eplt.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>arrow.eplt.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 372, expires on Sun Jul  4 18:14:17 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICAXQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMzE4MTQxN1oXDTEwMDcw
-NDE4MTQxN1owJDEiMCAGA1UEAxMZYXJyb3cuZXBsdC53YXNoaW5ndG9uLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1MhtGNKGF9uco24xjz+fzBpjGNyR
-dGzt3mNolS9K5TG9VqFd9TL4nCXluY8sj3bAcSfuxvDwekE40l2BFwIaUAdznrQt
-aGFTQpak1v/N2TyZrIW88FvEd2w/ZXrKeIHgHSZuiSWC6TWEs6ei4m3L0yuqSIW+
-F4/Ctbr6ebVaIP0CAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-Q4rGv0FLXo1n933KothfD5tdaRowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJAYDVR0R
-BB0wG4IZYXJyb3cuZXBsdC53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEABJzhVLfXPPIRRfQwhL7t2Ty34h7KWktHPDj9eOg3M/KDWhNzPkLvkf6torXW
-2NphdTvB+Q+4qgBpMtisc+nES0ZqU+GVsOs8HT7G1s2wPsK1FYrl0BA+Pdciub3P
-o0cF3sFRlWz03nOjuUcIlKykuPAh83rkc9EP0vVjdIh0d++4x5P47bCuKlNXpZY3
-cjZLKQm7ITrbkUfXgzyNQb95JN0wQ4Cs5btOWjgD8GJMHJE5ZwkoP8/PP4IhHbXp
-FJTsc9WGOf+XpnGmPV6sqwuk3sSvzZ413j8PqHo1d517CtbH3npfpkfuK3urnEzu
-FpjnVtYPtUwdjB/UgDYZUgLsuw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>arrow.eplt.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 426, expires on Sun Sep  5 18:09:22 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICAaowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwNDE4MDkyMloXDTEwMDkw
-NTE4MDkyMlowJDEiMCAGA1UEAxMZYXJyb3cuZXBsdC53YXNoaW5ndG9uLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtFwx9MOSwlpxaF1lWspait9mT5sR
-MD4dcwFbEMofDZZ8Fj9arnMa8eFapPO6fa7ICznqQAdgjaypycgSuTSqceP9ZrES
-H5uMAGO0cSaAdhhhBZEubQM5l7Pw8Xmu4hTvgcv0h5ZApsRqbEA3bP0haXMU7/Lp
-Q8LMVxlnE0OhEs8CAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-nWOYs0MGGF4JqJtnvtmdRMmoDhowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJAYDVR0R
-BB0wG4IZYXJyb3cuZXBsdC53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEAVV2P/ajTR8oEPEzSENS1+x+ZbViNAFPwGN8BEsisX99dth4M6ITeFQXupRu4
-YFYnLl3CuOE2K8M9nZyiNFUvh8YCY0TUUI/DOAm7TqjAWN0/FraUlmvyvqdoEgij
-NaNye34RTnBLlA4TnBdWn/8uRK71YAyhluuMAS+ZfNUZzPngn+jxVdvx/PtwLeMd
-Y4tAhnWtyWSF6rHEdMZj+xo12GMaaJlxEKyzJVqN5Pa72AyJ3J9IW+eVWP+1HFFJ
-snhe41Tno23asic35OugEk4B3CNPyvuqCgw17JGYIsfaoBr2OvqmHzVemo8h0oZc
-M5+FANsbJ/Geeok1qzCV+l11HQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://arrow.eplt.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Patrick Michaud</GivenName>
-    <EmailAddress>pmichaud@washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://beta.research1.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>beta.research1.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 407, expires on Sat Aug 14 18:27:19 2010 GMT -->
-          <ds:X509Certificate>
-MIIFETCCA/mgAwIBAgICAZcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxMzE4MjcxOVoXDTEwMDgx
-NDE4MjcxOVowHTEbMBkGA1UEAxMSYmV0YS5yZXNlYXJjaDEub3JnMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC4cbnZWwlTh/QGJctUYkQOUPHO1IPxrZ6MQQXR
-O+O5EYsFgDkZgSbykm/SnDeyNZ+Ms2KxwcyOZv4KjM8x/Ax0K1X+3CtVmpOcUpYV
-d1CJexUBvBWor+YPlYAcDFKTE8bE1Kt2l/KDUb51Czgg03to/zCTgoYfkUwOCjgM
-E8hmyQIDAQABo4ICpDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSIHBIME8NJ
-BERDBDYLntScnLVH3zB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGy
-BggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJi
-ZXRhLnJlc2VhcmNoMS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABVZyX6FAWhS5TYa
-cj4eiGG7+wKEfj22rOogQr/pz/bjcoL0qb7lsN04UavEF9+VpOgwJoc1yDSLTDJc
-WhN5iAkfnyI7WxfAn5omwO/m5Wht7DfIu8PTj4qS06khD+nSktfVIFTdRCquvb8f
-tGcwrokylgFxM6qDL3v2oKKjd/pv0J3p+V974OLiholaW/cctqSool9ogJR5dbH2
-ZcrwZBVlQaU18ZFdWj2fTjBV3KWw7CQPL3zOTCVnLypn6idLJ/J4VIVy6KEeZYiH
-0o8EneWUt662g6oRRTks4sVGyJJvlRhuK57pWBfyRwU3792+dJmUvGTELtcpBZo2
-7Hc7WlI=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://beta.research1.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>SMVTT Technology Initiatives</GivenName>
-    <EmailAddress>smvtt-ti@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://bog.cac.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>bog.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 226, expires on Fri Nov 14 22:23:17 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUTCCBDmgAwIBAgICAOIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTExNTIyMjMxN1oXDTA4MTEx
-NDIyMjMxN1owUTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-V2FzaGluZ3RvbjEfMB0GA1UEAxMWYm9nLmNhYy53YXNoaW5ndG9uLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxEkcuQJoH2fsbvfGlEijJIw6kBdBTfms
-cYbztBeawNplyL1+nVDEdVzCu79QAXj921uyOhaF9R68CT1yHCgdc70t0TrU4vIg
-XNQYUT05ll1Fnfd1YNwuZb/FCez7z/h7K2kIxS97B15kFRhLlD8yAhrruoZneOrZ
-nN7xKBWKRT0CAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUR4uk
-RExgkjKlpTQsVt80MwjhBN4wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZib2cuY2FjLndhc2hpbmd0b24uZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQB2vtbsFUBxSJker0lCTjOQIEtEXkZBCfNlzvllpfrsrzjvZ23blMM9qYHS
-HCN+i8KikhS4CiiWROoyjB1JuY299W2OUQz4qXVBh1Ct2UpmkwWdKC2tgjJtcVP6
-KCXOF5ZkFqzuJqb/VZCxdtnjO2PPltdxdJ5OnvCyn+6lHidzIzgLhrTKv6HLlIDB
-CinyTVc3UuYwwxbgJD+UIYAjvdtPb4qJu/RzvyJD0e+jbrsYTqqVaq4ByjFHxS6o
-I6iAm2ch4sbi1QOKJ52knMBZJ2+V0oKj20gwPo0WnQP7klGoIVtkIVijRTIcK+8y
-BM+Vs6J7xo3+frwztyrmeOyjx2eJ
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://bog.cac.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Applications Engineering</GivenName>
-    <EmailAddress>ds-apps@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://catalysttools.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>catalysttools.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 214, expires on Thu Oct  2 20:13:37 2008 GMT -->
-          <ds:X509Certificate>
-MIIFXTCCBEWgAwIBAgICANYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAwMzIwMTMzN1oXDTA4MTAw
-MjIwMTMzN1owVzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-V2FzaGluZ3RvbjElMCMGA1UEAxMcY2F0YWx5c3R0b29scy53YXNoaW5ndG9uLmVk
-dTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA/KoX6P9iYVRXocrnx+jRZZVE
-mnsSvFM5Ek7S2o4vY8sC30V7Cx89kWPTW8uhxr5j7m3hscOl778Hw1c7Hs1eK2HQ
-vCAqGsEWDFDpxIKKwUClDFayY2DsbUNIWt6JnTkG2Dp/WNcl6sRz4ZactzRi67XZ
-JL56UfwgD9Cw6D7W/HkCAwEAAaOCArYwggKyMA4GA1UdDwEB/wQEAwIFoDAMBgNV
-HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
-FgQUHOHIYmBaSMIFH9+s0p4fXz9I13IwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd
-3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBG
-ZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDov
-L2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRz
-L2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9u
-Y2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0
-dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2Vz
-LnBkZjAnBgNVHREEIDAeghxjYXRhbHlzdHRvb2xzLndhc2hpbmd0b24uZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQAdJKREb2+5OxI7rMrVixzNZX9V8eYKkG7v1GnxB6cm
-bW2tnsLpENaNGd7spCR9yOr6CnWGD5wRu5bhFv4nEDnTE9MwnNIgCNEzD+rdFa1X
-tGZCRoMzbKVTrRK9n67GVIraSgQwSgQiIpxy2adzxvDVmnVZorTvltpAtfwKcjat
-218Hh8oULkLktlGhlHmVv8cahZxHYL7WPYMyZGbyuSYKMFHo9bc/asZ+xYe3WCD6
-qETWMhMqZRdurptoYpAt/XV7EACSl+C48IRQAn3uNbZiVYH8lJIXS6NVXG662aH6
-7MVAveHLn1Rrn6gdCX5XQJiWIjkPCdEyxgq4JG9peUeB
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>catalysttools.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 441, expires on Fri Oct  1 18:16:41 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJTCCBA2gAwIBAgICAbkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkzMDE4MTY0MVoXDTEwMTAw
-MTE4MTY0MVowJzElMCMGA1UEAxMcY2F0YWx5c3R0b29scy53YXNoaW5ndG9uLmVk
-dTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA/KoX6P9iYVRXocrnx+jRZZVE
-mnsSvFM5Ek7S2o4vY8sC30V7Cx89kWPTW8uhxr5j7m3hscOl778Hw1c7Hs1eK2HQ
-vCAqGsEWDFDpxIKKwUClDFayY2DsbUNIWt6JnTkG2Dp/WNcl6sRz4ZactzRi67XZ
-JL56UfwgD9Cw6D7W/HkCAwEAAaOCAq4wggKqMA4GA1UdDwEB/wQEAwIFoDAMBgNV
-HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
-FgQUHOHIYmBaSMIFH9+s0p4fXz9I13IwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd
-3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBG
-ZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9p
-bmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9j
-YS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJwYD
-VR0RBCAwHoIcY2F0YWx5c3R0b29scy53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEAZaAH/tpIpPpLw1JbVgklMMXiLF1phq4IOYtSO4xnLpyMqDhMmoTf
-arRqY2JBS+mZ/z1fI+0biWuTsyLqN3lZ0Qvvk4vYUm1y6RZ3JCOE9YTY4Dl0/+22
-3T6BWDf/Jp1/1PUtnHLkMVDEb2H9CYelKkuWPE+dNDBiEk8Cp6pb8Pfk3bs7lnjH
-7n9Yv2BVcTaeSAg7XRiFEb3urMT4OLNAV56PTS3Q2HmoDU6xYuoJuAEd3Ic9KfYC
-6hoOwbUE+2Iy5pEyXfTQ714r5sqjHDMjbk31AoWFFyhtBNiPOaBYb7uyeLN1RW5D
-w+ePLJ4lxHtjc/n+RMp+bQzONh2VfXYNMw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://catalysttools.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Collaborative Platforms</GivenName>
-    <EmailAddress>teg-cp@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Catalyst IT</GivenName>
-    <EmailAddress>catalyst-it@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://cat-dev-tools1.cac.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cat-dev-tools1.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 212, expires on Thu Oct  2 20:12:47 2008 GMT -->
-          <ds:X509Certificate>
-MIIFZzCCBE+gAwIBAgICANQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAwMzIwMTI0N1oXDTA4MTAw
-MjIwMTI0N1owXDELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-V2FzaGluZ3RvbjEqMCgGA1UEAxMhY2F0LWRldi10b29sczEuY2FjLndhc2hpbmd0
-b24uZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO+vtGqzI0lnbe3pT1
-0XLUrgTl1GyKGizzhpidQUWiyqYfASy03yvV16u6Ju/f/iTDn6UDjp3PJEHJ7uP1
-VN3WCHciXdI45TuJzbjahzJ5LHDCMkaPddywAnwrJmVnaGHEzsdhJRSQzfurWeHA
-zXNXUw0eO/ah3UjeB53QxGW+DwIDAQABo4ICuzCCArcwDgYDVR0PAQH/BAQDAgWg
-MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
-A1UdDgQWBBSDLrWk4Y3NaB7BIpz3II4THzcpXTB+BgNVHSMEdzB1gBSTLchhGK1j
-45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29t
-bW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpo
-dHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5j
-b21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5
-aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9l
-ZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcC
-ARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFj
-dGljZXMucGRmMCwGA1UdEQQlMCOCIWNhdC1kZXYtdG9vbHMxLmNhYy53YXNoaW5n
-dG9uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAaYGrG14HkS+CI9S/BjOI7vOWHtDJ
-3tDqiSFHTQpgmHljdz5jSG71JbCef9F6ncai2HsqPeX0DLm7wa1Sgs9+/HOhAHPk
-4X6D/x9V7F5PWAD3dTlSkh3Jm13HfTyTr/hnWWUsna8eyn2XEHnJ6jIijMUBWlzf
-eAXHEJdMFwY3YcvpinFW9+c+o6YP/CKWIv+BstFWsXK8p5O3s3EVsW6v/EE7oZK9
-LLhEAXbA0QCDrC8BdE38/84KJI/j1LzcbfiU5ZcCvnZ976+eaDwGXreaHQiyEJ0s
-eXbpvSsBsm8nsxVNc1gseWcUZQJ5LAMFWDycUnGb6rWjpXRasP/mPQ7jsg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cat-dev-tools1.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 439, expires on Fri Oct  1 18:16:32 2010 GMT -->
-          <ds:X509Certificate>
-MIIFLzCCBBegAwIBAgICAbcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkzMDE4MTYzMloXDTEwMTAw
-MTE4MTYzMlowLDEqMCgGA1UEAxMhY2F0LWRldi10b29sczEuY2FjLndhc2hpbmd0
-b24uZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO+vtGqzI0lnbe3pT1
-0XLUrgTl1GyKGizzhpidQUWiyqYfASy03yvV16u6Ju/f/iTDn6UDjp3PJEHJ7uP1
-VN3WCHciXdI45TuJzbjahzJ5LHDCMkaPddywAnwrJmVnaGHEzsdhJRSQzfurWeHA
-zXNXUw0eO/ah3UjeB53QxGW+DwIDAQABo4ICszCCAq8wDgYDVR0PAQH/BAQDAgWg
-MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
-A1UdDgQWBBSDLrWk4Y3NaB7BIpz3II4THzcpXTB+BgNVHSMEdzB1gBSTLchhGK1j
-45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29t
-bW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0
-cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2Nl
-cnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAsBgNVHREEJTAjgiFjYXQtZGV2LXRvb2xzMS5jYWMud2FzaGluZ3Rvbi5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAKvT5w8gHmzCzCzw8esCMof+VkMTSe4sB7bRjdwt
-oil1yrEXpCWAqAoPVry03RNVohMVdLvazIsNtpeMVJMVFKD/cRwY0oAHRUGkNifL
-WKFp3LfZs1YLezWoeIje49UK/DUDGXP7Yal+Raa9d+mqtsff3hQJQ/alQRMG1pp+
-bkCY5ZvDjZ3BECOPHE8mh6WrzJlBDYY2MWL38IWTYZIe9MSfYwzvZq4pZRmtGrWB
-MXZSREIZB1czPE+BD3j/1spikznjKI4mE8Fwz1/XmWLDt5geYUd8b6gRzewFsJpX
-HFSaH1aXboaCuGV99InYktUl5gMk5tXwuYbuBzKUNIdCld0=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cat-dev-tools1.cac.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Collaborative Platforms</GivenName>
-    <EmailAddress>teg-cp@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Catalyst IT</GivenName>
-    <EmailAddress>catalyst-it@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://cat-dev-tools2.cac.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cat-dev-tools2.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 242, expires on Sun Jan  3 21:58:39 2010 GMT -->
-          <ds:X509Certificate>
-MIIFNzCCBB+gAwIBAgICAPIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEwMzIxNTgzOVoXDTEwMDEw
-MzIxNTgzOVowLDEqMCgGA1UEAxMhY2F0LWRldi10b29sczIuY2FjLndhc2hpbmd0
-b24uZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSRn2WQzWQ5gMVdbHt
-fiTdQcbSjgAtliyM3OtpF/BwVDIXQGD3kJRWSPjx5rYuVMz+olFWe8+IVvOMDgKq
-9pUn/1jq52xj0STv3tkIw9MYn04CJ3DmXWmY+XdIUx0/XS4d3aFKuz2XduR5Ayjm
-3NT/tM7P4RkZXWPgxlAETpU2TwIDAQABo4ICuzCCArcwDgYDVR0PAQH/BAQDAgWg
-MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
-A1UdDgQWBBQIdzylzv6O+OrM5FiSuqA7L7kjQTB+BgNVHSMEdzB1gBSTLchhGK1j
-45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29t
-bW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpo
-dHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5j
-b21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5
-aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9l
-ZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcC
-ARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFj
-dGljZXMucGRmMCwGA1UdEQQlMCOCIWNhdC1kZXYtdG9vbHMyLmNhYy53YXNoaW5n
-dG9uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAaJGtzFqAkD/JqKJ4IyEvQOIsuPb+
-gOcB62jBAI6sIfF9OV+B8yWhk2iWfkIqpZL9RAs3RVTnGh6rXTnXHhilZr09aM7s
-YW+8Lqblyj0iqZjJ1mEaNXblQMCT/9TmXNBcM6DStrKW/FGieiqK0+PZw/IRlpQM
-856m79IJcWUSV3bxClZwwLOw+dSqzwusIEhAeu1AJR2ospB9XySXilCC3bGpRJDU
-ZNvxdZ4Zj6LlKP0NF/Ui30udcdlbmivjEFHCpmIkyqoTPnnzWlfexURDYWLhi8Wm
-vfFvpCmiQp4Gr1B/ALr9191z6wMr7sLgPSl/z6CiShZH7AGhWFZ4bkZEag==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cat-dev-tools2.cac.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Applications Engineering</GivenName>
-    <EmailAddress>ds-apps@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Catalyst IT</GivenName>
-    <EmailAddress>catalyst-it@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://cat-test-tools1.cac.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cat-test-tools1.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 213, expires on Thu Oct  2 20:12:54 2008 GMT -->
-          <ds:X509Certificate>
-MIIFaTCCBFGgAwIBAgICANUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAwMzIwMTI1NFoXDTA4MTAw
-MjIwMTI1NFowXTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-V2FzaGluZ3RvbjErMCkGA1UEAxMiY2F0LXRlc3QtdG9vbHMxLmNhYy53YXNoaW5n
-dG9uLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6tXirPIH4TFjzGAY
-5duEbad9C4dMgb1JDNcwrKWYl1elmKU+PkdnjvWnon8RNQl8CADVGagrv2BmcR8k
-LmfiD4eIySSg0XP+60VCLiPqetDnkr77rv5Ks7GPgt4vJTrrI1hDln15JvqgOeGW
-+ShjOeWz2GfhDZbnKdY+TGAnDmkCAwEAAaOCArwwggK4MA4GA1UdDwEB/wQEAwIF
-oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAd
-BgNVHQ4EFgQUrUUT96Mn8Sna09LnF6IKPusMBWAwfgYDVR0jBHcwdYAUky3IYRit
-Y+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNv
-bW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGa
-aHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdl
-L2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2lu
-Y29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUH
-AgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJh
-Y3RpY2VzLnBkZjAtBgNVHREEJjAkgiJjYXQtdGVzdC10b29sczEuY2FjLndhc2hp
-bmd0b24uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAeILafBZMSJp5kHAmRn0yRzEqV
-G8qJpf6YxL0AcTEc3Lb5KoP7dLxsHr0HpBCIx8gd6/52Jq2Y6bpk1r/Vv5RKqFD4
-vhcTZUqNhdk58ZP9OMU0kGB/WIpSUv16zBg3+w+2vTSgq7qDR3cvWgMW8vJroPRQ
-Pt1fEW71GG4hXjdsh1I7F6V11b1KNCNYzO30KX6NocxUvGHnYgS4ylgg+P8G+eke
-dqWIE8PaCExazguFJhEGFEHPoDefvvCeMyEPfdFyayKH9cKzJgx/SvCobGcW0JeQ
-cKqS8L5nLDs9llSjBOLM3P5hir2f78BnsOISCaOmimZ7eB1CH1HACtP1j1X9
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cat-test-tools1.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 440, expires on Fri Oct  1 18:16:37 2010 GMT -->
-          <ds:X509Certificate>
-MIIFMTCCBBmgAwIBAgICAbgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkzMDE4MTYzN1oXDTEwMTAw
-MTE4MTYzN1owLTErMCkGA1UEAxMiY2F0LXRlc3QtdG9vbHMxLmNhYy53YXNoaW5n
-dG9uLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6tXirPIH4TFjzGAY
-5duEbad9C4dMgb1JDNcwrKWYl1elmKU+PkdnjvWnon8RNQl8CADVGagrv2BmcR8k
-LmfiD4eIySSg0XP+60VCLiPqetDnkr77rv5Ks7GPgt4vJTrrI1hDln15JvqgOeGW
-+ShjOeWz2GfhDZbnKdY+TGAnDmkCAwEAAaOCArQwggKwMA4GA1UdDwEB/wQEAwIF
-oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAd
-BgNVHQ4EFgQUrUUT96Mn8Sna09LnF6IKPusMBWAwfgYDVR0jBHcwdYAUky3IYRit
-Y+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNv
-bW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNh
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRw
-Oi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5w
-ZGYwLQYDVR0RBCYwJIIiY2F0LXRlc3QtdG9vbHMxLmNhYy53YXNoaW5ndG9uLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAn6eCIrAkfI0JGSaulTchNWlh84JB8IdCyEOa
-Z1VDYRmr+7uPZMADnheqE96454RiCmOrfJDHIc/QEdG10eYg7g/H82CEMZI74Q+S
-P+w8TQTdB+G1qqR7rhTmedX3O70DsM2g68U5Yv8Pk8k8JHfFnyCO71USQDa5zNhC
-TQf/OKX9+0H7c8714rL/HgN9J1IEAD6iDHyquJujt0r4820fy61C/PQz/N5PWkwv
-fUWou/YoNQw/bMy/qZfvifNyfkMPTI6VHPxV04Qxsky961ld2eKULM7S6e/c8RWg
-HdLahbyk+ogu7ENxlePd0sQrJgaxthYA2gCyI5lPTxolPzG7yQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cat-test-tools1.cac.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Collaborative Platforms</GivenName>
-    <EmailAddress>teg-cp@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Catalyst IT</GivenName>
-    <EmailAddress>catalyst-it@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://cog.cac.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cog.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 148, expires on Tue Apr 29 14:10:44 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUTCCBDmgAwIBAgICAJQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDQzMDE0MTA0NFoXDTA4MDQy
-OTE0MTA0NFowUTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFVuaXZlcnNpdHkgb2Yg
-V2FzaGluZ3RvbjEfMB0GA1UEAxMWY29nLmNhYy53YXNoaW5ndG9uLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtdBLuXkE+LfeE7zA3BA4HV09Vn7K9P8J
-MxIl65HF6wdjjPUZkmRAlLtm7D1AkA4ToAaictvrn2qcaGJw856BWH6gl/S2+Dkr
-x/hsc0r39IImzGMz7QhvNueTPXLwDF6sLh8aARp5Ft47bAoZ2S5CdcrfFSNIUvnC
-AHj61j87rHsCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUDJHf
-6TiOz/fWmYuDEY5HNj7gD8swfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZjb2cuY2FjLndhc2hpbmd0b24uZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQB3beaRaTBynvvo2db8G3FxyzMuNOAnpPrCv3GvA6qx5IjaHLp5E+o9yvV/
-YhiAiiUqN7+8ytOmuWr6BVLV1S7dx9H0sYWWCKxOzpXD8Up9j+RXjy/W1T/q32nm
-kQjl5tJZ541pJtZ9Vs1HR/mXouh4pBcuU2CusV/7T3VI9XpV+CF5HF2CrMrJlI/X
-/Z5ilPSCSzdRTXKeIBMVD1oxBdHf4Gq7SJV3JhjGFlD3On75WTAaLWCVNupBkETw
-i7ARUe1yS1vOw1vG8opeJfCfCLFMK0MFPTlQKRs723WG466sQk7z/sfEUDOE/5gf
-K0duVGlgz7NLF7jhe7EZT8FOx9Wh
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cog.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 291, expires on Fri Apr  2 20:31:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICASMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMTIwMzExNFoXDTEwMDQw
-MjIwMzExNFowITEfMB0GA1UEAxMWY29nLmNhYy53YXNoaW5ndG9uLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtdBLuXkE+LfeE7zA3BA4HV09Vn7K9P8J
-MxIl65HF6wdjjPUZkmRAlLtm7D1AkA4ToAaictvrn2qcaGJw856BWH6gl/S2+Dkr
-x/hsc0r39IImzGMz7QhvNueTPXLwDF6sLh8aARp5Ft47bAoZ2S5CdcrfFSNIUvnC
-AHj61j87rHsCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUDJHf
-6TiOz/fWmYuDEY5HNj7gD8swfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZjb2cuY2FjLndhc2hpbmd0b24uZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQChFbNDJ2jYviwLdK6I1lK2NwKxJNUuiWamEC7bRa4kbu3Sa68rVCBX8hqZ
-Br5Madz7qacpi8z7kE7lm+qRraGo9JXw0MIY3+Q/GMPZ+z6rT325gMzSlAHuDwfl
-mhNiURVBiRcZfNrr/SxKtdbzgcOc1+5RRYXI3kaWyLf2g360Y9APsw14KDQEnaqT
-+u0c5yLYiI+z+O28lLdyopTaLPr9HgdoHKkTfT+NePVb8k6wfcPRQGq0sp34wJ7U
-mfvrmvzTne7rQ+EJB1mbJPfMP9oS7F6AobnjtXnRF0pXekbKfQ+ftnDPLvyNCM95
-RIqABxkOFB6fKwe99BszvEl5EPoN
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cog.cac.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>TEG</GivenName>
-    <EmailAddress>teg-cp@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>TEG</GivenName>
-    <EmailAddress>teg-cp@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://cstest.cac.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cstest.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 390, expires on Sat Jul 24 19:40:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICAYYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcyMzE5NDA0NloXDTEwMDcy
-NDE5NDA0NlowJDEiMCAGA1UEAxMZY3N0ZXN0LmNhYy53YXNoaW5ndG9uLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr9M81J7UH0eC7xywyYdCvYKNzzEJ
-5iA5dGllGsi1XrDDJ7HOcy/AANLjt+Bs2Atl2kXP2rlTTaBgJuHKCizCWuWAXc9m
-42WSkofW5hR4/RTb3XHvIOOLxe2O/zrIfvI5IvSJFZK46roOu6NqvdxCaxM4yBO0
-OkdZlpvxx+N7BTMCAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-8YihReZILdBKMDgD+bLbncGGzFwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJAYDVR0R
-BB0wG4IZY3N0ZXN0LmNhYy53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEAm7jWgQqpqoaQi8+wEnA+X1iqoRyBulLreJ89YdkFy7zwpYWbyazBCINxuuFg
-xGeB38TdIIrSutpowi/Si5bZC6v7dvA1HjMCeVyrfYA25KY7HWc93wb5Jgs+pyQ9
-yKE+4A4HRbsx/9PW5xNSeOsJ3kxJJ9hVCDSIDUonJsV4PqQ0R+A67OgWXG0TIUhD
-aPEAl89zHc0nsd/rv31bVPCAqC81JNN2/Dxj43HJvmUgoqS6Y14E3G76A5ICvL3U
-yQ9qLM0OOO3c9nYwj4vf5Snlo6x8MVDVkYx4cbr3upBLyjVoyQyl6ViLfj+tA59w
-FmAKmiTJN8BwGjIQAoNKK0PscA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cstest.cac.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>SMVTT Technology Initiatives</GivenName>
-    <EmailAddress>smvtt-ti@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://dev.moodle.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>dev.moodle.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 288, expires on Mon Mar 29 20:22:15 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICASAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMyODIwMjIxNVoXDTEwMDMy
-OTIwMjIxNVowJDEiMCAGA1UEAxMZZGV2Lm1vb2RsZS53YXNoaW5ndG9uLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0Pc+/cjlreJl1JEXCUYSXEcd+5jl
-V/5ilI88oZZWdZwYtWE0qY+1jLTUrtUKT+ZTPxaPK/npO5OnsdMCk0O9epXch8sq
-BNheRkHRQBN4EbbYVkP+SecgUlLWTnpWyNwjQB9X389fnYzv49DSUfsC2qQrzuJC
-l5y5x7NbeEf0DK8CAwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-x/Q879IbqYIr7fgHvOJnjOxTbfYwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAkBgNVHREEHTAbghlkZXYubW9vZGxlLndhc2hpbmd0b24uZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQB2O7qDm8gecVKlTUrML3+IfSkXJ3S8Y0srW4BjJYWcvkF7jWX7
-VbsPR6Ou9NRgfHZd2dPGmGhfDEpi2FGXHED97kJApo66TEv7SEkLsEc9nNRB24zA
-R3gx+pJdjpNhobs1uRysb2OSD73A5w3tIXshreWcfvDPw/rQj7dSdUJKgJDXOIEr
-se5p+0tNy6S0uGh3ooG2ixylH9vOm6l9XTt3ir6OEAkc1ygiLo/CC1cStwPBZTWx
-avCxwZNZT2DDJD2/7U7hZpZLw1iuI8l2K8VLjzXdYAF01KsiAURn0YH7RLgwk5o6
-cbleQPzwScJ97I0nRcDZwze1i3EZbDWhM9xE
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://dev.moodle.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian McFarlane</GivenName>
-    <EmailAddress>samspade@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://go.francisella.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>go.francisella.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 378, expires on Fri Jul 16 18:46:54 2010 GMT -->
-          <ds:X509Certificate>
-MIIFETCCA/mgAwIBAgICAXowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNTE4NDY1NFoXDTEwMDcx
-NjE4NDY1NFowHTEbMBkGA1UEAxMSZ28uZnJhbmNpc2VsbGEub3JnMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDRaN7BJ+Wa0HMYBkKAHb5TCvklI5yAHPd6/Rza
-c1EoJ4dPehpphHyVVpiPr42TLb3EvHIta2X9rsHn1KpbeFHyrdTn8XQlNyb1rLnQ
-k0dDGZgjBuqEIv3wNd3KY6MtQ2c8Pez4sjQXWvzRz9/eHeUbhU0sbwxVCPEtMcDg
-gRS9+QIDAQABo4ICpDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQkUb+wRFtg
-m8VvVes0ibxlkRZMwjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGy
-BggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJn
-by5mcmFuY2lzZWxsYS5vcmcwDQYJKoZIhvcNAQEFBQADggEBAHUlldzfRF3Sj/j6
-QtSXKdqNnIbTKBO8Lk7X/muYIyfZZY2iJSN/nwKVsap+HGpImN1ut0c2FUXE9qE3
-whsIF3DwsV8Lykb8ruwi9fCD4ClVkHMRRY4ca45o1I8XEw9TGvCEpI3KqCKhdKPJ
-GAS12GT/0VBoVPEgeS9r2qm2Au1bRKQjwcGL507q822lJVPoTrfkqcLfs08srS7u
-DWL6i4I30XEORmJ5SnRXfxnqL1D46aFqmDfDDjM9yvZQdXU7pfZD8QY+DTGE95Im
-v/2pt2r0edA95WiMfQT5K73IkOv/LNltqHvIjX45o8MHoB8r6aAqOIMsOy+DgmkN
-MDFJwH8=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://go.francisella.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Radey</GivenName>
-    <EmailAddress>marad@u.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Matthew Radey</GivenName>
-    <EmailAddress>marad@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://go.nwrce.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>go.nwrce.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 359, expires on Mon Jun 28 16:51:41 2010 GMT -->
-          <ds:X509Certificate>
-MIIFBTCCA+2gAwIBAgICAWcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYyNzE2NTE0MVoXDTEwMDYy
-ODE2NTE0MVowFzEVMBMGA1UEAxMMZ28ubndyY2Uub3JnMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC7eoZmKB84QLBivY5GkRhGSncfuLWBnKYEdpmkctaLZPPf
-N+sOlfKGBF5MeEnrn0mE3xm7voSA4/K/RcYazi6lIiDxHxTysKPS+ldBrVA6SMRm
-Z4mIsChrYJ48Yp0W/umz4GtDXrWkr8zeTEcCMYYH7tQ3zBzrHbVhe274sH/ZpwID
-AQABo4ICnjCCApowDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSXrRHJQ9sRv1zcd1/H
-7VdqdOSpZDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEF
-BQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggr
-BgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAXBgNVHREEEDAOggxnby5ud3Jj
-ZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBAA/iFTXgw+yK8/3h+hT7tTtZXUsIKwcR
-Urm/jbPnW9GOMkWTShMGEkBb/ucU/3lWoLdiuYmeaLYBqrcUmuloeAmzJfkKa4Fl
-uoFg4iOaAoGUkKiyNyhjj8NKETYO0U7Z9EHyV46Z7cHe3IKyrDMWiJo5I+SVwhxr
-J6ZOXLI1eGp2WucwLizXyqhkNkK4yk1CXxopmPlJsy6R2f2FbY+PanDzlFQFhFVL
-7gLobO4ZvBRo8urUCeqB3z+/ZzRCcyXuEm0g3/G8IpD1aelevTk127+574tQ0AVq
-hlmjT4LY/MM7aoKAuBySbSMGNpI1S06cE2JlErhEBqucIoIr4ew6wac=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://go.nwrce.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Radey</GivenName>
-    <EmailAddress>marad@u.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Matthew Radey</GivenName>
-    <EmailAddress>marad@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://miller-lab.net/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>miller-lab.net</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 360, expires on Mon Jun 28 16:51:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFCTCCA/GgAwIBAgICAWgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYyNzE2NTE0NloXDTEwMDYy
-ODE2NTE0NlowGTEXMBUGA1UEAxMObWlsbGVyLWxhYi5uZXQwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAOkcJB7rL8QAnJ7j92mVKj/2gGVHDMULeXYySje7l52Q
-knzrbMLLvYgk4GMNnnKpAjMqLLjYGL9m4hBGO/Y9PwPz8vUlj72Sa+RF/tw3TJlb
-NOwPZvijHCALUbPlOEuD6nX114y2OqNpzenr+t+WAkvscWQMzRunmERRHDD6z+L/
-AgMBAAGjggKgMIICnDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFPWNWtz1TK8Zr9vh
-IwKULipQS1VEMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBW
-MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcG
-A1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsG
-AQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDm1pbGxl
-ci1sYWIubmV0MA0GCSqGSIb3DQEBBQUAA4IBAQA1PPbh6E8HCe6ew/8dL3/Hnrb/
-AfRIrC3HvKEJ7SJ0fIUetAHRNMxCF4romz4L6lhixlbGXL6+2EOK3MNLahxHbo+b
-vdrm4VN1y9JVtwLWbRRw0yc60rGo+D7BFq3IoySlIdSu3l7nNxDjChrqjZKFP9wz
-mvnpVU/9t5dO06myvJjyNckJU6UHbvUi1xS0WVb5TJkZekilFf+YEsE8K6y7c6EA
-Yr67L1ulYAtwX7JyBOgkk/r2lvXY7PS0Tbrop5GaB5WISVp4ez9dM7cFRFemGsOz
-uGqjGuxklhWRPPWuNbPNT9TkVLh9XaxuAPJ+lYgmZTMKI+kqa66JJl/6JV8O
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://miller-lab.net/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Radey</GivenName>
-    <EmailAddress>marad@u.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Matthew Radey</GivenName>
-    <EmailAddress>marad@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://moodle.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>moodle.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 289, expires on Mon Mar 29 20:22:27 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICASEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMyODIwMjIyN1oXDTEwMDMy
-OTIwMjIyN1owIDEeMBwGA1UEAxMVbW9vZGxlLndhc2hpbmd0b24uZWR1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqh3ubZeGPhQXm3mNXnW73bKQ35/ek6Hex
-PSsoChNqI95ivsHMuczAk2qeN8xdK3qE/hX6s80GHWDMCrcThvVcgdXl5ei7htB0
-x+4POPdmOUqNyUWpJXJ9SzjbM5pKhRwaH+Q1/5+2fCLKx4E3PRQSA48u9XLc5kb6
-Vj/RL5DHQQIDAQABo4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR7EguT
-GiXQy1o2OPNSUI8jAt6dOTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGN
-BgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4G
-A1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2lu
-Y29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAG
-A1UdEQQZMBeCFW1vb2RsZS53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEAIvSqnar9Ctn++OcvdKdq27EUAxFdc0o6AZ9P4lREBfWoYpWLMYRPAu8CXrCU
-0lIDEKyuOGobUG2ytVOx4NeTvHQmxnkVtkEt7PVKI2l3Uj7u1hChiPt4NCCx9RLM
-VB7aoZBXhyFIZjczTV66jGuykGOuPwt1/MMhqspHJIRuPsE31fa2WXAsrefo05PS
-UoydOZte4NuxMSfBvLziz6UB7AsBDrZwkJkJTmSAjN4KziUtaZbMokE9cIXilGqi
-GJtf1Yq2NpuLC3pyDIiE83n06xly41HkMtKOE60LksDi8Jml2LJ89XxohCniXav+
-LyL6RiEO7Tl6wOOjEGoMjcAWvg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://moodle.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian McFarlane</GivenName>
-    <EmailAddress>samspade@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibsp.biostr.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibsp.biostr.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 387, expires on Mon Jul 19 17:49:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJTCCBA2gAwIBAgICAYMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxODE3NDk1MloXDTEwMDcx
-OTE3NDk1MlowJzElMCMGA1UEAxMcc2hpYnNwLmJpb3N0ci53YXNoaW5ndG9uLmVk
-dTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5tZ/ZXpsq9cNrW2QgiABe1q4
-9EYbhQWKMgl9xfaqlltc3LXhIt8QPhqEtyqYsIq15BIUCSqJkFAmIXl21TrpHcGZ
-WdXzTrZ3Agum63nBScg2WS+3+4/PbU/A1Tb/iwZbq4emtlBsEHfYSTT3OUm4ou4D
-9SzqpBtJ66YlRjGC678CAwEAAaOCAq4wggKqMA4GA1UdDwEB/wQEAwIFoDAMBgNV
-HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
-FgQUug6BktWF3GxV2yDo6y3sKaKHElIwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd
-3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBG
-ZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9p
-bmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9j
-YS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJwYD
-VR0RBCAwHoIcc2hpYnNwLmJpb3N0ci53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEABLNdFuLjfu5LjZHHV2PHLMhJyzZwhM6MWT1i1XpHQakcVsDD/iUU
-SLBa01FE76KgQP+vl5pMJ+ISAZa37JjpA/fpYm7WFesSxjXl40G7gZJJvJr6+mk5
-uei1ujjJh2MdneJ1RHd8w2nwNiTOTZETWvkxLxT2YrWX+FX9WZIv5w/6DRiXeqyd
-IG2es3klDpiCmtkpYqdv86yU+L0gpSuS0MyO2xn5yoz6iaHU4Py86fOG0X4GFV2U
-hXoa7xavpw4wQa7SShegZH2/rby6XdR67oEfCswUCCIdMVAUz04UwqhOHcUnFtLA
-eu/uzV51UJxTC1iVtuJsrkrEID8B9BcWSA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibsp.biostr.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Joshua Daniel Franklin</GivenName>
-    <EmailAddress>joshuadf@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://tools.nwrce.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>tools.nwrce.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 301, expires on Sun Apr 18 16:43:04 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAS0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQxNzE2NDMwNFoXDTEwMDQx
-ODE2NDMwNFowGjEYMBYGA1UEAxMPdG9vbHMubndyY2Uub3JnMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDhaBF7fUlgPZExZIm8DawfxXlDlDQ0BWDcam0WQcU3
-AglOS2u7gTYDM1nl90PEAumlpbN7Ys4bpsKlknLEMmJZ/PJfU1v69Lq7bDtL3Llu
-Kw3QluD1XFiyRzn+V7nthk8wdbzPnSBjyem8jEgcvS/QrhXk4XWjQgfi6zaYRI38
-nQIDAQABo4ICqTCCAqUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRlJKcj2G8PNuNk
-7/6yfU6NuPCzfTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6Bggr
-BgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-CgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBoGA1UdEQQT
-MBGCD3Rvb2xzLm53cmNlLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAA+3JQf0SL/QO
-r3LpR/n11ExHsnphkriJJhDDwnXuTD3Og9QhIRWKpALwYRqt0AAaBpcZNIb/d4mE
-l2wojPXxdOCavglHCyH+JH7ieZtae8I+2yCkfKl5dqxESmSPOD6qGA5i4ehqRLp8
-ivqyqBK0XYINLwTckj9tbGkerThiZPXEUdHyGI47qVRlTCNuN/JTmPthuVMdiEUh
-oBFa/c44SxylvVG4y1Zs/57b/6aMC7O1zRWmUk+K/FbaKyig04pxcG6C7/YRyR6J
-x0JtnufMcNcNFXuWIOYnrQIjNhmRY9j4nrro2a0keg66VRtwUpKzil8jRQDpWu9R
-nfHwUXWKsw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tools.nwrce.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Radey</GivenName>
-    <EmailAddress>marad@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://vegitron.eplt.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>vegitron.eplt.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 374, expires on Sun Jul  4 18:14:26 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJTCCBA2gAwIBAgICAXYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMzE4MTQyNloXDTEwMDcw
-NDE4MTQyNlowJzElMCMGA1UEAxMcdmVnaXRyb24uZXBsdC53YXNoaW5ndG9uLmVk
-dTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA21YMraQ6nUOCN91WIfbr228S
-OPRDg7kyTcz9Aa2Qt8Uwpg6fX51dntYTqNSOamXw3UaUiGJuNoEmcO/X87E971jN
-x6Vtzi9yFv5ZmCq3GTvhCulaN4J0j/uDCmm2xdcP95qKw2nfnbg0dx5ULc5pYtKR
-AvKXf2UCqJllWThjxCMCAwEAAaOCAq4wggKqMA4GA1UdDwEB/wQEAwIFoDAMBgNV
-HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
-FgQU8iewgV0ifIm1cYrni9dqonXVegcwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd
-3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBG
-ZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9p
-bmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9j
-YS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJwYD
-VR0RBCAwHoIcdmVnaXRyb24uZXBsdC53YXNoaW5ndG9uLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEAcZ9qZayFJnVTwdr5jCoewvQUSZAGaJYzqhwXjXr+iX1hLH0N+I8m
-EPdCD0Dh7nEJEYAyDz6kihVBJ7fzcjQ3c/0nvdaaEHVhM83TK725yQC32SR7aT+o
-zXkaZ46Mvie66+YEbkriMROTzjPJHzs52TuqIERj0yG3voM58dsjy0EZL6YvX9pS
-2DrjoMR1sBCdS7d5FnsL46zOQ50n0bGatSgs7cEo5S9lQ9shqSm3pmSLfJUIo+VG
-6RSkESD+j/ryXF+yGmVqwJZyjFCDGHH0pOZ+i5s9XK/c/um1LuY6A+JdtsMSz5B9
-sxfmDy4LFek0IUdJuDuDtUnZHGNVeGmUVQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://vegitron.eplt.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Patrick Michaud</GivenName>
-    <EmailAddress>pmichaud@washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wiki.admin.washington.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wiki.admin.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 319, expires on Fri May 14 17:34:08 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICAT8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUxMzE3MzQwOFoXDTEwMDUx
-NDE3MzQwOFowJDEiMCAGA1UEAxMZd2lraS5hZG1pbi53YXNoaW5ndG9uLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0xuy8d1QMxy2ClmPkXghIyKzGl/H
-Neg4d5oOkoqDPAgOBQjtWIitkJSBtWTg6olj8ljMdQ3G7UyOiEqzHpgHM26/BvJC
-6cnwN+9BzqQVz+0Lhuzqzn0ExtDtz9sscinmg31OgW+YtGSRfwQABo3XDyS30FiC
-cyLDZYjcfHA/M0ECAwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-XzCZzGUZ7hd4715XUPLbUhBVIMcwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAkBgNVHREEHTAbghl3aWtpLmFkbWluLndhc2hpbmd0b24uZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQDAweN1JpDzzWZ8yLFyvM6mgOiTY3R1sP0vtw/Q2KLp8Gy5uy5v
-O192PAhVbK5Ds0UopSwRgkqQH9IntvLcmytJG+OkvjeNZqFkkN7W0H4FZ1fpCWqu
-rWMJeClUowlS7EtbxjParBKs7XlqaY5R01QmMzUYI4UdgdDvVC1bMTOzJ+h+Vgmn
-JfKyZ5WJkeBYkfpTzrOma3ao8PT6NE4w+6xwR/GU9xkf17iEXzyEyw9p4QzqlCJK
-kynQVcNfftsFp7OjSdLZh2LlkhOVNVkMm0Mf6TdWAt0GjxdpaTkVCuitTfaIUgbw
-D47Cl7XxO90x+NRbKHVZAnkBULGyZOudELX8
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki.admin.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Applications Engineering</GivenName>
-    <EmailAddress>ds-apps@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wiki.cac.washington.edu/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wiki.cac.washington.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 248, expires on Thu Jan 14 20:39:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFIzCCBAugAwIBAgICAPgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDExNDIwMzkwNloXDTEwMDEx
-NDIwMzkwNlowIjEgMB4GA1UEAxMXd2lraS5jYWMud2FzaGluZ3Rvbi5lZHUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK8vilBf0x4dz5YkUqpIKyCpszJ55WFp
-kMSCtf78GDo7pBDirSW0AF5ew47BDyq/jr0nfJjGZivLU7MtptdyriVCEMvwPqAs
-xNVRukPDN9O/gFsntWycTQxK6/iy0j021QnkK122ES0xvZMaOiqiY2M+iEvAl1QJ
-Ptr19xCMXKErAgMBAAGjggKxMIICrTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDYf
-vW56lB0yToYwrXPPKTOzjQNdMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-gY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-XgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8v
-aW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYw
-IgYDVR0RBBswGYIXd2lraS5jYWMud2FzaGluZ3Rvbi5lZHUwDQYJKoZIhvcNAQEF
-BQADggEBAInrjjsbmUSOLDOpYIbDlg4NtS4bEcdyxSJ0u9b4ZCCAf57PQBgEwWLe
-Y6TiVRig96J9orU7UsyRjRrJIJC5rXjbULZ4wBBhHH0nsGJ8x4RkVtlzseMBAXnG
-jwCjayi0lFBYMFoFq+1Hh29cp8CivPKz6cvJ2uoGc2Tb+6Ftdc4BBttMhksXYNHu
-kOyfPSrFX6GLSMMam2bJEx6nFinbfxsJrLEFSH749GFulFur5VY17lzWTaLmQmzt
-d2QzJNScj9mzHXfZa8o9+Bec2tuxcdLz7ppA0i4kB4Eg6A8wKW6U+M/uzugVck5S
-FYPde/DAu7OXPGyW2dX18LX9ktGfls4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki.cac.washington.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>TEG-CP</GivenName>
-    <EmailAddress>teg-cp@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>TEG-CP</GivenName>
-    <EmailAddress>teg-cp@cac.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wwwdev.iths.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wwwdev.iths.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 481, expires on Thu Jan 13 20:06:36 2011 GMT -->
-          <ds:X509Certificate>
-MIIFCzCCA/OgAwIBAgICAeEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDExMjIwMDYzNloXDTExMDEx
-MzIwMDYzNlowGjEYMBYGA1UEAxMPd3d3ZGV2Lml0aHMub3JnMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDnxdOs9PZmKF+LpYgIjr11Kl8WB+xkzqbvwO5syaSz
-GuBEbof1LLP026XZXGHsFFlpc+KHmEDeYFPPd5rYCYrqduYJuyG9R7tyIMzTT8Bd
-Jifk2A1oy4+1TXueQV0YmkOqXflY7ka3mPVMidshfLd2wUBc641vMLmkN9oBfJNP
-hQIDAQABo4ICoTCCAp0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQlaOxrLn1fsVVh
-cPF4Fhh7rIDZCzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggr
-BgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg93d3dk
-ZXYuaXRocy5vcmcwDQYJKoZIhvcNAQEFBQADggEBABWridj3I3WypF7unuvasBQv
-J1UPrbesXfpf2ZpJRBXoE4TeME8fE+rsDvgqZJ3gM0IierQyS/szLste9w4y3Ghy
-wmsP2ubeufeQFXYJ1zWn4Ef5cmTBF75qpMAjvouvnFZcbaE/pMKcFAvAStrRk/fv
-/XK0s2a35MU4UCZmbpeyVpZ91n67/XSmZ5tXN4P8HHANzns50nRTVwHjn1QwIPCu
-13kgsuXwv5R7XUnpNBEqHpqZiE5tiIbDRq0xBn1cFKkUgJhQgovhXx2w5R7Ix2Xc
-eM2Dw8HKG9OKOQcLflvbj3BVy6PQhP11eoghnXJ+7/kpVO5pq6Q7U58wjHHUQzU=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wwwdev.iths.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Justin Prosser</GivenName>
-    <EmailAddress>jprosser@washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.iths.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.iths.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 449, expires on Mon Oct 18 19:23:33 2010 GMT -->
-          <ds:X509Certificate>
-MIIFBTCCA+2gAwIBAgICAcEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAxNzE5MjMzM1oXDTEwMTAx
-ODE5MjMzM1owFzEVMBMGA1UEAxMMd3d3Lml0aHMub3JnMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSKDBGGpo5GbzpHeBw43uNTo5uH+caY+501VKXPkeplhQY
-nzziFz6M+sriPQPHOKQvOMdj/AsblVK64ISFV9AAxDNV6zLxn4PwJkkmtUrykoq9
-f1J5S9GIYdgTz+LxtOdxGtSUF7YiqgIke4hFVVrY1cnsfwkN0BNQ8hH+GphNzwID
-AQABo4ICnjCCApowDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSoRE777g/HJDJxbNUZ
-zvYOb926LzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEF
-BQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggr
-BgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAXBgNVHREEEDAOggx3d3cuaXRo
-cy5vcmcwDQYJKoZIhvcNAQEFBQADggEBAE9286v4VIWsZ/DJBpwgf+LjY3twr2BE
-pinwCR5ydr1SqsygFXRchjRsuYMpjxvYa8bgw2fDZts5hBZa07uXNiR8b9Pr8o/u
-G2p+cUmX6lbPw4ODC9FQKVGHKvVCg7wRtLcsFtpCfXrO2/h9LBNviIPFTK/hyRJX
-Jbk6MjB+YEmbaNgUlMgMn5x5kEfVXf+AQd86BbWD2dpqRrAUX1Oyof4WzMuBvwtU
-kQDFDQHU2hMhBJ6IomFfDkAks/eyItroGCU96B3T6boifzrDBbkpf+9TNQOnH8nN
-vTI54DHc5+qb+al0xnUkOnFTKmKDBdvTqe0pPFNe3QiWHMXXuV57PZ0=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.iths.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Justin Prosser</GivenName>
-    <EmailAddress>jprosser@washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.research1.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.research1.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 442, expires on Fri Oct  1 18:16:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAbowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkzMDE4MTY0M1oXDTEwMTAw
-MTE4MTY0M1owHDEaMBgGA1UEAxMRd3d3LnJlc2VhcmNoMS5vcmcwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMfy6NrQqkFBCpIP5q6fqGF+VwwmLl/wzDDIXu/K
-Ut5wt+aANWhyBmwBK2aKVUk1cI882yBGe0GqRj/stCwT4s8eoSRu51QoMv4M6leD
-ZyPDZWyXboiv1+ycU9msm/EuKCZ5BXvqCZmfcEpYWj7g5Xz1KRoHWw0W2ZfqGT9x
-/yaRAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDNZgISSuwEN
-2NwVKKROWCcQrus3MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXd3
-dy5yZXNlYXJjaDEub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBh9iUh3bowVS/y2ah1
-k0+7X/eMQ3SnN/Yy3MStH/b/JPvQy8VsNyhmltDBI5WZ+pOQfkQi7T/B/2nhoD6Y
-f434Q+ku6STQPUH5f1U+L5Qdi+D4GJMiCUaquO67Mupso92h2x5c2uD2yv05Hk+G
-frZRPMdjyUPSD5jhkumWc459WqTkqJSBTZlhkrKrLd8GVAR+SpzgFYqIrGLbegZz
-Wuqb60BGiUh3nLSOY68pQ12iF+YwnNUN+k6c2h8DmnIpGZ0aYKDsgzhSfk0jLCnc
-m4cMz8zj2GJU2/pGGhMmnPZLq5wycSbeRooNfLqfiLNFVOvH6tjG2HaPai6cJw6A
-ChCh
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.research1.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Washington</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>SMVTT Technology Initiatives</GivenName>
-    <EmailAddress>smvtt-ti@u.washington.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Elsevier -->
-<EntityDescriptor entityID="https://scauth.scopus.com/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sdauth.sciencedirect.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 224, expires on Sat Nov  8 17:34:39 2008 GMT -->
-          <ds:X509Certificate>
-MIIFSjCCBDKgAwIBAgICAOAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTEwOTE3MzQzOVoXDTA4MTEw
-ODE3MzQzOVowSDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVsc2V2aWVyLCBJbmMx
-ITAfBgNVBAMTGHNkYXV0aC5zY2llbmNlZGlyZWN0LmNvbTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA5VNOBWVUvnbVnNX21xZ2pUVMgiu1wKephFZ2BW+fMa9m
-CuKzmwfNYCbNo3ZyIZ5RdtiuPhwKKgoOjNJS24nblpIH6c50qGYWJhIVMBerGc8p
-FaeDrZqG3+4QJ4p1SxgijHCMgXS3dGJjefTUdK0KGg/cBub61gnsGzj2UozB8TMC
-AwEAAaOCArIwggKuMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU+xFv7JcmuzUdPXXr
-l8+kXt+VQ14wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJ
-CUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREEHDAa
-ghhzZGF1dGguc2NpZW5jZWRpcmVjdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAKjw
-mQJLXCVUMF4XIoPPiSvcXj3gPQ19EUiCY/P8/jdGkzlg2GyrS0I1PgY//L223Rkm
-6NU6EtZJscq6kiTzSQtpGqx3opobBzXN1hE05/t5HDARVPIXt4g5244ra0xcJe/N
-WeqsaE4YIr+pNtavOCxAbUf7MkGe7MtTMdOqJSi27q8hOK2NuYrSy0BQzpVvj/bJ
-8kW+ltqtNcE5jHcm5u1YLFGaH+XqlSjeM8WuS8q61bYxoAc117mtil0M9fqfpPze
-CRv9Y7gZsPOTxSwW2Uv+o16dL/4tOue+u0ZgvQmMdS5YaiGN1dnJoIFhgpwLZwOu
-azDbUlz5529i+bLUp2U=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sdauth.sciencedirect.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 462, expires on Sun Nov  7 20:16:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAc4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTEwNjIwMTY0NloXDTEwMTEw
-NzIwMTY0NlowIzEhMB8GA1UEAxMYc2RhdXRoLnNjaWVuY2VkaXJlY3QuY29tMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlU04FZVS+dtWc1fbXFnalRUyCK7XA
-p6mEVnYFb58xr2YK4rObB81gJs2jdnIhnlF22K4+HAoqCg6M0lLbiduWkgfpznSo
-ZhYmEhUwF6sZzykVp4Otmobf7hAninVLGCKMcIyBdLd0YmN59NR0rQoaD9wG5vrW
-CewbOPZSjMHxMwIDAQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT7
-EW/slya7NR09deuXz6Re35VDXjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREE
-HDAaghhzZGF1dGguc2NpZW5jZWRpcmVjdC5jb20wDQYJKoZIhvcNAQEFBQADggEB
-AAfJC1KlCtRqCJqMhUI3fBjnwAslW6XhFGwuGa3WcLYs8H5eq2QoXDzITgSLcSMo
-dcuT/MvS6XA8KiWDd5/V+p96gYK0/3tTrTjAWSwa6Xt13Re7xqLMauRZgOvbYzZ4
-dKfQLxPgcBFMeqVXW1RrcW35ZJPGQ6Qd8OsV2Cbl0D+Y1hZWrt3kMvTNFRkLFx4K
-HmHAvx3TndztBr/8vy6vYPnf30+p7VXGJOX0dKkYyMm1009sJrpJEpb+WtV1dbrx
-O1voDTwBEPTyNkcIEOpMY8sFrjJSiHf5EQfcsu9S9RS4DrGBLs12vQf5ss0l/53V
-d3d7MjqxClPPsaO+ehxSQAs=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://scauth.scopus.com/SHIRE" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://scauth-cert3.scopus.com/SHIRE" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Elsevier</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Elsevier</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.elsevier.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Application Support</GivenName>
-    <EmailAddress>EDITAppSupp@lexisnexis.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Ale de Vries</GivenName>
-    <EmailAddress>mailto:ale@elsevier.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>SDBDSecondLineSupp</GivenName>
-    <EmailAddress>SDBDSecondLineSupp@elsevier.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://sdauth.sciencedirect.com/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sdauth.sciencedirect.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 224, expires on Sat Nov  8 17:34:39 2008 GMT -->
-          <ds:X509Certificate>
-MIIFSjCCBDKgAwIBAgICAOAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTEwOTE3MzQzOVoXDTA4MTEw
-ODE3MzQzOVowSDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVsc2V2aWVyLCBJbmMx
-ITAfBgNVBAMTGHNkYXV0aC5zY2llbmNlZGlyZWN0LmNvbTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA5VNOBWVUvnbVnNX21xZ2pUVMgiu1wKephFZ2BW+fMa9m
-CuKzmwfNYCbNo3ZyIZ5RdtiuPhwKKgoOjNJS24nblpIH6c50qGYWJhIVMBerGc8p
-FaeDrZqG3+4QJ4p1SxgijHCMgXS3dGJjefTUdK0KGg/cBub61gnsGzj2UozB8TMC
-AwEAAaOCArIwggKuMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU+xFv7JcmuzUdPXXr
-l8+kXt+VQ14wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJ
-CUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREEHDAa
-ghhzZGF1dGguc2NpZW5jZWRpcmVjdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAKjw
-mQJLXCVUMF4XIoPPiSvcXj3gPQ19EUiCY/P8/jdGkzlg2GyrS0I1PgY//L223Rkm
-6NU6EtZJscq6kiTzSQtpGqx3opobBzXN1hE05/t5HDARVPIXt4g5244ra0xcJe/N
-WeqsaE4YIr+pNtavOCxAbUf7MkGe7MtTMdOqJSi27q8hOK2NuYrSy0BQzpVvj/bJ
-8kW+ltqtNcE5jHcm5u1YLFGaH+XqlSjeM8WuS8q61bYxoAc117mtil0M9fqfpPze
-CRv9Y7gZsPOTxSwW2Uv+o16dL/4tOue+u0ZgvQmMdS5YaiGN1dnJoIFhgpwLZwOu
-azDbUlz5529i+bLUp2U=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sdauth.sciencedirect.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 462, expires on Sun Nov  7 20:16:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAc4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTEwNjIwMTY0NloXDTEwMTEw
-NzIwMTY0NlowIzEhMB8GA1UEAxMYc2RhdXRoLnNjaWVuY2VkaXJlY3QuY29tMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlU04FZVS+dtWc1fbXFnalRUyCK7XA
-p6mEVnYFb58xr2YK4rObB81gJs2jdnIhnlF22K4+HAoqCg6M0lLbiduWkgfpznSo
-ZhYmEhUwF6sZzykVp4Otmobf7hAninVLGCKMcIyBdLd0YmN59NR0rQoaD9wG5vrW
-CewbOPZSjMHxMwIDAQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT7
-EW/slya7NR09deuXz6Re35VDXjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREE
-HDAaghhzZGF1dGguc2NpZW5jZWRpcmVjdC5jb20wDQYJKoZIhvcNAQEFBQADggEB
-AAfJC1KlCtRqCJqMhUI3fBjnwAslW6XhFGwuGa3WcLYs8H5eq2QoXDzITgSLcSMo
-dcuT/MvS6XA8KiWDd5/V+p96gYK0/3tTrTjAWSwa6Xt13Re7xqLMauRZgOvbYzZ4
-dKfQLxPgcBFMeqVXW1RrcW35ZJPGQ6Qd8OsV2Cbl0D+Y1hZWrt3kMvTNFRkLFx4K
-HmHAvx3TndztBr/8vy6vYPnf30+p7VXGJOX0dKkYyMm1009sJrpJEpb+WtV1dbrx
-O1voDTwBEPTyNkcIEOpMY8sFrjJSiHf5EQfcsu9S9RS4DrGBLs12vQf5ss0l/53V
-d3d7MjqxClPPsaO+ehxSQAs=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sdauth.sciencedirect.com/SHIRE" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sdauth-cert3.sciencedirect.com/SHIRE" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Elsevier</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Elsevier</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.elsevier.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Elsevier Application Support</GivenName>
-    <EmailAddress>EDITAppSupp@lexisnexis.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Ale de Vries</GivenName>
-    <EmailAddress>ale@elsevier.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Chris Shillum</GivenName>
-    <EmailAddress>c.shillum@elsevier.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Internet2 -->
-<EntityDescriptor entityID="urn:mace:incommon:internet2.edu">
-  <IDPSSODescriptor errorURL="https://origin.internet2.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">internet2.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>origin.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 269, expires on Sun Feb 28 21:18:51 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIyODIxMTg1MVoXDTEwMDIy
-ODIxMTg1MVowHzEdMBsGA1UEAxMUb3JpZ2luLmludGVybmV0Mi5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAPVmhDcRQHvtJ4OMyo9NlJT8/5Cl85040fLJ
-pli+S+2+6ijWZGThHLkD19PLY85ocKp9lKkMShE6URGyxaQrf93CPyD4gd/aYIqU
-qoHSwvj9hu3UGd+dsLFbL4407hj2ELa4Asq/ox4/MPGgSzTM0d9mQtUdGOYa3XY2
-JeSmGWWRAgMBAAGjggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNWWyl5+
-bV1RxZM5xCST13tH+AeBMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYD
-VR0RBBgwFoIUb3JpZ2luLmludGVybmV0Mi5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AGrV1Zdj5FM8FgKHbNO62r5ZaE2NlYLwDy1EYKWov2knbT9JHvYx+MH46xL7vCwX
-R/gFNOZ2bQAPWVlRwA/vgOcRaUCiY16EoXYRlPtV5iheGgZmf6t5cwekNM0fTE9r
-kHYyIGXQeH5nXzckOlBLqMQvla3qr8AjIYDS/bGAlUnLipo0jb30RucpKQVMa72U
-Kae26sd7MUM7apEXibOIZ0ulHD18Bx3cwkEbNzjqO7Fhie4eHP7YLfZ4qqiwHIan
-aDAvd3cq7kfauomnRFfk5m6If5r8CARRt/9ddJQJ2fR+UTVgq4Y0vrArC1RWlHCU
-fNWyS+DPScAAr7W2Ia1K8T8=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://origin.internet2.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">internet2.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>origin.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 269, expires on Sun Feb 28 21:18:51 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIyODIxMTg1MVoXDTEwMDIy
-ODIxMTg1MVowHzEdMBsGA1UEAxMUb3JpZ2luLmludGVybmV0Mi5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAPVmhDcRQHvtJ4OMyo9NlJT8/5Cl85040fLJ
-pli+S+2+6ijWZGThHLkD19PLY85ocKp9lKkMShE6URGyxaQrf93CPyD4gd/aYIqU
-qoHSwvj9hu3UGd+dsLFbL4407hj2ELa4Asq/ox4/MPGgSzTM0d9mQtUdGOYa3XY2
-JeSmGWWRAgMBAAGjggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNWWyl5+
-bV1RxZM5xCST13tH+AeBMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYD
-VR0RBBgwFoIUb3JpZ2luLmludGVybmV0Mi5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AGrV1Zdj5FM8FgKHbNO62r5ZaE2NlYLwDy1EYKWov2knbT9JHvYx+MH46xL7vCwX
-R/gFNOZ2bQAPWVlRwA/vgOcRaUCiY16EoXYRlPtV5iheGgZmf6t5cwekNM0fTE9r
-kHYyIGXQeH5nXzckOlBLqMQvla3qr8AjIYDS/bGAlUnLipo0jb30RucpKQVMa72U
-Kae26sd7MUM7apEXibOIZ0ulHD18Bx3cwkEbNzjqO7Fhie4eHP7YLfZ4qqiwHIan
-aDAvd3cq7kfauomnRFfk5m6If5r8CARRt/9ddJQJ2fR+UTVgq4Y0vrArC1RWlHCU
-fNWyS+DPScAAr7W2Ia1K8T8=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://origin.internet2.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Tech Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://co.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>co.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 211, expires on Sat Sep 20 15:08:24 2008 GMT -->
-          <ds:X509Certificate>
-MIIFZTCCBE2gAwIBAgICANMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDkyMTE1MDgyNFoXDTA4MDky
-MDE1MDgyNFowazELMAkGA1UEBhMCVVMxQTA/BgNVBAoTOFVuaXZlcnNpdHkgQ29y
-cG9yYXRpb24gZm9yIEFkdmFuY2VkIEludGVybmV0IERldmVsb3BtZW50MRkwFwYD
-VQQDExBjby5pbnRlcm5ldDIuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDA4/Ytcos5QURHIdQAW91R7e0KrmLwR0woDMQ7jA1e4NIbc7yIEarzZu2cjg+R
-ooEavIgmLxv8mXYQRYX8nhGeVJQvX+zTsa+321hBZeRhfLsfhWhW5V5AGI+2uiVC
-DQmdJtwBLuXnS5/QCr9hVgei744ScKJ+W3BrrT6mOrToEwIDAQABo4ICqjCCAqYw
-DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRKzzJwQHTUDHo3qJK9mrc0uHZhdDB+BgNV
-HSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCB
-pwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAt
-IFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9i
-cmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0
-dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVj
-cmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEE
-AQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBsGA1UdEQQUMBKCEGNvLmludGVybmV0
-Mi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAIO+9S3UVuE/VgsjZ4enAZz0I0D4NQxi
-/XkTK3rFZS5n7OKMAAtolX3JWjaDvHh2gWDx50BO08VlhtThkb8aqf1BkN0BjP4C
-vxtn8Gw4O+Sw0V4465rYDbn+uf10Ln6s2dg73w3QGEVNa4FQuzwvBpf/qLNW1/Jw
-oxhvwmvCk8wF/5POpzPYR6/MmOchU6pJU0663B4Qjt70amy+H27sVMO954GtY1tj
-ZWd0oASSmO1GTJ5o2B9ZUKSzIdKMWMt9irFkpR8MCcziq+UaLulO42QHo1tZR1fR
-V+HuMEjqLKFeSh3Q88jnExw6MJlhsEyLUOX2hC/MTSjIGtKUyE2rCL0=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://co.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Technical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://comanagedemo2.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>comanagedemo2.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 483, expires on Sat Jan 15 20:10:08 2011 GMT -->
-          <ds:X509Certificate>
-MIIFpzCCBI+gAwIBAgICAeMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDExNDIwMTAwOFoXDTExMDEx
-NTIwMTAwOFowJjEkMCIGA1UEAxMbY29tYW5hZ2VkZW1vMi5pbnRlcm5ldDIuZWR1
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyl6rOYaJFHvMPwoh0OwW
-f1Qu98ETqDHNy0Xqh1y27hxRHGoEhAcaHZ1VqnkNeDTSFY/BDtRvxsZ8diGCluGL
-kBt0qk57W257hYnqOzUY0kDCV65Hj0wBq8Mz2u01VwG+bcthIp8EoBj52yzZPqLx
-SbRra5rViiykKyZikNNUodsqSkLFXxkCOwYd7gTsrMiFbHqkmCFridKcQvoj1vMS
-LNCBOgzTWGdDYKc47XoKbBJ0vNSz9/AF7q4H/XqVuoxUc8zB/ubeoo8ceWi8iJTb
-6uDHlrfGPQl3YJB1+D9x2y6/3kmTTdmZJBM5vCzSRSuQGjVTNqLxs4mLvc2C8/Oa
-jQIDAQABo4ICrTCCAqkwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRsdfSUibM++kTB
-izw6XMxQJFlQpDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggr
-BgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAmBgNVHREEHzAdghtjb21h
-bmFnZWRlbW8yLmludGVybmV0Mi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAAmbHtWg
-AWB3eX9AoM7L3xMUBkiqn6NB+GHXDrKZ2Hb7o2SkZhb2G+OtV98V3vIZCiXBgVHL
-1enMZQiZtCGmGtx9DR9vMoUq8atvFZzMDL2VajYb699p48NnScYalVc5QVfa9ErU
-PHu0+PBwb/0D9TIMUpzSFJIw+AQBZ/qglTZmQRcMUuj3RHRLdE4ZYggfXgoZcwF0
-POcI/NKgo/6hmky4HFf9m4w1WBzNHCjudECB5VNRERkCgNCHhZ9OVfui2nOMC8Br
-wxWoVU/q4dksx0Wd8CkpTyroc1SzeXbWa2JV55q/tBdTQ5KGT4pECTOMDotAtcFd
-fmOFSm1C0Rscyzs=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://comanagedemo2.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Technical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://comanagedemo.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>comanagedemo.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 480, expires on Thu Jan 13 20:06:18 2011 GMT -->
-          <ds:X509Certificate>
-MIIFpTCCBI2gAwIBAgICAeAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDExMjIwMDYxOFoXDTExMDEx
-MzIwMDYxOFowJTEjMCEGA1UEAxMaY29tYW5hZ2VkZW1vLmludGVybmV0Mi5lZHUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH0kk2kcLU3K6D9zgUq74z
-x0xJ71ndDqDMQAjeq3Kdj3iBlijDtKId2fAJaOj1EV50K/O8SurGvLhi7sr2Hz80
-F1tRjo0d+HchP048T+aX24qxpe1IuQOT8NQF7nVJU7FErOPCZ4FDr0JpRKXcUPY0
-2qw/ZUDZec//wHKPAlKD247G9WYtThX7o02pp+L9tmZtN2zyIs2WoguHsObrBpLA
-ILMe5xDbsRZZeUn2PeUtXh9dbfVpD6+J+i13m+/eub4H/+zjWGUJy6tSMs5RTXRe
-9CqijKKaoXzyQmYcDLZTnHOihqVngZy3zzOOh29eBwfP6Yav0KTbaP8H99i+w1Nn
-AgMBAAGjggKsMIICqDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFANDEuiuJ9y0FcVW
-j9JWF1tE99tXMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBW
-MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcG
-A1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsG
-AQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCUGA1UdEQQeMByCGmNvbWFu
-YWdlZGVtby5pbnRlcm5ldDIuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAEvgF0AzPn
-WtxSYhQ2VePUMrpSLytz6a86Zg2byCZXQSMltAN8XZpesNJ2ygTOzLIMCJIPbIQD
-xayVzHh7Dsnu1mCFgPgRqI3PjzADgyUFC2l6DMbQ0GdsfKuJh4gt1ai3nzIWFAZK
-zai9qdA+9UHPxIghV36ubpN5gK7d2gMu5F23Vxnv/oxEO0WA0B5nMFDuUihqXiBi
-/05xWbtlUdzP/RaGpCDyYF5OkjCZiqO1jxu5eezRaRMDgwGvgdhQacjFC1ZTw15W
-jjiY4wgBn+ADerH0Le8S5TXyk2ELh06rxaOxVp1lXYo98fH2nro9+zJrOZyvA/Tz
-aW6JMR3rTwF1
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://comanagedemo.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Technical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://comanage.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>comanage.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 157, expires on Tue Jun  3 13:38:44 2008 GMT -->
-          <ds:X509Certificate>
-MIIFQjCCBCqgAwIBAgICAJ0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDYwNDEzMzg0NFoXDTA4MDYw
-MzEzMzg0NFowQjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEfMB0G
-A1UEAxMWY29tYW5hZ2UuaW50ZXJuZXQyLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtS7oOeMrrVv2OagkJt6TXgB4guAEhtzwWuQxAaARhPHsRxzWqkC3
-hUgVBulJTUsLtwEZxGZ/uxd8CV1zeeXfwcEEayOTwNSmQJiET2ZN2kWt7vy6uJcK
-YI/b9fs0TsAn1DUd7EAJjqz0GilwePYd7h1sO4+yVUmFh8dU9YRnzFkCAwEAAaOC
-ArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUje01mBqxOqT/T+Fj3FXAPa5V
-IoMwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEE
-ga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElz
-c3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAhBgNVHREEGjAYghZjb21h
-bmFnZS5pbnRlcm5ldDIuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAcgVtzfAzbWGSO
-VclZtqispdjIjwpvG2g0GCcLXDOjWOuXgSJGptxg7sSBcC7I0Xyz2UcfuD4LcYCg
-ShNX4SOMLnbJFnBOmO52bxdirkWSwzhAQTB/SeVcrvd2flzLm91cbZ/RBhdBXfEZ
-Rc+P1W3GGdMfFfPFxBaQfTxtrdp2Zr9UkaF57emUovcldvVEy4TrO8DX+LCnbzIZ
-gFiQsYPrbTk93TcPxiCBSsb4E6OSS519sZWzqTf4wWO2wiI25JFesr2QNqbPgrNY
-3NAif+o3pZ7yCs7UfL5cpEMsYQggaIplqoIqxRtxuyrDY9kCBsQ61xaHAAWj3F3S
-CSmhlkv+
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>comanage.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 326, expires on Fri May 28 19:28:38 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAUYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyNzE5MjgzOFoXDTEwMDUy
-ODE5MjgzOFowITEfMB0GA1UEAxMWY29tYW5hZ2UuaW50ZXJuZXQyLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtS7oOeMrrVv2OagkJt6TXgB4guAEhtzw
-WuQxAaARhPHsRxzWqkC3hUgVBulJTUsLtwEZxGZ/uxd8CV1zeeXfwcEEayOTwNSm
-QJiET2ZN2kWt7vy6uJcKYI/b9fs0TsAn1DUd7EAJjqz0GilwePYd7h1sO4+yVUmF
-h8dU9YRnzFkCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUje01
-mBqxOqT/T+Fj3FXAPa5VIoMwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZjb21hbmFnZS5pbnRlcm5ldDIuZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQBH8Ir8hnGpxKP2nMGlwHY6EW7998ZC/rjFwa/LHdoTRVX1DMaWTKVk6WZ7
-DC14RThqkSyoUPvQZgUT0CWngbLsHmSSYPQeMyoHbqJawIUJvn5edgRGr/Hjxtf9
-vH3wAg4FcAdn0P+HeKTDOJTcKqYHYmtyC0RyxABFtfDFf1Eo8W6OLc9mxdVPfpHL
-fEiK6yg4kLmkugiVUFaZI8wSHnF56eV54ml1rowvL4u5hyT6U+s8hKXDmtNzbDvT
-AReSgyuMH/1m/8ByYHTfvWTLppRlcF3RSnwfeSM7Kj8tQc5YPsiN0AFy0GbIiwAW
-xs3npI/RpbnVlWFZuFuV8B/tzhaK
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://comanage.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://comanage.internet2.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Michael R. Gettes</GivenName>
-    <EmailAddress>gettes@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://getz.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>getz.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 67, expires on Sat Apr 21 16:09:42 2007 GMT -->
-          <ds:X509Certificate>
-MIIFOTCCBCGgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwNDIxMTYwOTQyWhcNMDcwNDIx
-MTYwOTQyWjA+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRswGQYD
-VQQDExJnZXR6LmludGVybmV0Mi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALYnzkUW0a7z6HULzh3KFitiwhGJYXRMKOAnLEViQ9X8gSSS2Q/aBaKrTJsQ
-Mm6U0yoqz6Zfrz96/3MLYnSDhn/WcOr2YGQeMmEE/jtigvjnxj8D5RP/cwSolDPG
-vvkAcwtjdhu/HTC4kMlqh8KqdemhmsKdOyviKSf7Dec7K+RHAgMBAAGjggKsMIIC
-qDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFB1iBC9Qgbfz+Ak4Yal8icBxKhPMMH4G
-A1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21t
-b24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGq
-MIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJz
-IC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5
-aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9l
-ZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4j
-AQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHQYDVR0RBBYwFIISZ2V0ei5pbnRl
-cm5ldDIuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCPUzrdsGkEkoTjWY4w78YHVdmz
-VsPquEghrrDuC3hBqU7O99xzCvO5gIb6swRmSVZtCS3tXOh9y7u4HVe0wuZfF0Fq
-cvDtpAapXlpogOYkgAeWNw8Itok1vT4a1m6Js9PkwU0/RBRgCakgbnwXDs/cR5RU
-27r27Vsup7WN6pifi+gENGeFXBsjxeKxnCnSnjJl8dQz2DsDb/YZO1IcYnDHWqZ3
-GRGSIKXWZArysHlDrNQkiM04gN+3xb0M81/lQzOIcaGRiUDUdFVc+Hqq/iRUEzxZ
-JkT76YmD5qNOGEYvKLPbEu5c1ueoL82c3d+zTLeHNON62muIdXhd/s2ZMiBA
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>getz.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 143, expires on Wed Apr  9 21:14:31 2008 GMT -->
-          <ds:X509Certificate>
-MIIFOjCCBCKgAwIBAgICAI8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDQxMDIxMTQzMVoXDTA4MDQw
-OTIxMTQzMVowPjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEbMBkG
-A1UEAxMSZ2V0ei5pbnRlcm5ldDIuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC2J85FFtGu8+h1C84dyhYrYsIRiWF0TCjgJyxFYkPV/IEkktkP2gWiq0yb
-EDJulNMqKs+mX68/ev9zC2J0g4Z/1nDq9mBkHjJhBP47YoL458Y/A+UT/3MEqJQz
-xr75AHMLY3Ybvx0wuJDJaofCqnXpoZrCnTsr4ikn+w3nOyvkRwIDAQABo4ICrDCC
-AqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
-BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQdYgQvUIG38/gJOGGpfInAcSoTzDB+
-BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMC
-VVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29t
-bW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCB
-qjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVy
-cyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1UdEQQWMBSCEmdldHouaW50
-ZXJuZXQyLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAbGq5y1g8pUxClvsDeOAkJ9CS
-dTodS6aL8NyBEVyBjcJco0fk3vldgQEbTlDmv/ZzmFSUMxSBXmYFAN/byyJXDD6d
-yyNO9AQ3e544ddNiRE384Q7xf3x9VB7FhkoxTQ5OlfEEgWj7GxEDoiefWdVuWw84
-3u5uklRqZkjogIvq1nFO0j0WRZIzHqF9+b33H5zehFpAmczJt3HZlMuKBHlsuB9q
-KOdCzB52rPky6jx08i7bcV727bnCQyptqWuqNERLbm4SscDDp3vgG/5nbGwvnh+R
-WkRGFiw/sK/T8p6Wg6d9HiVK5PvJ6mGvlZzvPMj2oK015P5Gi/Ci95HiPYbAJw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://getz.internet2.edu/Shibboleth.shire" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://getz.internet2.edu/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Techical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>IJ Kim</GivenName>
-    <EmailAddress>ij@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://holiday.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://holiday.internet2.edu/Shibboleth.sso/Login" index="1"></DiscoveryResponse>
-      <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://test.internet2.edu/Shibboleth.sso/Login" index="2"></DiscoveryResponse>
-      <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://test2.internet2.edu/Shibboleth.sso/Login" index="3"></DiscoveryResponse>
-    </Extensions>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>holiday.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 466, expires on Sun Nov 21 19:58:16 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmzCCBIOgAwIBAgICAdIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTEyMDE5NTgxNloXDTEwMTEy
-MTE5NTgxNlowIDEeMBwGA1UEAxMVaG9saWRheS5pbnRlcm5ldDIuZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZNeZ1oR/5x4YlbFEcOvaATiHOqt
-mss5JE4Pc/Y6KATeqwqyF0QOBqAhF9azVwb774vBJRePjw6+4mZWHYJlyE9xx94F
-bxcOTP/9lziC7toHBb01FLIevUDVDonwz/f00ozRcy7U7DZbIl0g7HiyrsbxOS1J
-hy7wT6BGCArz5UDxU/x/3p8hyUE0yfuwdBJDG6p7mquajmMA8qfnRGqcrEADnx2G
-yPUR4Jqj6cJd8EqCW9V94wURdUve7lJ7MJtmlZj15CrYooVD3K62kXx8uoydeJ0+
-kzC9MzI5+ctSPakux+NrIl5nyneIgp2331ZiEioK3V4zIhz5NZ4FgCJkiQIDAQAB
-o4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSyxDVHCkgH4Z9Ff/6bDxrV
-xiNWGzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcB
-AQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEF
-BQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
-dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2Vl
-Y3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMB
-BAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAXghVob2xpZGF5Lmlu
-dGVybmV0Mi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAHrIM83du6YQdBGFY3SpLeSJ
-pjYQdW8XM2enOjpJXWP8V4seMX59aFs7KjOG0UHlJwN6Q/AX8s/Dtt0BWACcElE2
-K6cKVBhUGv10bQvE20gtzIxEL3RYTN4VIjhv2T5f+pE5s2Hk3LL8SUhSjLpIGj+c
-DyXRxS6vzH8GefHair8D2rL3wMHfjxvLBrNfMsLf/KFDykCgFExM3h/gn6D4pth4
-b75Pwhh3tw/z6jdpnpHWwgGB5brzVl6uiSr1WEBXprwflZ1LTDrgRDN8ZrcAfCP3
-2h7jJn7lreVpu6OwQ2PHECWZ5ZfYjc9fyhxCok19JoiZOPS89MXlbgBeYBGyzCU=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://holiday.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>IJ Kim</GivenName>
-    <EmailAddress>ij@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://service0.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>service0.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 365, expires on Fri Jul  2 17:15:21 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAW0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTUyMVoXDTEwMDcw
-MjE3MTUyMVowITEfMB0GA1UEAxMWc2VydmljZTAuaW50ZXJuZXQyLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAypCbDYC9nuDfXauMi6MKfSJVv+vvv/+G
-BRmeZ8c19XGmEt5YLaUvMbAqkJDRvWWwaUEkg8LiTnGTf31Ljaay1EiMUWvZuc5E
-pn4dYDLfCbpe39kt/iAC2JTsBpDf7DztcNjIpccNUnM3lJ/srx25754K9kavEox6
-OB95M66JoPsCAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUrh8I
-Sfz5R8cK/tma0FeXnAcMxIwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWc2VydmljZTAuaW50ZXJuZXQyLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEArYyb
-to+ZyxJZEnKliyTN14OYJQTzczBzQCVrT7a6743BDQOibTimtx7sDB65sqpjHxMr
-LfwTiAplrrkCMG92Pvo+WTQtKCqxebbLWiG7gvruC7Zhv+jZtIAo8bllhpn26r4H
-d/gr+j/VOWZof4q7CuHJaWxWNrUsM9KsI5mo/eMY77qDuikeBxUuWXvfCzD7DFrz
-EJw3Z2epNueCpfEDNq9ev9FA+BqL2LxOnsKuGE28m2KychW7L1mku4HnyLyBPadV
-jPHvVd+Lonacf8vh1DNuTahbAgNCYaS67yAysqUXmGf/MPhGHtmqtWd0bFZaSUBQ
-3T3vosjt19a+DAeS+g==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://service0.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Technical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Technical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://service1.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>service1.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 366, expires on Fri Jul  2 17:15:29 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAW4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTUyOVoXDTEwMDcw
-MjE3MTUyOVowITEfMB0GA1UEAxMWc2VydmljZTEuaW50ZXJuZXQyLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvjJ4dn94EinZ0p2wvL+3SD20wQ//G+PI
-v8cXRmJVYHCMv2k0cI2fAdZJI2cikj0OmZsFZKi03/5oZPc20nSHskEPIS0Cmufa
-lln0IgkXpnLerW1zPmfywISZR+xLmSvMFU6ZV8zzbHV/lqeNFPjpS4JKK4mG80Xv
-HfwoxksPGDECAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUNk2g
-72k0m4vsmp10q7/UNIQz50kwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWc2VydmljZTEuaW50ZXJuZXQyLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAFXCS
-gAeUVir1nEV/MIIhps8v3luRmKFPLbE5vPHgE4SLSqBuTukkaG9m8eCCOpkJTod3
-EWzEWUcfMbc0I5YH3EqIxcTTypmmkVdZFlhHXAqZTgr5bRroO6ODTGOOSEJY/tB9
-M1rGc1CtmHCpLaC640hpGyzJgd2l0vjxmNVy/GHiLd10JiS3uejHd2IAstMp2AJ6
-J9YLFftQCUOLp1YNWvAZV+Usgyk1ha6uu32Vv2rlIOGC+Tu38h6AnNe5sKaRQ02O
-7WuR99wjKojDuTAOuCRQ2cYnJ8A6/84LK8gSRxdfvqbHwUDN9DClMidY7yWk9fVs
-FGk0AgmKinE6owHSvQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://service1.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Technical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://spaces.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wiki2.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 164, expires on Tue Jun 10 15:25:00 2008 GMT -->
-          <ds:X509Certificate>
-MIIFwDCCBKigAwIBAgICAKQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDYxMTE1MjUwMFoXDTA4MDYx
-MDE1MjUwMFowPzELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEcMBoG
-A1UEAxMTd2lraTIuaW50ZXJuZXQyLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAL6qxmw4kPG/Is1KdOtIZWq1+wIacbA+VNMcor8VbFSewVFvZYFp
-NV9JCwqiIHp4MPcyTXYEzlYm30/8mxZzRQWPzdlPrg2RgVnKuR7SyVvgFyTzfyk5
-MDFpLnBW1xiE/jpJ/i5BjX/kvUmPv+jNttLxWN19Dd3CCJWcqOsJMbTnvq67g9C2
-DsOTc9NsKhiMFd2BC3yeXfPyHgCWlGeH1Frvga12Z6DUlW0FN60yqSOvu+kl9yEb
-uxKAR/TCuElsCYuRWqw5fSsKrP7+yPStBoKA/AP61g199aaz74TDNEfxXZteR8bb
-A7bApL0H5x4Le1ll9ZeGzB7tByDUrvPR2qECAwEAAaOCAq0wggKpMA4GA1UdDwEB
-/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-BQcDAjAdBgNVHQ4EFgQUZGLVzRfA+O7qLeA0wAtggVjWyNEwfgYDVR0jBHcwdYAU
-ky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQK
-ExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUF
-BzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0
-cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2Nl
-cnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYI
-KwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvcHJhY3RpY2VzLnBkZjAeBgNVHREEFzAVghN3aWtpMi5pbnRlcm5ldDIuZWR1
-MA0GCSqGSIb3DQEBBQUAA4IBAQCvnBhFehX0ZB69IT1XB0sHgY07hjeJfPhAdq+L
-19axcvuGZU7JUaPrTYvDBSJRWdBHZT2sGRmIAVUaRu4WXfWGvIRgm30feSthAutl
-kcDAA6VUe/YAUl9bQKe9Oyv0zjP4jVB+vZo0qRC/O+DrYQvpwHOGlOB4MORiPjKx
-ggyHlsn3fbc+LIn51yIK1IQzcoW33TCMtlpr9xD+ggjhoLoMbOn5hJLVI6qbFzPZ
-CtmXmsznBS6aYIWfHNzVpYn4kTTBaU46xqIkr1FyZSef2PRkrBsSesFmyf/F36fP
-ONwPTbUbw8hxFHpF3ujw1xiJsNnce6sPIZtwInNAwihlprDR
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wiki2.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 347, expires on Fri Jun 11 16:27:07 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAVswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxMDE2MjcwN1oXDTEwMDYx
-MTE2MjcwN1owHjEcMBoGA1UEAxMTd2lraTIuaW50ZXJuZXQyLmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6qxmw4kPG/Is1KdOtIZWq1+wIacbA+
-VNMcor8VbFSewVFvZYFpNV9JCwqiIHp4MPcyTXYEzlYm30/8mxZzRQWPzdlPrg2R
-gVnKuR7SyVvgFyTzfyk5MDFpLnBW1xiE/jpJ/i5BjX/kvUmPv+jNttLxWN19Dd3C
-CJWcqOsJMbTnvq67g9C2DsOTc9NsKhiMFd2BC3yeXfPyHgCWlGeH1Frvga12Z6DU
-lW0FN60yqSOvu+kl9yEbuxKAR/TCuElsCYuRWqw5fSsKrP7+yPStBoKA/AP61g19
-9aaz74TDNEfxXZteR8bbA7bApL0H5x4Le1ll9ZeGzB7tByDUrvPR2qECAwEAAaOC
-Aq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUZGLVzRfA+O7qLeA0wAtggVjW
-yNEwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEE
-ga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElz
-c3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNVHREEFzAVghN3aWtp
-Mi5pbnRlcm5ldDIuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCtp+FWsqjhS3n/VQWP
-ybuYqxE1ZljLyHv0/3ymaiQITiNgp+LQR3eITd+QnTlo5yQdm82CzmdGHj2DsV9t
-EcZmgR1K1AzE1nFkr6K1/eOqasYK0IjIL+nDAHiaF7h6ClPg0D3Q5/Xc5VvZu8+c
-lDaxJtlHvoRTwTAnNdqn7RVEsu3YihV+2C8x6pvaguCsQ/ekEeBsq6ee2t6HE0a3
-9zsajKfkIOvXyp4KQTVXYW4rYS5Rrhk+oYc/y1so1xnBRi4+Q0rfStelealgsR+U
-7V2tyNKBEavhA+nDB4IMOF527a7usEVoy7Uts27QFU3q2iuomua3taidzNDnZZRS
-YAen
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://spaces.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki2.internet2.edu/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki1.internet2.edu/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>IJ Kim</GivenName>
-    <EmailAddress>ij@internet2.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>IJ Kim</GivenName>
-    <EmailAddress>ij@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://staff.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>staff.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 367, expires on Fri Jul  2 17:15:38 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAW8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTUzOFoXDTEwMDcw
-MjE3MTUzOFowHjEcMBoGA1UEAxMTc3RhZmYuaW50ZXJuZXQyLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAumSNp95J3C34cMV2Y7BF/w2JKu52Dl+XPfZx
-7ZVgz0VRNTMbSK0Fd7dSSEeH9t2jp7cCsyJ2DOu1/thIEeQV1gDYt87eZJ+Q+iCX
-F/UHICvfF/OvOH4QinYFzB8RNsNcwGyoO8Ikgx409uNpWfnx2E1eeAR1hjSnS5y+
-PYMrBT8CAwEAAaOCAqUwggKhMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUOQK9SXu6
-KfJXKNFEPnuMzPgfet4wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-sgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYIT
-c3RhZmYuaW50ZXJuZXQyLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAw1q0tRxd8Jd3
-mIBrwgkLJL0otlalqxTHoIBaLHcWN2yvBsGFl2hHwOY8IW6Yj8eCc0ZKijzZZkZ5
-kp5d0HydDA7CSLNubnrN4XSpmIL5DGA4eFW4EB4lN71VI/UQlZk7h5h51k3e7Tnd
-IQ693CwodXdha7dpWZ5yEgdHAD8OzricKVSKE8C95nBveJZx3U+7iO3igXsUWmun
-KthT+TEm+PR65IBmI/S3gWJgG5LR0a29UlTOodF/2wlZ6PqAIpFaMVuc7Bgswf/u
-ZDDoKe3XSmYvvNxBu4Y4lmyLKM8WPgrLmQ5/2zuaYZXxI3ORFE3IhAChcs1Ct6lZ
-UUmDIRCYlA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://staff.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Techical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wikitest.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wikitest.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 368, expires on Fri Jul  2 17:15:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAXAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTU0M1oXDTEwMDcw
-MjE3MTU0M1owITEfMB0GA1UEAxMWd2lraXRlc3QuaW50ZXJuZXQyLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArcBJE+GIXj7MVX524hy/Y99P5lOsdVus
-5vRZnse2sAbL366J+YKGFQWZ8HLJKpA8cc7aqFnlUSorXfvKrmInHwc9j/N7HiHO
-8LMsHeLTnqf8B8ved8BazkgfzE4DtdtER6djJk9q8+aew+jk0RL697ZssMJkC3Dz
-oXdw7ivFeD0CAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmFoU
-nA5EQQGBDJHdIskSnZ1QrgwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWd2lraXRlc3QuaW50ZXJuZXQyLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAcg+Q
-z1/Yofaz1PRRtrfrDNZTcnoAvmtanT5dm1LDylRsccfXhAeA/KSVkufaY8K/qd2o
-PNEvCdo229sRNLZR+rRJpr18T0YKyly5aYdBabwg1yydOygAZ1Ikm6AE7ensygyM
-8qWIAjPSzIoGgyFtAD6f1WrOfawocFFwm/QER/cpWdlz3w1YwEynPYifBOpvFL3+
-6JzTP52Ql+DtYr3OKj815FX8QNs6t6bUUXBdOxc2UzJVyp0VVyf2V5xuxMo1IyFL
-cTS5bnNvWI04g9y0ggB+jrR7bHC6wgHI5AR2BpEmhSqYCzttrtf0wpYi36NMRJiZ
-tXnoQNPE8k4A5JNpig==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wikitest.internet2.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Technical Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.internet2.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.internet2.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 275, expires on Fri Mar  5 21:37:01 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICARMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMwNDIxMzcwMVoXDTEwMDMw
-NTIxMzcwMVowHDEaMBgGA1UEAxMRd3d3LmludGVybmV0Mi5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAL6YNg+bKtrsFXscmSNBEpGC4o87K95axWgMuPS1
-GT04vYATp9gFJN/k6sNedi0tYkdTs6ct3fIiqtT3fwxBMVFL74O4Ms41VQuCEM+v
-wzGzoX59PepmwBEpL8MVBCRjoPo7I+/fjH6i4qDLI/2RCARQsyL4An6rIHWdKYzz
-+S85AgMBAAGjggKrMIICpzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFAOdomwuiJLm
-0ZA4pivgxh0HCb8EMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboG
-CCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0R
-BBUwE4IRd3d3LmludGVybmV0Mi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAKQRgpnT
-VQpW1cW5XzQXMQAwhWgiPOarRSOjVUAf4h6/ZoUzCQMNS1k0EX9TWmSdSu89S/bw
-u2e3A5abgABulX+rsSgx7GARSCn1w1m2bwAm2cAvjcCrY4tl6VwNy5kVBXh/dzRK
-NvHSWV6uw4yNSsfo90WJhgySE12mH0j8inSsDD9x1Gs03NKsRR4ynhXhhWFVf7Jo
-DvZNhRUx8AqjeARw/u1czzfrJ5jO+2oxC9PRw+ZjThS3ZWTS3p8WKmw4PfoRqBbb
-HbmI8YJAgVCaKyUllnkjVfz2+vJWFnFJ8+HeeILd/0NAql05VqnWBYX/vdfrpTxA
-wdskRbmftyLM/lM=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.internet2.edu/Shibboleth.shire" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.internet2.edu/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Internet2</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.internet2.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>IJ Kim</GivenName>
-    <EmailAddress>ij@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California-San Diego -->
-<EntityDescriptor entityID="urn:mace:incommon:ucsd.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsd.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>a4.ucsd.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 268, expires on Sun Feb 28 21:18:44 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjzCCBHegAwIBAgICAQwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIyODIxMTg0NFoXDTEwMDIy
-ODIxMTg0NFowFjEUMBIGA1UEAxMLYTQudWNzZC5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDcEzH+KYmuGSDjlZeaOJc8VJS0/bRBjfE6HHDV9nN8
-ghEm5AMS5OPx/ruM+5gchwuryogOMY7abSe3BpvVT/3A+fjKSNnklMPmQUuO6AqW
-7a6/w9w30tl/2OzG3u1sGAr1FkEXf/DmJOtXpAOhPAmyYb6o41k+ZwpvnRuyaoup
-IC1R5LLU2jCnnZCxBF6gvDlvmpaEO2c2aHrKJIaqxDuVhTDJRWp+IkcT8Jy4JAwv
-0R1w8FJXLyZ0RVeNL8v3ZcCzInfxsS1/+FuOOHitZ18WO4Ds5PJ5tEzree95EGe+
-U9dpjMrJQDdKiqPE18K7cQGuHfVkIMkU4phuyUXWKk09AgMBAAGjggKlMIICoTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFPe85gpJxg5DPieEeNZF9FHWbW0rMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGn
-BggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0g
-VVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwFgYDVR0RBA8wDYILYTQudWNzZC5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAJeIDxI87H9yjtD8BLdiwEBsyKiADqL4jo2EeF9Z
-kz6GA89zEUXaL6M+UeWaHwrpbKbpR7JYb87qJhFYzCBBdLjUpHnvHI1M1/wl44XF
-/W8PpcuDF5vZmVDxYmKEJQJHnvRqOU08vIvk5bpgcI8ctNXUDWh9uEdtKMrg3+Tk
-gKCmAXAl9I6SOrnEy98RJ7yWL51qXHaWE5xXl9dTCh43JONZWlsah0smeDYkYhZq
-7g+zU6RW3i/LigqVYW84V0+WH30htKco5uwr0SGoL9u8PGbYPgrRtCJIo5r8eE7N
-R1kv+lykb9hrz1KUyDvLTDhWQ7l4bXDaP7/dIpaTrtd0zC4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://a4.ucsd.edu/tritON/HS"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsd.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>a4.ucsd.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 268, expires on Sun Feb 28 21:18:44 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjzCCBHegAwIBAgICAQwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIyODIxMTg0NFoXDTEwMDIy
-ODIxMTg0NFowFjEUMBIGA1UEAxMLYTQudWNzZC5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDcEzH+KYmuGSDjlZeaOJc8VJS0/bRBjfE6HHDV9nN8
-ghEm5AMS5OPx/ruM+5gchwuryogOMY7abSe3BpvVT/3A+fjKSNnklMPmQUuO6AqW
-7a6/w9w30tl/2OzG3u1sGAr1FkEXf/DmJOtXpAOhPAmyYb6o41k+ZwpvnRuyaoup
-IC1R5LLU2jCnnZCxBF6gvDlvmpaEO2c2aHrKJIaqxDuVhTDJRWp+IkcT8Jy4JAwv
-0R1w8FJXLyZ0RVeNL8v3ZcCzInfxsS1/+FuOOHitZ18WO4Ds5PJ5tEzree95EGe+
-U9dpjMrJQDdKiqPE18K7cQGuHfVkIMkU4phuyUXWKk09AgMBAAGjggKlMIICoTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFPe85gpJxg5DPieEeNZF9FHWbW0rMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGn
-BggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0g
-VVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwFgYDVR0RBA8wDYILYTQudWNzZC5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAJeIDxI87H9yjtD8BLdiwEBsyKiADqL4jo2EeF9Z
-kz6GA89zEUXaL6M+UeWaHwrpbKbpR7JYb87qJhFYzCBBdLjUpHnvHI1M1/wl44XF
-/W8PpcuDF5vZmVDxYmKEJQJHnvRqOU08vIvk5bpgcI8ctNXUDWh9uEdtKMrg3+Tk
-gKCmAXAl9I6SOrnEy98RJ7yWL51qXHaWE5xXl9dTCh43JONZWlsah0smeDYkYhZq
-7g+zU6RW3i/LigqVYW84V0+WH30htKco5uwr0SGoL9u8PGbYPgrRtCJIo5r8eE7N
-R1kv+lykb9hrz1KUyDvLTDhWQ7l4bXDaP7/dIpaTrtd0zC4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://a4.ucsd.edu:8443/tritON/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-San Diego</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-San Diego</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucsd.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>ACT Help Desk</GivenName>
-    <EmailAddress>acthelp@ucsd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Matt Elder</GivenName>
-    <EmailAddress>m1elder@ucsd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Gabe Lawrence</GivenName>
-    <EmailAddress>glawrence@ucsd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Elazar Harel</GivenName>
-    <EmailAddress>eharel@ucsd.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ucitps.ucsd.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>dangeresque.ucsd.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 252, expires on Fri Jan 29 16:57:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAPwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEyOTE2NTc0M1oXDTEwMDEy
-OTE2NTc0M1owHzEdMBsGA1UEAxMUZGFuZ2VyZXNxdWUudWNzZC5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBANY3JL+QFfNnuEcUVLJVzZD3YT56Ya5YDBDt
-wTtA+BE/CVkt/7AsWmUn1wpzgaWJFywN6Xym9gZYQJYU74YC05EAni1dn4xQsIVn
-AQiNBve+0yfNpfuxJTUeY8a6XwOdMK1u+5cmHBRGCj4dK8uOJwVKwFTPyna73FxF
-LdAq36jtAgMBAAGjggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNvFifJg
-+DqsnlKNUDofOaIESBZfMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYD
-VR0RBBgwFoIUZGFuZ2VyZXNxdWUudWNzZC5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AF/48Y3F3XCmYQehJNppvICepJN+f2tLdJ2k2lYAgHl80f16PK9dd+A1X2NHRftb
-INB6i5z01ibCuCDR6CuBvN/h8TCZN0UqQ2o17v4azmcpTJJS3/wDaxWTKlvJU4cC
-Kk9eTGFRyQq7TDfqbyigzSyTmRigkDGDFfN+cPKjnnF66HsBvG3T9VFXaQNm7Ko+
-+aujoWvdFH8FlEO9FLeczZVa8+Tu5n1cCupAAC5ZjGHnrTDnjjgWdqwfQ7jRtzmk
-Mmsgkqp+NBunAjbSr+gSrX4jAMqh/iyNIntxGSn1x2dfS8E6x3xHfPG+8SpGQIUz
-EX+2+P6/x9eQMWHMcoy2PVc=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucitps.ucsd.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://ucitps.ucsd.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://ucitps.ucsd.edu/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://ucitps.ucsd.edu/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-San Diego</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-San Diego</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucsd.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>ACT Help Desk</GivenName>
-    <EmailAddress>acthelp@ucsd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Joe Pomianek</GivenName>
-    <EmailAddress>joe@ucsd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Matthew Elder</GivenName>
-    <EmailAddress>m1elder@ucsd.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- WebAssign -->
-<EntityDescriptor entityID="https://www.webassign.net/Shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.webassign.net</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 340, expires on Fri Jun  4 19:18:55 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICAVQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwMzE5MTg1NVoXDTEwMDYw
-NDE5MTg1NVowHDEaMBgGA1UEAxMRd3d3LndlYmFzc2lnbi5uZXQwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAK2taVFldBZCgKMtNPxty8bOQoopsby1OihRTWD9
-xhmgRH/f3c+gkh4Mppc6+xvBbmhOss3zWrksW/08eYc8oLKbpEDWtemMNtASaF4S
-TpIBzTqTmDTdIOAkkLjEKssPQNWoU1AUKP/rneELPG6wsbj3wYc1eR5rym1X9+Wx
-1Hu1AgMBAAGjggKrMIICpzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFPUL0KJSQMKm
-xoZ28w7HyORKltmZMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboG
-CCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0R
-BBUwE4IRd3d3LndlYmFzc2lnbi5uZXQwDQYJKoZIhvcNAQEFBQADggEBAALh4ln/
-1m5tKh3CFZyR+U95OwZd3Gq4MeuVChDB6MCshfpnN3HxnlEcpPCf8ulUgkUs6saI
-uC1jJiMq1eRVkswQ1nlWw3QO77H9RU8pEbTDCBSK07YvSK94AqW2U+w8xICQhkYp
-Iom740d62+TCnYsfICjnfq+2icOfRrVWkiEXpfSSI/yCaXcAvPmA1Og/esqXbkFn
-7mWpQs9E4HB3GtafCIDbSbwjnMAOfuQut7obbyrukY4N/17SayZLFOp5Kr4ozxyS
-IFve3PdXgQb8KynyCdyj3B365lavmqNouwsMZP+3d57EyNCFKuRLgQL7i9kKLWVX
-pAtXhCgWHu7sPLM=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.webassign.net/Shibboleth.sso" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.webassign.net/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">WebAssign</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">WebAssign</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.webassign.net/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian Marks</GivenName>
-    <EmailAddress>brian@webassign.net</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Case Western Reserve University -->
-<EntityDescriptor entityID="urn:mace:incommon:case.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">case.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibb.case.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 194, expires on Thu Aug  7 20:20:04 2008 GMT -->
-          <ds:X509Certificate>
-MIIFSDCCBDCgAwIBAgICAMIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgwODIwMjAwNFoXDTA4MDgw
-NzIwMjAwNFowUDELMAkGA1UEBhMCVVMxKDAmBgNVBAoTH0Nhc2UgV2VzdGVybiBS
-ZXNlcnZlIFVuaXZlcnNpdHkxFzAVBgNVBAMTDnNoaWJiLmNhc2UuZWR1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDan9TOT5M6guhRF2MDEsEOl+QhoHASVqaD
-73mrxZHzu9eVHNW602Ky/CDZSP0JY51UOXPCwnoJtit5/V9FQrs1SnSkTwsvTzS5
-QNlCXHyI1DjFb/TzhcZJblDfVsORueGyKGq5xAuYgOV60JEA0J5GokjjP6F0XLAj
-hicbC0YKNQIDAQABo4ICqDCCAqQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSjT3vU
-mX12/mDAX3Ev77I5tTTivjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGN
-BgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4G
-A1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2lu
-Y29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkG
-A1UdEQQSMBCCDnNoaWJiLmNhc2UuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQC+m88c
-AxWD80BK/BJ4g7XrxFYKFWIUwLL3Zq1sslJQiMtiNKJDHy8FNqc7Ogm2+xU4O+MD
-BfomR6opHuWc9+WHhwxEFxbEH7DWbigkruZWdN/V2QX6CNVWG/aE69dWiTNam+zG
-w+LCgGzum8El1lkdGyQJMeVhVHXeBcWmcLZ+Q3BOSfjEUA3UQk+9evRx/gKMVDN5
-O7PsqPTIvTGQTv8yk1KJEVZaffVBthCsJvYhFYSOXnV9cdxkR76RJulmqdlsrr8D
-0TLmxRmNadJ/cN7AER7W5yqCtlOkmmLzCq785efzZthIqzKQXyt9PCtQxsaGwer5
-5nq+fj5QmUuAZBJq
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibb.case.edu/shibboleth/HS"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">case.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibb.case.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 194, expires on Thu Aug  7 20:20:04 2008 GMT -->
-          <ds:X509Certificate>
-MIIFSDCCBDCgAwIBAgICAMIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgwODIwMjAwNFoXDTA4MDgw
-NzIwMjAwNFowUDELMAkGA1UEBhMCVVMxKDAmBgNVBAoTH0Nhc2UgV2VzdGVybiBS
-ZXNlcnZlIFVuaXZlcnNpdHkxFzAVBgNVBAMTDnNoaWJiLmNhc2UuZWR1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDan9TOT5M6guhRF2MDEsEOl+QhoHASVqaD
-73mrxZHzu9eVHNW602Ky/CDZSP0JY51UOXPCwnoJtit5/V9FQrs1SnSkTwsvTzS5
-QNlCXHyI1DjFb/TzhcZJblDfVsORueGyKGq5xAuYgOV60JEA0J5GokjjP6F0XLAj
-hicbC0YKNQIDAQABo4ICqDCCAqQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSjT3vU
-mX12/mDAX3Ev77I5tTTivjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGN
-BgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4G
-A1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2lu
-Y29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkG
-A1UdEQQSMBCCDnNoaWJiLmNhc2UuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQC+m88c
-AxWD80BK/BJ4g7XrxFYKFWIUwLL3Zq1sslJQiMtiNKJDHy8FNqc7Ogm2+xU4O+MD
-BfomR6opHuWc9+WHhwxEFxbEH7DWbigkruZWdN/V2QX6CNVWG/aE69dWiTNam+zG
-w+LCgGzum8El1lkdGyQJMeVhVHXeBcWmcLZ+Q3BOSfjEUA3UQk+9evRx/gKMVDN5
-O7PsqPTIvTGQTv8yk1KJEVZaffVBthCsJvYhFYSOXnV9cdxkR76RJulmqdlsrr8D
-0TLmxRmNadJ/cN7AER7W5yqCtlOkmmLzCq785efzZthIqzKQXyt9PCtQxsaGwer5
-5nq+fj5QmUuAZBJq
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibb.case.edu:8443/shibboleth/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Case Western Reserve University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Case Western Reserve University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.cwru.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Jeremy Smith</GivenName>
-    <EmailAddress>jeremy.smith@case.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>David Kovacic</GivenName>
-    <EmailAddress>david.kovacic@case.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Virginia -->
-<EntityDescriptor entityID="urn:mace:incommon:virginia.edu">
-  <IDPSSODescriptor errorURL="http://shib0.itc.virginia.edu/shiberror.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">virginia.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib0.itc.virginia.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 334, expires on Mon May 31 19:31:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFpTCCBI2gAwIBAgICAU4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUzMDE5MzEyM1oXDTEwMDUz
-MTE5MzEyM1owITEfMB0GA1UEAxMWc2hpYjAuaXRjLnZpcmdpbmlhLmVkdTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZljhr7AY1Z2nBHoDQ/H5qccnA0
-4uO7XaH1PTlY2GqawbYozgIAh30Xl0uFZRu4//HS74wOWveaTTT+4rM9neT2gmk9
-zaddyjJavUGaSwre82JjzNvy8hTyXHJz6TP3PFUjramILFDdDaL+us11UL/Ecnx2
-u/xzYdZ1M8IihrYmoANEYudkb76HK3h3xuXoaTMqD5epf4DXl9nWzZ00mrNUHTZR
-S0Np/scir0ADxypfe63MCbxw5EuM/7ttQwDmu63tgEXtq91ioO/ireDqqV7L8nYH
-UGp7anhT1DpKGgu+49hDuAKXIBG1f6VuKHmJMR2yjMBO5wZRDBbvallMSXkCAwEA
-AaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQURglUXBMi6zg/bi6hI1g4
-azFIMaowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJ
-BgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQD
-EyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUH
-AQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNB
-IElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAhBgNVHREEGjAYghZz
-aGliMC5pdGMudmlyZ2luaWEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAkcokc+Nj+
-7HYOXRczV6lJUYMdRDCk38zIOybpa1Na58XPn0UN3DUzD0jpyJpjvT0z03C0oOR4
-q89PVw/cXwHIPhu6zwyyWeKiYoTtEWbLIrtw9Dhyassx/06+s77nCo5cc3J2GhTt
-5bqvOBFVmLSSvgdEms6qmDxlSMKJuUNPt+V3nFBVfsKPSS3rBHN3l5D3KFVoOcIV
-pKgBVQt3vKv5tKx30Mz9+NYH+uo4VFW1+twOkf0w/S6ci58qyHiyQAtpP1OQL3H3
-Tau5cNrSJYshFluUimrvVbd6JtQP2FS4gk9TdAs9+R4dm0dblBfXir2UWQl3plmU
-YAJxCYkeG921
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib0.itc.virginia.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">virginia.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib0.itc.virginia.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 334, expires on Mon May 31 19:31:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFpTCCBI2gAwIBAgICAU4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUzMDE5MzEyM1oXDTEwMDUz
-MTE5MzEyM1owITEfMB0GA1UEAxMWc2hpYjAuaXRjLnZpcmdpbmlhLmVkdTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZljhr7AY1Z2nBHoDQ/H5qccnA0
-4uO7XaH1PTlY2GqawbYozgIAh30Xl0uFZRu4//HS74wOWveaTTT+4rM9neT2gmk9
-zaddyjJavUGaSwre82JjzNvy8hTyXHJz6TP3PFUjramILFDdDaL+us11UL/Ecnx2
-u/xzYdZ1M8IihrYmoANEYudkb76HK3h3xuXoaTMqD5epf4DXl9nWzZ00mrNUHTZR
-S0Np/scir0ADxypfe63MCbxw5EuM/7ttQwDmu63tgEXtq91ioO/ireDqqV7L8nYH
-UGp7anhT1DpKGgu+49hDuAKXIBG1f6VuKHmJMR2yjMBO5wZRDBbvallMSXkCAwEA
-AaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQURglUXBMi6zg/bi6hI1g4
-azFIMaowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJ
-BgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQD
-EyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUH
-AQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNB
-IElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAhBgNVHREEGjAYghZz
-aGliMC5pdGMudmlyZ2luaWEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAkcokc+Nj+
-7HYOXRczV6lJUYMdRDCk38zIOybpa1Na58XPn0UN3DUzD0jpyJpjvT0z03C0oOR4
-q89PVw/cXwHIPhu6zwyyWeKiYoTtEWbLIrtw9Dhyassx/06+s77nCo5cc3J2GhTt
-5bqvOBFVmLSSvgdEms6qmDxlSMKJuUNPt+V3nFBVfsKPSS3rBHN3l5D3KFVoOcIV
-pKgBVQt3vKv5tKx30Mz9+NYH+uo4VFW1+twOkf0w/S6ci58qyHiyQAtpP1OQL3H3
-Tau5cNrSJYshFluUimrvVbd6JtQP2FS4gk9TdAs9+R4dm0dblBfXir2UWQl3plmU
-YAJxCYkeG921
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib0.itc.virginia.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Virginia</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Virginia</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.virginia.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Hamp Carruth</GivenName>
-    <EmailAddress>ehc@Virginia.EDU</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>James Jokl</GivenName>
-    <EmailAddress>jaj@Virginia.EDU</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>James Jokl</GivenName>
-    <EmailAddress>jaj@Virginia.EDU</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://pbsvid.itc.virginia.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>pbsvid.itc.virginia.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 239, expires on Sun Dec 13 17:22:07 2009 GMT -->
-          <ds:X509Certificate>
-MIIFIzCCBAugAwIBAgICAO8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIxMzE3MjIwN1oXDTA5MTIx
-MzE3MjIwN1owIjEgMB4GA1UEAxMXcGJzdmlkLml0Yy52aXJnaW5pYS5lZHUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKJqXNjKY/XkdUzy/dc7bJ5lzN8yySTI
-5fecs7sec9oOgMwKuhOTx9W79rAO2dTJMxzz++PsKO8SmmF5uSSvg7Oji25oO6F+
-frXflGrt75LaRr1fVNoj0QoXcdgeSwyAoCXRdN2fUFyM2blT+ijpwSvm17Asbbh8
-slxRZ5jdysnrAgMBAAGjggKxMIICrTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFICs
-DtpAaeXI1irM1Y/mRDgUsGLjMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-gY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-XgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8v
-aW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYw
-IgYDVR0RBBswGYIXcGJzdmlkLml0Yy52aXJnaW5pYS5lZHUwDQYJKoZIhvcNAQEF
-BQADggEBAEiWDzqcVtjwofbr5jx4/tmrHmm3m3sLI8VX0ncQzgKvVg0Dk9ts4X+J
-SMm6CT3NKpTOqV3svwiEjH7aw0kQIjQsAiz58J8EwkmfjbbKzhg5tnXHbDCsj58F
-f/uNM0rNi+S3RUc5rQlf8tPjiB/OWyFfKxbbC54T4K0vsEsHnWAuJGlhTvePD2M+
-/eoPnK6Vj13LlAJgRGaBNQlg1trz/ytV/u3XvdtEEtsShAFxvLsdd/ZYiwA1OFEV
-vQTb+nvKkO2suJltI4bDr9lkyGVly1NWsbcNz5s5J2xGeZH8MlZePXyPYpx+M56J
-wlWyxrw7XF9pFB+Ot9Grjx9QreJwlXI=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://pbsvid.itc.Virginia.EDU/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://pbsvid.itc.Virginia.EDU/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Virginia</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Virginia</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.virginia.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Hamp Carruth</GivenName>
-    <EmailAddress>ehc@virginia.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Jim Jokl</GivenName>
-    <EmailAddress>jaj@virginia.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jim Jokl</GivenName>
-    <EmailAddress>jaj@Virginia.EDU</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wl-shib.eservices.Virginia.EDU">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wl-shib.eservices.virginia.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 246, expires on Fri Jan  8 22:25:36 2010 GMT -->
-          <ds:X509Certificate>
-MIIFMTCCBBmgAwIBAgICAPYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEwODIyMjUzNloXDTEwMDEw
-ODIyMjUzNlowKTEnMCUGA1UEAxMed2wtc2hpYi5lc2VydmljZXMudmlyZ2luaWEu
-ZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJygOj5xX8QYPN9iXL4cmm
-g0RukFQv1oXDmdvjmm0LHAGGiPltZU60aEG/CQ0dMoEO8MZjPKnHPqK0Dm74Dbp6
-C373AcBNsQzXQDCy3zmR2yC55HigdYHMPGYlGL3vuTXPsxUudYaKfFnf5M3NhUcz
-1BnmKim3XjVeRRubX0/0vwIDAQABo4ICuDCCArQwDgYDVR0PAQH/BAQDAgWgMAwG
-A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
-DgQWBBQWbGfr0a/w3cTm//m2yqasDho1DDB+BgNVHSMEdzB1gBSTLchhGK1j45tl
-s53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9u
-IEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRw
-Oi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21t
-b25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2
-aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGlj
-ZXMucGRmMCkGA1UdEQQiMCCCHndsLXNoaWIuZXNlcnZpY2VzLnZpcmdpbmlhLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAMN3tu/aQReNshLM9cYef6Ru66/BDup4Sg3v7
-oWotckfGY8+KdF1HMnmGxVHTOgbgVzekMXu0ps0ejFGCi21cY8ExHk8vNp2VvTcz
-jbJgkRPkDAtqQ3Rrq3tFCaLkuaICM7p9KjWP9JmO9LnHeZ0VFg6v/wMfG3r5my3j
-nlTNwzoicLTCoUHaztaWoSWfk85QE4XMcM1AwG980XjNttY58HR1fw+ixbJR6Cwv
-ZdlxgJGKBaxuA60ek4Cn5vtVzo+8E/HVG7DSpNDHEhwNr6p1GcmLvwrK5SzCIMTJ
-aoYDDcsCzy4VMCHLvOL9LsYxGYiyz2KWGyuOcM4wLjUp6OnLPA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wl-shib.eservices.Virginia.EDU/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://wl-shib.eservices.Virginia.EDU/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Virginia</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Virginia</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.virginia.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>James Jokl</GivenName>
-    <EmailAddress>jaj@virginia.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Microsystems Group</GivenName>
-    <EmailAddress>itc-microsystems@virginia.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Hamp Carruth</GivenName>
-    <EmailAddress>ehc@virginia.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wl-shib.eservices.virginia.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wl-shib.eservices.virginia.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 246, expires on Fri Jan  8 22:25:36 2010 GMT -->
-          <ds:X509Certificate>
-MIIFMTCCBBmgAwIBAgICAPYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEwODIyMjUzNloXDTEwMDEw
-ODIyMjUzNlowKTEnMCUGA1UEAxMed2wtc2hpYi5lc2VydmljZXMudmlyZ2luaWEu
-ZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJygOj5xX8QYPN9iXL4cmm
-g0RukFQv1oXDmdvjmm0LHAGGiPltZU60aEG/CQ0dMoEO8MZjPKnHPqK0Dm74Dbp6
-C373AcBNsQzXQDCy3zmR2yC55HigdYHMPGYlGL3vuTXPsxUudYaKfFnf5M3NhUcz
-1BnmKim3XjVeRRubX0/0vwIDAQABo4ICuDCCArQwDgYDVR0PAQH/BAQDAgWgMAwG
-A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
-DgQWBBQWbGfr0a/w3cTm//m2yqasDho1DDB+BgNVHSMEdzB1gBSTLchhGK1j45tl
-s53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9u
-IEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRw
-Oi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21t
-b25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2
-aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGlj
-ZXMucGRmMCkGA1UdEQQiMCCCHndsLXNoaWIuZXNlcnZpY2VzLnZpcmdpbmlhLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAMN3tu/aQReNshLM9cYef6Ru66/BDup4Sg3v7
-oWotckfGY8+KdF1HMnmGxVHTOgbgVzekMXu0ps0ejFGCi21cY8ExHk8vNp2VvTcz
-jbJgkRPkDAtqQ3Rrq3tFCaLkuaICM7p9KjWP9JmO9LnHeZ0VFg6v/wMfG3r5my3j
-nlTNwzoicLTCoUHaztaWoSWfk85QE4XMcM1AwG980XjNttY58HR1fw+ixbJR6Cwv
-ZdlxgJGKBaxuA60ek4Cn5vtVzo+8E/HVG7DSpNDHEhwNr6p1GcmLvwrK5SzCIMTJ
-aoYDDcsCzy4VMCHLvOL9LsYxGYiyz2KWGyuOcM4wLjUp6OnLPA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wl-shib.eservices.virginia.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://wl-shib.eservices.virginia.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Virginia</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Virginia</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.virginia.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>James Jokl</GivenName>
-    <EmailAddress>jaj@Virginia.EDU</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>ITC Microsystems</GivenName>
-    <EmailAddress>itc-microsystems@virginia.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Hamp Carruth</GivenName>
-    <EmailAddress>ehc@Virginia.EDU</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Iparadigms, LLC -->
-<EntityDescriptor entityID="https://shibboleth.turnitin.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.turnitin.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 318, expires on Fri May 14 17:33:59 2010 GMT -->
-          <ds:X509Certificate>
-MIIFpzCCBI+gAwIBAgICAT4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUxMzE3MzM1OVoXDTEwMDUx
-NDE3MzM1OVowIjEgMB4GA1UEAxMXc2hpYmJvbGV0aC50dXJuaXRpbi5jb20wggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClFXU2TXopZSwBQkAne2vuWGlI
-xmVsPnKv8DeqqWOs8ScBqf2F4bhNW2eVtUMZJd2L8xdzkNDhoqAzn8YDiuEA52e8
-1SdE0VBpIjwWifhOMfmacmRc4XCbKGFhtMo+gWfSkOkReO4wtKNfcJyhvwFH0MXt
-6hNaXk5G2j/7A6AK/sw0EywDPDFmHCQ/tSMJr/eOE4utVQrjwWF6qXMapKid7P+w
-YsPGrR0CsCBydv0imOsbJs5wI1USC/x04J/w1g1Py4+g2LcpgfTCsWU+jfd55S7i
-MHqXGuIR45qegR7ErZBo4Dzfe9u4D6YuIpgFaBu4RTWTZALckHo9aalqjH6TAgMB
-AAGjggKxMIICrTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFMiCK9/ikFWgsFB60TT3
-c1LPDRE3MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUF
-BwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlD
-QSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIgYDVR0RBBswGYIX
-c2hpYmJvbGV0aC50dXJuaXRpbi5jb20wDQYJKoZIhvcNAQEFBQADggEBAJV1IB5T
-1boMXn3D62DRfdzG84s5f1bBAsjo9SXi0woXktba5o7lGAkfCy0gaRCZjT/FwShx
-akWYtzrMgCS2ThgBtjVIKLN/FF/YEyWwalPhdEbgsJs/uMF/D4uiM1BHyuV536PM
-F3mTBHGJ/VCSZ8qMehY2GtdIpa1xelCVB7glAm6/rZj5g12+2PE2UnYuPCWs+Dm1
-qas1ii/DbDqGfKS4hShZ9mGJuEY8KJtmf83xvpucEShyLmdhUeIrCYEE29gsXLEK
-TEbgyoWCOyjlbWxUYXMOEBI9qXjrZ060fukVIGy/tri493L64uxIhNedeH5IT3Bw
-6G9zqobsMtXrfUE=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.turnitin.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://shibboleth.turnitin.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Iparadigms, LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Iparadigms, LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.iparadigms.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>David Wu</GivenName>
-    <EmailAddress>davidw@iparadigms.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Chicago -->
-<EntityDescriptor entityID="urn:mace:incommon:uchicago.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uchicago.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.uchicago.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 395, expires on Sun Aug  1 18:16:53 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAYswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDczMTE4MTY1M1oXDTEwMDgw
-MTE4MTY1M1owIjEgMB4GA1UEAxMXc2hpYmJvbGV0aC51Y2hpY2Fnby5lZHUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOErRXP1/jtvJS5Lwx/DmbqMQ+mYPquS
-Qb2Ttv4ACLE4P5Cjf2alRgtc2mgDE/JRMakUGg5w9pN8WEmu7/MqAV6h6LLOg/LO
-fXeEpROX2SFQ0w5zx3CyOOQ1f3H53l6MbKoMpEYLJGPxTlkTXeyCuDu2iDKf1glY
-FhXwV8IncogXAgMBAAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFBD+
-qpr+i2noILAnl6FXhTLBNiRbMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQb
-MBmCF3NoaWJib2xldGgudWNoaWNhZ28uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBX
-foGJyxR8OvB5o9rhV9kPoHP8NYOb1BpKDVxRWdPrnTGlOtQc8Jmgyk/IYOn/v/Y0
-8Dvic8Bds179gaxvkLt9jwhOR3pyLEo6n4auB8Wj5wZralr0NnEoX+iEpWFXVHKm
-HUOUrEbXxInTonoU3LOaOuoxM6oV8zCb4qs/yAVwDnPkwFeTFo3TIMKHxBze98Eu
-EQxAIVXd9X7I3AZ5HisEksIlbRSRW/GfygUur/XtX0ayomjEoY/2tpjw10J6/g4y
-GW+xpJ7zF+0rpJrwl9Y7zvwI6zyZgaVKLzZQ5tDVYtOIer6FpXUah+MaoHtGW9Lr
-AMVVR7f1eO9R6cEDP4mO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.uchicago.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 208, expires on Fri Aug 29 19:30:51 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUDCCBDigAwIBAgICANAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgzMDE5MzA1MVoXDTA4MDgy
-OTE5MzA1MVowTzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFVVuaXZlcnNpdHkgb2Yg
-Q2hpY2FnbzEgMB4GA1UEAxMXc2hpYmJvbGV0aC51Y2hpY2Fnby5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALu1j1ziQ1EMoioDSq8uU0bCNE6q0Si59j/A
-PPQMjMfOJhABVNHfgGRz0H1FgDwZiozVaN6jPX3tt3ePMXugTzQmq/CIYFRLVFS5
-FWRU6UA5s+07dQK6+l+coqeMSyYQ+7Sz6ulUA5UqD+rZ8KCiizKAzJkoyQclvXmE
-Q17mo6wBAgMBAAGjggKxMIICrTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFL1d0/bB
-niSldmTjieBgjYBpJAW2MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIgYD
-VR0RBBswGYIXc2hpYmJvbGV0aC51Y2hpY2Fnby5lZHUwDQYJKoZIhvcNAQEFBQAD
-ggEBAEytSCre4KLemY3ruvy6Rz8509WpGuD0Qh0rMctv8Lf30op2JbWt4SOHHeqe
-RdFpVfpvTGdKDMb6YK0h8IpnIcOHlzZ/VfPvTSn2Jsjzhi9p5eBXMep/06olkL6B
-343rj0GdMJAdZC9hkbn92TFxqUYrFL0S2WzqRR/E+L58ykj7pO6BbiTRAMckDbo2
-CLJ4y7wY0gt9zMqvTfGOnuCc4OogDoS3zeMYNtbUE9Xm8kaRlTYXSVUxxStsh79Z
-Z5SZUbIAcU6/PzYTI+yoE6xLUOlZimSkfXwhXC9TjH6J27e2yNnhm9FA9BAxk15k
-WaWX2CxT+4AbX04RVtH1mFN286U=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.uchicago.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uchicago.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.uchicago.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 395, expires on Sun Aug  1 18:16:53 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAYswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDczMTE4MTY1M1oXDTEwMDgw
-MTE4MTY1M1owIjEgMB4GA1UEAxMXc2hpYmJvbGV0aC51Y2hpY2Fnby5lZHUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOErRXP1/jtvJS5Lwx/DmbqMQ+mYPquS
-Qb2Ttv4ACLE4P5Cjf2alRgtc2mgDE/JRMakUGg5w9pN8WEmu7/MqAV6h6LLOg/LO
-fXeEpROX2SFQ0w5zx3CyOOQ1f3H53l6MbKoMpEYLJGPxTlkTXeyCuDu2iDKf1glY
-FhXwV8IncogXAgMBAAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFBD+
-qpr+i2noILAnl6FXhTLBNiRbMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQb
-MBmCF3NoaWJib2xldGgudWNoaWNhZ28uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBX
-foGJyxR8OvB5o9rhV9kPoHP8NYOb1BpKDVxRWdPrnTGlOtQc8Jmgyk/IYOn/v/Y0
-8Dvic8Bds179gaxvkLt9jwhOR3pyLEo6n4auB8Wj5wZralr0NnEoX+iEpWFXVHKm
-HUOUrEbXxInTonoU3LOaOuoxM6oV8zCb4qs/yAVwDnPkwFeTFo3TIMKHxBze98Eu
-EQxAIVXd9X7I3AZ5HisEksIlbRSRW/GfygUur/XtX0ayomjEoY/2tpjw10J6/g4y
-GW+xpJ7zF+0rpJrwl9Y7zvwI6zyZgaVKLzZQ5tDVYtOIer6FpXUah+MaoHtGW9Lr
-AMVVR7f1eO9R6cEDP4mO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.uchicago.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 208, expires on Fri Aug 29 19:30:51 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUDCCBDigAwIBAgICANAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgzMDE5MzA1MVoXDTA4MDgy
-OTE5MzA1MVowTzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFVVuaXZlcnNpdHkgb2Yg
-Q2hpY2FnbzEgMB4GA1UEAxMXc2hpYmJvbGV0aC51Y2hpY2Fnby5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALu1j1ziQ1EMoioDSq8uU0bCNE6q0Si59j/A
-PPQMjMfOJhABVNHfgGRz0H1FgDwZiozVaN6jPX3tt3ePMXugTzQmq/CIYFRLVFS5
-FWRU6UA5s+07dQK6+l+coqeMSyYQ+7Sz6ulUA5UqD+rZ8KCiizKAzJkoyQclvXmE
-Q17mo6wBAgMBAAGjggKxMIICrTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFL1d0/bB
-niSldmTjieBgjYBpJAW2MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIgYD
-VR0RBBswGYIXc2hpYmJvbGV0aC51Y2hpY2Fnby5lZHUwDQYJKoZIhvcNAQEFBQAD
-ggEBAEytSCre4KLemY3ruvy6Rz8509WpGuD0Qh0rMctv8Lf30op2JbWt4SOHHeqe
-RdFpVfpvTGdKDMb6YK0h8IpnIcOHlzZ/VfPvTSn2Jsjzhi9p5eBXMep/06olkL6B
-343rj0GdMJAdZC9hkbn92TFxqUYrFL0S2WzqRR/E+L58ykj7pO6BbiTRAMckDbo2
-CLJ4y7wY0gt9zMqvTfGOnuCc4OogDoS3zeMYNtbUE9Xm8kaRlTYXSVUxxStsh79Z
-Z5SZUbIAcU6/PzYTI+yoE6xLUOlZimSkfXwhXC9TjH6J27e2yNnhm9FA9BAxk15k
-WaWX2CxT+4AbX04RVtH1mFN286U=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.uchicago.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Chicago</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Chicago</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uchicago.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Redmond Militante</GivenName>
-    <EmailAddress>rjm@uchicago.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Tom Barton</GivenName>
-    <EmailAddress>tbarton@uchicago.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>David Champion</GivenName>
-    <EmailAddress>dgc@uchicago.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Miami University -->
-<EntityDescriptor entityID="urn:mace:incommon:muohio.edu">
-  <IDPSSODescriptor errorURL="https://shib-idp.muohio.edu/shibboleth/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">muohio.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib-idp.muohio.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 237, expires on Sat Dec 12 22:15:28 2009 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAO0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIxMjIyMTUyOFoXDTA5MTIx
-MjIyMTUyOFowHjEcMBoGA1UEAxMTc2hpYi1pZHAubXVvaGlvLmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxAV+DcXA1cn3RGHlBvI2yejibktnW4
-cfXemjO0CvKk1h7zdERPAcfhhvbQossgo92OsE/6stvVrKn+xurhI3YrPPm3XYvf
-C4wzznnMEVhpzSGKZUxlWoIIJgWf9eH6TOxC8LPE9hhE4jj+84w9wGfyhYHUdvQH
-69qvrUgovcI3Hx1+TMP1remjCf/iR0I9cOIDz/CG7GL0eouuT5sH07rF7YM+sS93
-WuizaOF+E6CZVN3x7QhmC/DoIfPjBPj6gQkGciJDxXTHtxVcsWHC1Z3zb+Kr2YTE
-z8ah62BfnsxrNc0xU9tKYWfzm7Dl/QnOLyuKj81EInJeLbhZo4lUMCsCAwEAAaOC
-Aq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU6Rqv0bfCRwLoaXd9Y+9gw7zC
-iRowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEE
-ga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElz
-c3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNVHREEFzAVghNzaGli
-LWlkcC5tdW9oaW8uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAqFk1/yQJImBQXMK5o
-hwZnYHMsvLeF5ksA9fPgzLIrL0/uP2utcEvwkaM0F0ZMp824xlijK2GKKiF1ObdN
-JkQUM1h4SklrV70Qb3n9mDOoYCj1lgv4BIP617Yvnpxdq3WzK4S+9ZmYp0dwNKo9
-qO0/vHmA0p3SOeq/UFDR/IgN1/pAArkS/npQl9Xvq1HVoY1aVpSqBH8Lz999nEXD
-EOlGbtX7D4EWuFy+gmUeFGEGx1gkGK0H1vQb3eDfrCwj7AtKZXjMR6hjGAP5SWfu
-ZKN+3QhIloMpOAoppjZ6bgxw2lHSFkS/km8j13r6zMRBiLpMWXqngti+sw8AVBqK
-lKw+
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib-idp.muohio.edu/shibboleth-idp/AuthSSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">muohio.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib-idp.muohio.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 237, expires on Sat Dec 12 22:15:28 2009 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAO0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIxMjIyMTUyOFoXDTA5MTIx
-MjIyMTUyOFowHjEcMBoGA1UEAxMTc2hpYi1pZHAubXVvaGlvLmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxAV+DcXA1cn3RGHlBvI2yejibktnW4
-cfXemjO0CvKk1h7zdERPAcfhhvbQossgo92OsE/6stvVrKn+xurhI3YrPPm3XYvf
-C4wzznnMEVhpzSGKZUxlWoIIJgWf9eH6TOxC8LPE9hhE4jj+84w9wGfyhYHUdvQH
-69qvrUgovcI3Hx1+TMP1remjCf/iR0I9cOIDz/CG7GL0eouuT5sH07rF7YM+sS93
-WuizaOF+E6CZVN3x7QhmC/DoIfPjBPj6gQkGciJDxXTHtxVcsWHC1Z3zb+Kr2YTE
-z8ah62BfnsxrNc0xU9tKYWfzm7Dl/QnOLyuKj81EInJeLbhZo4lUMCsCAwEAAaOC
-Aq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU6Rqv0bfCRwLoaXd9Y+9gw7zC
-iRowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEE
-ga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElz
-c3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNVHREEFzAVghNzaGli
-LWlkcC5tdW9oaW8uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAqFk1/yQJImBQXMK5o
-hwZnYHMsvLeF5ksA9fPgzLIrL0/uP2utcEvwkaM0F0ZMp824xlijK2GKKiF1ObdN
-JkQUM1h4SklrV70Qb3n9mDOoYCj1lgv4BIP617Yvnpxdq3WzK4S+9ZmYp0dwNKo9
-qO0/vHmA0p3SOeq/UFDR/IgN1/pAArkS/npQl9Xvq1HVoY1aVpSqBH8Lz999nEXD
-EOlGbtX7D4EWuFy+gmUeFGEGx1gkGK0H1vQb3eDfrCwj7AtKZXjMR6hjGAP5SWfu
-ZKN+3QhIloMpOAoppjZ6bgxw2lHSFkS/km8j13r6zMRBiLpMWXqngti+sw8AVBqK
-lKw+
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib-idp.muohio.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Miami University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Miami University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.muohio.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Dirk Tepe</GivenName>
-    <EmailAddress>tepeds@muohio.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Stanford University -->
-<EntityDescriptor entityID="urn:mace:incommon:stanford.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">stanford.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.stanford.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 321, expires on Sun May 16 19:10:30 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAUEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUxNTE5MTAzMFoXDTEwMDUx
-NjE5MTAzMFowGzEZMBcGA1UEAxMQaWRwLnN0YW5mb3JkLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANI3AIyMQqO6fGB6Wfvc8KsrxSV3VykXPNeK
-AHy0rblfuS6dSBZmHt/yFryQTCH3Mff0jsfLCXXzfUz3ruGPBfjxPTSagmyrnS+A
-eszkDDv8C/bwIOQXv41+EQWZ4T1xR/iySGop4qNEQ2J3uvis5v1AFL6TB4weJO6r
-473UtztPXv57LhuY2WlunVrAo3AE/Jc/8/fWnn7viWMugm0F0UIP5oF2nuWGd6V1
-/rylvSYBFp8nspIDldzpYRPpHrPZ0rmIzQOPkDTuEQGrtMCsMj0rXvjSYP18T6JW
-3cywS+YqnpHOu0d6QUWLVrAkFE2DjsJP6ycq3cMeS4GV9Y4uJ2ECAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUN6Rmbkx/bBGq2F3c4zEnL4RROHAw
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghBpZHAuc3Rh
-bmZvcmQuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAQZI4Zrr26sgQec9swH3w/rwq5
-nLNR36JYpNDhm/EaKALolZh/cm9Fdb5IxY87u0O1h8zDv8JAWjP17R1YrxTg9pNO
-dj2aqoKu0cZYIk+sUNeCZFhq9sJfcMlmFlgqKcb1G6f1gMW0v4IHBmYYFAajitr+
-VZ3IAUC7oa2Ung9CNAmIqlLzUF77KpRm7nBO9IRjjQVVozr+F8jzDulXLoDiadaC
-tYldAgjArzuKhqF5zrj1GDrnB1EJas6P0OAQl5ALEJGeKJVl/IkUZWdMSoqOMVgw
-OM+lOwFibbhFDr8OXA8xZGKw7ALjLnqxW7QJswbBGCDvdX0fWgIlToffYSIV
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.stanford.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.stanford.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">stanford.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.stanford.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 321, expires on Sun May 16 19:10:30 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAUEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUxNTE5MTAzMFoXDTEwMDUx
-NjE5MTAzMFowGzEZMBcGA1UEAxMQaWRwLnN0YW5mb3JkLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANI3AIyMQqO6fGB6Wfvc8KsrxSV3VykXPNeK
-AHy0rblfuS6dSBZmHt/yFryQTCH3Mff0jsfLCXXzfUz3ruGPBfjxPTSagmyrnS+A
-eszkDDv8C/bwIOQXv41+EQWZ4T1xR/iySGop4qNEQ2J3uvis5v1AFL6TB4weJO6r
-473UtztPXv57LhuY2WlunVrAo3AE/Jc/8/fWnn7viWMugm0F0UIP5oF2nuWGd6V1
-/rylvSYBFp8nspIDldzpYRPpHrPZ0rmIzQOPkDTuEQGrtMCsMj0rXvjSYP18T6JW
-3cywS+YqnpHOu0d6QUWLVrAkFE2DjsJP6ycq3cMeS4GV9Y4uJ2ECAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUN6Rmbkx/bBGq2F3c4zEnL4RROHAw
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghBpZHAuc3Rh
-bmZvcmQuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAQZI4Zrr26sgQec9swH3w/rwq5
-nLNR36JYpNDhm/EaKALolZh/cm9Fdb5IxY87u0O1h8zDv8JAWjP17R1YrxTg9pNO
-dj2aqoKu0cZYIk+sUNeCZFhq9sJfcMlmFlgqKcb1G6f1gMW0v4IHBmYYFAajitr+
-VZ3IAUC7oa2Ung9CNAmIqlLzUF77KpRm7nBO9IRjjQVVozr+F8jzDulXLoDiadaC
-tYldAgjArzuKhqF5zrj1GDrnB1EJas6P0OAQl5ALEJGeKJVl/IkUZWdMSoqOMVgw
-OM+lOwFibbhFDr8OXA8xZGKw7ALjLnqxW7QJswbBGCDvdX0fWgIlToffYSIV
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.stanford.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stanford University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stanford University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.stanford.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Shibboleth Support</GivenName>
-    <EmailAddress>shibboleth-team@lists.stanford.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://itarch.stanford.edu/shibboleth/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>itarch.stanford.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 188, expires on Tue Jul 22 15:34:54 2008 GMT -->
-          <ds:X509Certificate>
-MIIFyjCCBLKgAwIBAgICALwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcyMzE1MzQ1NFoXDTA4MDcy
-MjE1MzQ1NFowSTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE1N0YW5mb3JkIFVuaXZl
-cnNpdHkxHDAaBgNVBAMTE2l0YXJjaC5zdGFuZm9yZC5lZHUwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDHroeavlcu0ycs1sxA5JWKpJxydiT4s3js+YA1
-xnBjpntynfiiUohe5FlQhZq169OCykujJJWNDP9LMffqVKus6hpDiPiuUB/39giH
-Z0eSgDgOH/7VFaIoRASceghSYGixZnUrMS44V/PRl9V61VNh9q3KGp6efp/s9a7F
-oyxVwrvzJVupd8no/GlHORot6R//ACT684lzercv4amjHvokk0S9H04+Z87AtKuu
-4OdOUGxQOpaPxf7ZBRS+5HvMUaCCPsgbNgE8fT8TsYuxvtAjdAuSv4PfpfAIlyQR
-ndhsMzi4Ro1oS+WXMo78RVZ/hzUxY1lS5t9IKq9UQJf35v4DAgMBAAGjggKtMIIC
-qTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFIYEg0xGMlf8ZAC/lTA1h1e5WGuNMH4G
-A1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21t
-b24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGq
-MIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJz
-IC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5
-aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9l
-ZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4j
-AQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYITaXRhcmNoLnN0
-YW5mb3JkLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAfdDyTeFgQxKgt+0Q0KYTloJI
-OCGiuULSfkPuPKs9oO1Waf3jFKW4rfcJTsNDzrSaaWzGHyn2vNwZ2wVC1vHawuN8
-pMQDj8EKQonzn5fz83M2CM7YFNfFuGu68TVjTyvJUW3pnFPRO1VVn4c9YxJuNZh+
-mK/U/mhWGqsBZTYPky/9MarFW07CCxhNGWfBPH++eDaHZnwOYyRf6V1Rj9Wwfrbu
-XiSTiQShkMEQF6BvikOqwyUQA/NYBE27NqRamLpFM7xVVCYfjF7O75DMphT3C/9q
-N1MbE9o78BZMASp6nBuypbPndp4d9BOjollWmj325wFO87J0R503a/WPaUPZQQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://itarch.stanford.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://itarch.stanford.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stanford University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stanford University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.stanford.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Bruce Vincent</GivenName>
-    <EmailAddress>bvincent@stanford.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Scotty Logan</GivenName>
-    <EmailAddress>swl@stanford.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www-preview.stanford.edu/shibboleth/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www-preview.stanford.edu</ds:KeyName>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www-preview.stanford.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www-preview.stanford.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stanford University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stanford University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.stanford.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Scotty Logan</GivenName>
-    <EmailAddress>swl@stanford.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Bruce Vincent</GivenName>
-    <EmailAddress>bvincent@stanford.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Scotty Logan</GivenName>
-    <EmailAddress>swl@stanford.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www-shib.stanford.edu/shibboleth/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www-shib.stanford.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 110, expires on Thu Nov 15 22:04:21 2007 GMT -->
-          <ds:X509Certificate>
-MIIFzTCCBLWgAwIBAgIBbjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTE1MjIwNDIxWhcNMDcxMTE1
-MjIwNDIxWjBLMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTU3RhbmZvcmQgVW5pdmVy
-c2l0eTEeMBwGA1UEAxMVd3d3LXNoaWIuc3RhbmZvcmQuZWR1MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2iXuBhRhHC45NqRxWoKFAJ95iCakMbulbbj7
-sROYxfbbIAN6wkiTHQRdZQAIFh2T7oMyfb4fcXQEv1ShxHpC+KT3AwENgh1VpGZg
-AVs/sUXPM39h6O8ci1ysi3151+9Y0Mp7rKJAbbowZGv5jcNfuk9X8DNoQQL39eeM
-wiIBMOmgQ/dBau7kX4Iyi0zqxKGbwdQDHZqXu8n5zblxkSEwEafQB+IAEGPisoXn
-c+1zOmigC3mUblOwaMsi8EOr1L59q6K+N9BUAa899KWHB1MRsZPfr1vRQX+tPFTn
-aNRiaS+JYRR+5+uaeOkA13jT1tf7ue9l4JfVqFA4K5vJs3LsXwIDAQABo4ICrzCC
-AqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
-BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQNUOIMH05VSI4xQyG88tWO8d5tDTB+
-BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMC
-VVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29t
-bW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCB
-qjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVy
-cyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAGA1UdEQQZMBeCFXd3dy1zaGli
-LnN0YW5mb3JkLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAr5eDL9FsII9fEdOLdy6w
-zN8nZ9dbOVTfyESrjzeY5kO6TkjAXch3D3nj5bVfALYgRG7fyxSJCaNuiv42Vvya
-/OKQLi/k+DU/1DcGX+p1/pLPkcXn6CQoAH6kymnCLwYNDCFe48cWJbVBo2NQySQf
-sepoOAedxiKkK5POP1bMaMo0Q6UUByLBrJC7K0jlUO82dqdLX22WC+DK8Eoy+VuD
-L1s4v3DI7z+MNYe6xg1Zb5VFfIe0J0hQo3CUuQvGH5603QsEN5jGQnXiKdQ4X6vL
-RbpF11hwXDhGZ33Jd03Wcl8hZSJSwjv22Ab56pyBLTSLYooT2iOcjQi0hLooZlXC
-yw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www-shib.stanford.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www-shib.stanford.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stanford University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stanford University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.stanford.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Bruce Vincent</GivenName>
-    <EmailAddress>bvincent@stanford.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Scotty Logan</GivenName>
-    <EmailAddress>swl@stanford.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.stanford.edu/shibboleth/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.stanford.edu</ds:KeyName>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.stanford.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.stanford.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stanford University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stanford University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.stanford.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Scotty Logan</GivenName>
-    <EmailAddress>swl@stanford.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Bruce Vincent</GivenName>
-    <EmailAddress>bvincent@stanford.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Alabama at Birmingham -->
-<EntityDescriptor entityID="urn:mace:incommon:uab.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uab.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.dpo.uab.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 311, expires on Fri May  7 19:08:37 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICATcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUwNjE5MDgzN1oXDTEwMDUw
-NzE5MDgzN1owGzEZMBcGA1UEAxMQc2hpYi5kcG8udWFiLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA09nElsNeEHmUZK2CMOccLeBz60/pBGkJvhiHhuuX
-WnnpNZ421KTo5Iu9jOTwvf24/aMdP0sWbCHgNwXFwI0/6tbExk0e20OaoiphVT8b
-5OFiCY3hS3J6RlFth9bjzZ5pN0vul5GptgdRSxCBQlWnIdYSxLIEuD6yfvKCIstt
-AQECAwEAAaOCAqowggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUH9D/9ia3Sg70
-V7HpaS66Ch9K7uMwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREE
-FDASghBzaGliLmRwby51YWIuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBVTyPquMCn
-QQjjZreVm7samz+JbKfDg/j8duMwvJb+cxsmRoei0sDtkkAyke2Wjtep6x8KuedW
-Z4vAXuGYLnda/oodNTgai3WxiFkyY56NUqeBvu+JuQhNuixL79IRgHJaZIldcttA
-2niIt7dWLQK+UDO0WqGQNxQtTNNwaB9hZ8POccs5UXwHcxLTEip7BiZGi0s2iBWF
-lD8u4/Fr5sN9qA5rzHIO+0kOY4bkHmBxX7+nSIPTQLecfqWR6CytEbwwZIJJxDh9
-ejlZBH16GRfO7uTi/uIzbIdMYJ2wHE5jM9sB1M8Or4KY7czFn/FRXIKab8rhlxl2
-A5XRJGPqXwQS
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.dpo.uab.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uab.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.dpo.uab.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 311, expires on Fri May  7 19:08:37 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICATcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUwNjE5MDgzN1oXDTEwMDUw
-NzE5MDgzN1owGzEZMBcGA1UEAxMQc2hpYi5kcG8udWFiLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA09nElsNeEHmUZK2CMOccLeBz60/pBGkJvhiHhuuX
-WnnpNZ421KTo5Iu9jOTwvf24/aMdP0sWbCHgNwXFwI0/6tbExk0e20OaoiphVT8b
-5OFiCY3hS3J6RlFth9bjzZ5pN0vul5GptgdRSxCBQlWnIdYSxLIEuD6yfvKCIstt
-AQECAwEAAaOCAqowggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUH9D/9ia3Sg70
-V7HpaS66Ch9K7uMwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREE
-FDASghBzaGliLmRwby51YWIuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBVTyPquMCn
-QQjjZreVm7samz+JbKfDg/j8duMwvJb+cxsmRoei0sDtkkAyke2Wjtep6x8KuedW
-Z4vAXuGYLnda/oodNTgai3WxiFkyY56NUqeBvu+JuQhNuixL79IRgHJaZIldcttA
-2niIt7dWLQK+UDO0WqGQNxQtTNNwaB9hZ8POccs5UXwHcxLTEip7BiZGi0s2iBWF
-lD8u4/Fr5sN9qA5rzHIO+0kOY4bkHmBxX7+nSIPTQLecfqWR6CytEbwwZIJJxDh9
-ejlZBH16GRfO7uTi/uIzbIdMYJ2wHE5jM9sB1M8Or4KY7czFn/FRXIKab8rhlxl2
-A5XRJGPqXwQS
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.dpo.uab.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Alabama at Birmingham</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Alabama at Birmingham</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uab.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Landy Manderson</GivenName>
-    <EmailAddress>landy@uab.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>UABIT User Services</GivenName>
-    <EmailAddress>UserServices@uab.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Robert Cloud</GivenName>
-    <EmailAddress>recloud@uab.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://uabgrid.uab.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>vo.uabgrid.uab.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 216, expires on Sat Oct  4 17:39:45 2008 GMT -->
-          <ds:X509Certificate>
-MIIFVDCCBDygAwIBAgICANgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAwNTE3Mzk0NVoXDTA4MTAw
-NDE3Mzk0NVowWDELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI1VuaXZlcnNpdHkgb2Yg
-QWxhYmFtYSBhdCBCaXJtaW5naGFtMRswGQYDVQQDExJ2by51YWJncmlkLnVhYi5l
-ZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJitH7NIm/VTzCmbsfF7KQg
-rZOxli/vQtjZvbXezudmyCgWeul5nBBpKyi/8XYJynRVKkHg4KLb+4mK9algxOs/
-HBXcJarEIp/p+pSeiRaUHB5wwDLewId5NfX8LSGlsyJ0RGFknU8cZ7zCkOI5j2Gr
-qFqT6pqgghXrttM793jTAgMBAAGjggKsMIICqDAOBgNVHQ8BAf8EBAMCBaAwDAYD
-VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O
-BBYEFNeOZXIUBx0nFDPtRQpQKab9iKqyMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wz
-nd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24g
-RmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6
-Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0
-cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1v
-bmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRw
-Oi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Js
-cy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZo
-dHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNl
-cy5wZGYwHQYDVR0RBBYwFIISdm8udWFiZ3JpZC51YWIuZWR1MA0GCSqGSIb3DQEB
-BQUAA4IBAQAjb2HRiPUBHZ2jw2Fxtihmgo59f4NqlCa9wZCfZxkxGojA4jne18Js
-NCIuY3IOVOvL7rvRzn3Im+9miJx106ytl8uwbbfDG5bDXbbAnC/pF0rundBOKePx
-tovUU1SnUXSQ1mYlLHswFShI2md7kMynupBq0pkrGfaIxe2c45aJ38FsfSvdQbfO
-6VywzeH4q+8qSnZeNN946frvonLUZSoo3E0RMw9ikNJFFVbp8y7TZtVIW+na/9j/
-VgaM0CCd+XwtUY2OUC37BpoDAIhXnf+TtL3XNf/odRS9BerzUoQiUwOwRtRD8IoS
-33TZhDdq1t+LAnwRyWZ2tE63jFqXCfJQ
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>vo.uabgrid.uab.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 432, expires on Thu Sep 16 18:25:30 2010 GMT -->
-          <ds:X509Certificate>
-MIIFETCCA/mgAwIBAgICAbAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxNTE4MjUzMFoXDTEwMDkx
-NjE4MjUzMFowHTEbMBkGA1UEAxMSdm8udWFiZ3JpZC51YWIuZWR1MIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQCyYrR+zSJv1U8wpm7HxeykIK2TsZYv70LY2b21
-3s7nZsgoFnrpeZwQaSsov/F2Ccp0VSpB4OCi2/uJivWpYMTrPxwV3CWqxCKf6fqU
-nokWlBwecMAy3sCHeTX1/C0hpbMidERhZJ1PHGe8wpDiOY9hq6hak+qaoIIV67bT
-O/d40wIDAQABo4ICpDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTXjmVyFAcd
-JxQz7UUKUCmm/YiqsjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGy
-BggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJ2
-by51YWJncmlkLnVhYi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAE296xUa3/wHbcL+
-7H5YA/eaOOrxQh2toxrjN9SC+e1Z2lezN2pNtUscwxBvTI1eZ9gmN9DFr0DJ8yXc
-FRk8K33tw2GY0pTisKqwyCqvsvlX5cxJjgEQQPeTYwVIk/d1eYCw+glOW1y6f+qz
-jDcw6KBTU6/wuLa6/gPpq8K5HV9i56GHFDDFJaP5sRV0auY4EWyfNlFUe+zFwHPa
-+XZsvPchVlNnOolCWGsmVSj3T4BaiCvIjxB1sMhsdlbRi6BtX5RBxZhGHA9A7Glh
-2Smf7UanWGX9+Sq8STmj5PjC0wyoAdQSRuvKsgjAZhxd5xLGA/aNMv8F+lXARmSb
-4XIZYAk=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://vo.uabgrid.uab.edu/shibboleth-idp/SSO/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://vo.uabgrid.uab.edu/shibboleth-idp/SSO/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Alabama at Birmingham</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Alabama at Birmingham</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uab.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>John-Paul Robinson</GivenName>
-    <EmailAddress>jpr@uab.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>John-Paul Robinson</GivenName>
-    <EmailAddress>jpr@uab.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Robert Cloud</GivenName>
-    <EmailAddress>recloud@uab.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California-Los Angeles -->
-<EntityDescriptor entityID="urn:mace:incommon:ucla.edu">
-  <IDPSSODescriptor errorURL="https://shb.ais.ucla.edu/shibboleth-idp/WAYFerror" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucla.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shb.ais.ucla.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 349, expires on Fri Jun 11 19:17:02 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAV0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxMDE5MTcwMloXDTEwMDYx
-MTE5MTcwMlowGzEZMBcGA1UEAxMQc2hiLmFpcy51Y2xhLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMkYQurmq6HbVXY42AAdNF1Ooxti7rxZNbps
-6694miK0WYxe7bMwq57A+4dECY5EZicCx5lYMZUljsyfhvGFigc37mLyUJ7uUbmv
-odVAPnepyr2/BG0NbbAItZKrnm3gK7u6igHUSJmfVNtDCbqeQmH1gKFEir9IY8RX
-Q6V5kbVsf9CzlL7NCdV/v46Vmgy7znvpETiVRKs5nUhj4taP7lRid/J6kR26J9i0
-mQMRx93+IJHgbXhlECr9bHDXgJJ/az6RfGRXiUaXKzf6FtKXTnWrubEnti7GxtHO
-/ffm2B7ndsdtmHWmZsHCJOSAs+S4Fb3P8Vm54V5ZwQ447a0IQGMCAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUBKsBMqi4LOXVNXCtAECr9XcC0skw
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghBzaGIuYWlz
-LnVjbGEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQARG1hR6Ghtgv+NaN/joNKOOOqS
-mALHXFWAIYiFqPO4lx2IIwvgrB2A9Q2wHRt+wF8R+z4oev2YbgQyoLzIeAs+b40y
-S4VoBaDKmg6I2anp0SQdUFdFQFj+6SwM0bsVFY5caeTvbCRFjuOjwEoeNc2obzGJ
-fYuhztKbIG7wCBn+q/OLUml6idpOez6dgoU1jCprV0WqM53VPJrc1iwBjI0Fqj4a
-VUQFozc1jyQL6q8nuVrW4kvlub0SOCM90OvEj5Sysy0PuN46ILvjJMHtwyQ6+alY
-Qll7dKbOyF1hv3Zo+mCkDMclMl5KRTWMvy1yJ8Gv/Or6B8TEMNmv84eJS36c
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shb.ais.ucla.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shb.ais.ucla.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucla.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shb.ais.ucla.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 349, expires on Fri Jun 11 19:17:02 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAV0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxMDE5MTcwMloXDTEwMDYx
-MTE5MTcwMlowGzEZMBcGA1UEAxMQc2hiLmFpcy51Y2xhLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMkYQurmq6HbVXY42AAdNF1Ooxti7rxZNbps
-6694miK0WYxe7bMwq57A+4dECY5EZicCx5lYMZUljsyfhvGFigc37mLyUJ7uUbmv
-odVAPnepyr2/BG0NbbAItZKrnm3gK7u6igHUSJmfVNtDCbqeQmH1gKFEir9IY8RX
-Q6V5kbVsf9CzlL7NCdV/v46Vmgy7znvpETiVRKs5nUhj4taP7lRid/J6kR26J9i0
-mQMRx93+IJHgbXhlECr9bHDXgJJ/az6RfGRXiUaXKzf6FtKXTnWrubEnti7GxtHO
-/ffm2B7ndsdtmHWmZsHCJOSAs+S4Fb3P8Vm54V5ZwQ447a0IQGMCAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUBKsBMqi4LOXVNXCtAECr9XcC0skw
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghBzaGIuYWlz
-LnVjbGEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQARG1hR6Ghtgv+NaN/joNKOOOqS
-mALHXFWAIYiFqPO4lx2IIwvgrB2A9Q2wHRt+wF8R+z4oev2YbgQyoLzIeAs+b40y
-S4VoBaDKmg6I2anp0SQdUFdFQFj+6SwM0bsVFY5caeTvbCRFjuOjwEoeNc2obzGJ
-fYuhztKbIG7wCBn+q/OLUml6idpOez6dgoU1jCprV0WqM53VPJrc1iwBjI0Fqj4a
-VUQFozc1jyQL6q8nuVrW4kvlub0SOCM90OvEj5Sysy0PuN46ILvjJMHtwyQ6+alY
-Qll7dKbOyF1hv3Zo+mCkDMclMl5KRTWMvy1yJ8Gv/Or6B8TEMNmv84eJS36c
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shb.ais.ucla.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Albert Wu</GivenName>
-    <EmailAddress>albertwu@ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Datta Mahabalagiri</GivenName>
-    <EmailAddress>datta@ais.ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="http://classes.sscnet.ucla.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>classes.sscnet.ucla.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 411, expires on Sat Aug 21 18:17:38 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAZswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyMDE4MTczOFoXDTEwMDgy
-MTE4MTczOFowIjEgMB4GA1UEAxMXY2xhc3Nlcy5zc2NuZXQudWNsYS5lZHUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIdoPCiA3WkFJ5wbuK4HQ8r9VWhUzck
-N9f2tKiBCxohwhyFjsewcU1aNJcUvVCucLhXIQF/ehEDSNG9UIhJxM+dU2wmJIO9
-yuQtkI6rEA8sHfr7Y36WoYmsnXVNOwkRkCSWDkMSw5G7p9iUFa2fAQ+mYhBSWIPM
-/h4oVZNOu9oRAgMBAAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJZb
-jehOq/1+7z2THM9eSIPG9bHlMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQb
-MBmCF2NsYXNzZXMuc3NjbmV0LnVjbGEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAL
-iMENPiSUbHnigfaCiwbeG2vtlVXcBnStTz/TSWkJVL+CO9AtRzpWHWLSb3haeTeY
-SEyB7qdCbhZ7/1G6Pt1RI3knm9v+RTHSAI0YByZYTlj39VW2F35exkxlj9aZ4jaO
-8CIh/uNBpE2X1rvERU38OkbPTTcR0ts8byctIOLPbuBGt8oaCDtxNIFe3Q2yjOju
-4ZEJvpcoyyd3yEzrZmQMaRpwUl3DV/KEuWoKtjIlj0TEft1E1oiGtNiiQgy27fUH
-Hml1mLevvPLUHXFSPm8aH7ZrpwmpcMJ9ReY/KDEY/nvk8VYGf5VdXJ8Y4f4HzHzv
-K8igxwQP7J2ADWMbW+Dp
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://classes.sscnet.ucla.edu/shibboleth.sso/SAML/POST " index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://classes.sscnet.ucla.edu/shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Caroline Tam</GivenName>
-    <EmailAddress>caroline@ssc.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Mike Franks</GivenName>
-    <EmailAddress>franks@ssc.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>SSC Help Desk</GivenName>
-    <EmailAddress>help@ssc.ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="http://collab.sscnet.ucla.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>collab.sscnet.ucla.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 412, expires on Sat Aug 21 18:17:40 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAZwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyMDE4MTc0MFoXDTEwMDgy
-MTE4MTc0MFowITEfMB0GA1UEAxMWY29sbGFiLnNzY25ldC51Y2xhLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0IDQcoShZkWynJQhfNvsL/ScTjr5ceZd
-g2gcZGVJJtm1V2B23QNVDzTkCFkssTdAz9aj905FcuAY2u2spQFtN4steXcxJdgJ
-nAf7UZL14Vojcu2EUcmpcVOSRvmVi0dC90D3csW75KGiA5bSHBBiHt5uJaS7m4sZ
-NNJfUGW32XMCAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUEFxG
-MQyK8RPylPhOnbPpP9VOuX4wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWY29sbGFiLnNzY25ldC51Y2xhLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAFiXk
-LtCE2JqX5EIPD4mGGk4jRu83M47ONqtnr9eOuMwJ5RdP/57BBNnllCXCSvsmzkwA
-MxmfY/Iz20+u1SAUXRq8PLSDco9aOMWsI4Bo0KA7mAh3Qdlu5mKEJ9ZU7dVwS030
-mnAREqZ1R7rStnAvF5WFILZfZEbVnOuJo/lOvAJrrm8kakZiLOnuBdA7cLoTg/KH
-7+vNMM6KeXtB6fBYXrmMPC7h7Ee2L7FXzqK/IdvQf/iSIccosyZG+uohK314+7HP
-lH+15Z51Y7NNwyyUQbOaRsYWrNv5hP0Um+g8gXahSv26M5LJpFJwkp6GHaSjFydc
-2V7JOD1KDvsqi4u9Dg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://collab.sscnet.ucla.edu/shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://collab.sscnet.ucla.edu/shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Caroline Tam</GivenName>
-    <EmailAddress>caroline@ssc.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Mike Franks</GivenName>
-    <EmailAddress>franks@ssc.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>SSC Help Desk</GivenName>
-    <EmailAddress>help@ssc.ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="http://research.ucgrid.org/incommon">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>research.ucgrid.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 314, expires on Mon May 10 18:39:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICATowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUwOTE4MzkwNloXDTEwMDUx
-MDE4MzkwNlowHjEcMBoGA1UEAxMTcmVzZWFyY2gudWNncmlkLm9yZzCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA5wngAb67nOiiG7sQX+quwOhbbgpDn+/88qYW
-5Y7gwmYRGIkC0uWge/g9OFPhfTSIhEwQdUZE7dAxlsONJdFr3I2a3S3Ii3cd/yWF
-cqaFlDNA86XXdR3gNaJc2aq/W1aDRATsz7nu2EIm9MivOcF13swlc0qWvZ7bwDQN
-5n6hdNECAwEAAaOCAq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU1HxYnPEx
-V/RhIM+x+QSyUWO7X+UwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-ugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNV
-HREEFzAVghNyZXNlYXJjaC51Y2dyaWQub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAH
-hVl3G5p4E6vfReAoxIzK9QKf/ty2VOTOPqTS+HEJGm9klpyyq1bbGIVIrpphf79/
-40PBM/KH1va/ujugwKce8VkKIBpLZtVLu5rpFaVp5PDhDB9mh1QgztVquU96qDnD
-94waIX2e2OrtsaJropwvxWJP9YuQNQqkK1+nG88yzG46K3CsoenPj7IFbTyICYw7
-N1yVWD11N2VHwZPynEZnA2ZWZ2AbAVs/XiEnnQgZh1wuIvOx7s9hmrEzI0tux7/U
-AZ40qTGyqhVhUTeBoM8CVQfN8stvD+3bTqMw/rL5OB0wGZBnNEoOGoyiHP+Rgyb0
-3zsU5A3eGcx88v5oAVGY
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://research.ucgrid.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Kejian Jin</GivenName>
-    <EmailAddress>kjin@ats.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Kejian Jin</GivenName>
-    <EmailAddress>kjin@ats.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>UC Grid Team</GivenName>
-    <EmailAddress>atshpc@ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://spaces.ais.ucla.edu/incommon">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>spaces.ais.ucla.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 254, expires on Mon Feb  1 21:16:33 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAP4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIwMTIxMTYzM1oXDTEwMDIw
-MTIxMTYzM1owHjEcMBoGA1UEAxMTc3BhY2VzLmFpcy51Y2xhLmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYkBX8bv0dJaZnxafG4UnZc5CeUYnqi
-FiVr6mrsf8dEWZfPS2MpzBMLR0eOlVAMirSfAHpQEc+hMyHgVPtGz5QlMCbnIkap
-aq08URF+szYiEt0WSBqTEA1zB1mM0yWd4ywrdcQ3PXgEAyEncHX/LYvd15Redoel
-hbve9TrdvRoCJDhHzbAMlCY4b+msTuovJ/o0wv3SQe9YuYHjH2uYN2NnvAmK2lWd
-UZGb+f8PbAwGGMGqkhzt+j9PbTCedqwySNZYYMqH8n2CqdYeVMLWP7gyG8McP65b
-JMDU05ls/SLWNbgPuxwAHTNDrlueY+weYeHhT4aB9NytNWNNrWQhw8MCAwEAAaOC
-Aq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUjZcKNg9jla3CpHNpQOtGgcak
-LzEwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEE
-ga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElz
-c3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNVHREEFzAVghNzcGFj
-ZXMuYWlzLnVjbGEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQB7iv/3clngGoHuFU+i
-TKy4+Dv8Bp8ikDtH+KqeywBSHROd5BzPQJ6/8BMvb/mg2bdOKTVtVmZk4x6r+6Cn
-cUDzcyl2wKmPD+K8AyzQDxG7Nd4nITeP/qggKj/OdXdAIr+8ThgLZFuRAAPYF1uT
-1HUT4wa/y/zzYH2JHxk0InXELpdtolc7rdCA3Zlo4PhkswzkaNWZI2jX9izB7b4s
-/zDjHyXB/d+6iHIwQELB6TZUwC1FWqtdaDaLxSLeTc9JWxhRb72b++v0R7lVuU7y
-zSdtuFCeNVYsMGwpTw1dDM/D9hcOfIuKh0iJKK9oKGtC7cys0j1pnujvhTgKfNUD
-464a
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://spaces.ais.ucla.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Albert Wu</GivenName>
-    <EmailAddress>albertwu@ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Warren Leung</GivenName>
-    <EmailAddress>wleung@ais.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Carl Uebelhart</GivenName>
-    <EmailAddress>cuebelhart@ais.ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://whoa.mi.ais.ucla.edu/incommon">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>whoa.mi.ais.ucla.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 191, expires on Sat Aug  2 14:14:27 2008 GMT -->
-          <ds:X509Certificate>
-MIIFvTCCBKWgAwIBAgICAL8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgwMzE0MTQyN1oXDTA4MDgw
-MjE0MTQyN1owOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBFVDTEExHTAbBgNVBAMT
-FHdob2EubWkuYWlzLnVjbGEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAwEW6N2h1EjBNOOUQpHfNQclRDHyVLuBiy0Zhk6k8O/d4MvjqVpl+HDKT
-rDQJm8w7BACsdSOdvi0+HTVucB9Xi4qmAwrMjlyC7EUTIg9+nWotTYvmFKBY8e6t
-hTVpY/bxoPc4YqVwqnEL/oK8FJCvIglTN/nRIJHZXEVZAscq7gvs9XJh5Fgy44Mh
-PjizQoyngTblY2obWQe50qDLyvagCDJfkaoTVoVqnYc2MbtAq56btUhERNdJ6jYh
-GrTBET7p62xt6oHFJ1p8tstO20gCuAtjleuQg3Jt1bAEE1e33SDj0S/3GYmQWc4l
-8Rp7J4c/rEWwO6EO7mDCVCOKt/HanQIDAQABo4ICrjCCAqowDgYDVR0PAQH/BAQD
-AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MB0GA1UdDgQWBBQ0NzJoUiMSRgaPSa72Q73N/0wBhDB+BgNVHSMEdzB1gBSTLchh
-GK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0lu
-Q29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKG
-gZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8v
-aW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEF
-BQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9w
-cmFjdGljZXMucGRmMB8GA1UdEQQYMBaCFHdob2EubWkuYWlzLnVjbGEuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQBRTEqOWucLR8zF5lSWDDnz/EGPjGmjAfroLXGKyefY
-bNsdWQYIUBFvb3klf/c3LGNs1c8Ce5lsSqW/HF9itAYmEW0DVwAmva11soKEM4cr
-mDPcXTxzWsOPiECu6FTpWU3C8+jGlDpsCZdW62OYujgWBXJw2zHsz8mo3ciLcP09
-xyr0Y5ZIkAaYDu8XCIGS9DGQRgMYRR5+/cxNWhOujNmxD73nlyKGJWEL1tLjIY/I
-RzeCz+zy6cwu2zAmM6Ngn8BvbPPTIy2u2tWuRmi+1DsoqegmVgWpoFsftsnfznq4
-0rspq7Nl/2UAaVwqsLE/mSaNVUx3a3idz+aW6MIussmO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://whoa.mi.ais.ucla.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Albert Wu</GivenName>
-    <EmailAddress>albertwu@ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Carl Uebelhart</GivenName>
-    <EmailAddress>cuebelhart@ais.ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Datta Mahabalagiri</GivenName>
-    <EmailAddress>datta@ais.ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.tools.ucla.net/shibboleth/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.tools.ucla.net</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 315, expires on Mon May 10 18:39:08 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICATswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUwOTE4MzkwOFoXDTEwMDUx
-MDE4MzkwOFowHTEbMBkGA1UEAxMSd3d3LnRvb2xzLnVjbGEubmV0MIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDyJLy2WOMT0UvE4A5j4OMS1ERuVZGtZAHuJLz+
-pHpKAPyug0QJsHDeD6NkXXHzrITJzvm3BSOGW4nL3pLFCCHwGYXrrFBKwMO0G3tx
-+BOAdMMW4l9zZQ50LvX1EIoqWOv/DBMoaiNhAX6sLSqeNPxy0W7j+TyNABf2F85Y
-73mQEwIDAQABo4ICrDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ41XG3stdy
-6lRg92bTDPVftsdQKzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1Ud
-EQQWMBSCEnd3dy50b29scy51Y2xhLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEACz3z
-yvnbAIM3FjxFea0g1BjQib+//IIWUpI6CaRj3/88EvlAr/WLGYm/eHzXQzY8HDPI
-ezAOrHaRiLqH5yvGG92DLKyaJsfLYruXmLJ1gYN7C0FFA4naAd4SecSt2QkZhAAE
-rFBipYfbt7iSU6ac+4B5wqBm9moJcUASJoPMNmZwQlpYrgxO9KfR3GjWSzkB3dQR
-30uD86Ho8veW8eQSIEl1uQzM5K7DbplUruDWN6tpyEy4gxibgJ21GYhKpMtrJKhO
-hlX9WsL+9WVU5pP2wcx5GusdZdZCS6vF0JJhVxIVNdZVHXjJQbzZzOQnCtjPbD+K
-dILaFuB8HpoCTn9m/A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.tools.ucla.net/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Michael Van Norman</GivenName>
-    <EmailAddress>mvn@ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Michael Van Norman</GivenName>
-    <EmailAddress>mvn@ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Help Desk</GivenName>
-    <EmailAddress>noc@ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.ucla.net/shibboleth/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.ucla.net</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 296, expires on Mon Apr  5 15:09:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICASgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwNDE1MDkyM1oXDTEwMDQw
-NTE1MDkyM1owFzEVMBMGA1UEAxMMd3d3LnVjbGEubmV0MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC1gTjxkSAsuadYGbWKk3jZ3Vpwpre8tL3xOcgltmCHs5st
-pmHxnFu124lxR0r3nMKYAyF2byY5c1YiGWTFpEAwk4A0OOJFarcvmxjJF0J4jofW
-Qvvh5JtJDab/BvPVxIVWg7F0UalBh2Sk7IQ3VuyyhJtYe+wBOokvTenJuKOyvQID
-AQABo4ICpjCCAqIwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQFePM0wYzaKK1k/iXY
-FvUa344f4jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEF
-BQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJ
-Q0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUw
-gYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUw
-UwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2Eu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBcGA1UdEQQQMA6C
-DHd3dy51Y2xhLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAtWeJyrmlfGDbmzikR2Sy
-5OsB3sSltvLF05aLveo9FgCrGufClQhH7Nhzz5Wh3vpzeMVoxZTe4696HSpBVSJe
-SoNCgWJp2j9tH+NsXcAckXAS8/F3i4SzwWafgPtXp041iNW+zUDfYOssMHUcVdG7
-uGUC36ynR4jGpt8pTfX/CdkK8hT+GuFumYipH8q5SoEq7hvsrGAEcYtDKaWWupzf
-nDW1t/CCBVssIg7roO7V8kPTf+U09AXCLk2W4fsXLpaiyavr3cRPGjLPN0zu4KsY
-9Ai+2Jse9VjK0LBhPlASmBAmFfvmDCO2zWZtz8IlB59bvNUcjAjosQB3j1oUJG3h
-eA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.ucla.net/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Michael Van Norman</GivenName>
-    <EmailAddress>mvn@ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Michael Van Norman</GivenName>
-    <EmailAddress>mvn@ucla.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>UCLA Network Operations Center</GivenName>
-    <EmailAddress>noc@ucla.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Rochester -->
-<EntityDescriptor entityID="urn:mace:incommon:rochester.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">rochester.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.its.rochester.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 84, expires on Tue Jul 10 13:12:18 2007 GMT -->
-          <ds:X509Certificate>
-MIIFCzCCA/OgAwIBAgIBVDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwNzEwMTMxMjE4WhcNMDcwNzEw
-MTMxMjE4WjBQMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBS
-b2NoZXN0ZXIxHzAdBgNVBAMTFnNoaWIuaXRzLnJvY2hlc3Rlci5lZHUwXDANBgkq
-hkiG9w0BAQEFAANLADBIAkEAzHgCFKTtEZNTCfS00QXeLyLLAs/boWMG8KoJxEx5
-VZMTC0Uy7XK6gG5qDlkx+aFAy+82ngAwCAWxpiacb07CwQIDAQABo4ICsDCCAqww
-DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSJPzddSlw19Kzg+RuTOwR4y+V9WzB+BgNV
-HSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCB
-pwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAt
-IFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9i
-cmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0
-dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVj
-cmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEE
-AQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCEGA1UdEQQaMBiCFnNoaWIuaXRzLnJv
-Y2hlc3Rlci5lZHUwDQYJKoZIhvcNAQEFBQADggEBAF1LQgTiOgEgX19a3/jhLvhF
-wvkMKswH3i+NzKiVdiBa5QcnVazHaCwnqMyRxu/jQ85l7qHNE4OroBaF8SShsTVx
-zpUij0URu5G3hGE5ycVNbaVjvmR4/rcOg9sL4txnpcfa2Xv85ScWmaqp1Zv+gHPp
-SOdjCgkIsq9/J8aGITCXOhSYsZdpxiyrqrDEVcgIEkTFTvzDDzcBkYIl0hpF1Wm8
-f2ABpCA9Cpz5NDrCaflSBVvYAEfWUILsQ4VCa1ZrqBt3tzMsWovhsL1mGfu5Jtt/
-MKcOcZSpMBjUSv8pMS9s4Mnp7Isymmr1F8yrlWJfiXDWV1bzw+Zv/OuzpprR97M=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.its.rochester.edu/shibboleth/HS"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">rochester.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.its.rochester.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 84, expires on Tue Jul 10 13:12:18 2007 GMT -->
-          <ds:X509Certificate>
-MIIFCzCCA/OgAwIBAgIBVDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwNzEwMTMxMjE4WhcNMDcwNzEw
-MTMxMjE4WjBQMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBS
-b2NoZXN0ZXIxHzAdBgNVBAMTFnNoaWIuaXRzLnJvY2hlc3Rlci5lZHUwXDANBgkq
-hkiG9w0BAQEFAANLADBIAkEAzHgCFKTtEZNTCfS00QXeLyLLAs/boWMG8KoJxEx5
-VZMTC0Uy7XK6gG5qDlkx+aFAy+82ngAwCAWxpiacb07CwQIDAQABo4ICsDCCAqww
-DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSJPzddSlw19Kzg+RuTOwR4y+V9WzB+BgNV
-HSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCB
-pwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAt
-IFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9i
-cmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0
-dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVj
-cmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEE
-AQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCEGA1UdEQQaMBiCFnNoaWIuaXRzLnJv
-Y2hlc3Rlci5lZHUwDQYJKoZIhvcNAQEFBQADggEBAF1LQgTiOgEgX19a3/jhLvhF
-wvkMKswH3i+NzKiVdiBa5QcnVazHaCwnqMyRxu/jQ85l7qHNE4OroBaF8SShsTVx
-zpUij0URu5G3hGE5ycVNbaVjvmR4/rcOg9sL4txnpcfa2Xv85ScWmaqp1Zv+gHPp
-SOdjCgkIsq9/J8aGITCXOhSYsZdpxiyrqrDEVcgIEkTFTvzDDzcBkYIl0hpF1Wm8
-f2ABpCA9Cpz5NDrCaflSBVvYAEfWUILsQ4VCa1ZrqBt3tzMsWovhsL1mGfu5Jtt/
-MKcOcZSpMBjUSv8pMS9s4Mnp7Isymmr1F8yrlWJfiXDWV1bzw+Zv/OuzpprR97M=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.its.rochester.edu/shibboleth/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Rochester</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Rochester</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.rochester.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Charles Yanaitis</GivenName>
-    <EmailAddress>charles.yanaitis@rochester.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Sean Singh</GivenName>
-    <EmailAddress>sean.singh@rochester.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Sean Singh</GivenName>
-    <EmailAddress>sean.singh@rochester.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California, Riverside -->
-<EntityDescriptor entityID="urn:mace:incommon:ucr.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucr.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucr.edu</ds:KeyName>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucr.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 220, expires on Thu Oct 30 20:58:09 2008 GMT -->
-          <ds:X509Certificate>
-MIIF1zCCBL+gAwIBAgICANwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAzMTIwNTgwOVoXDTA4MTAz
-MDIwNTgwOVowVzELMAkGA1UEBhMCVVMxKzApBgNVBAoTIlVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYS1SaXZlcnNpZGUxGzAZBgNVBAMTEnNoaWJib2xldGgudWNyLmVk
-dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALK8YCXNZ9JU8GCIfhNY
-JIOV2o6OqPdqfkUNrhFXYokkmR3r9/hkw7FizSqq8ojvyL/n8D03tIudNBsDsz7X
-J3SE0M/hK4INDpD5qH7kax9CEZoKdyiMrrIyDDzcdGNG99XO+2me24CYQJBUHvdl
-jytqMiFuf29x/lyLjJFd4OoapZRlfDL8PgKZdjkbis+mvcCUARpgTFaY68iWwOuc
-RIisVQx6QHvMorqfqJcvfW7a3Ta19nho8uKbB/BSjZ1Cp8ntK4z0qTUZMUCrY1sA
-wkOFEI2z1mWVNfEgBpEfNrxqWWP8jLkbQFCTNyP6GrWEQSnorDPftg7qMfTOmbyC
-HkUCAwEAAaOCAqwwggKoMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUdBdr9xbDpybh
-58J/mSI5cs0bFiswfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREE
-FjAUghJzaGliYm9sZXRoLnVjci5lZHUwDQYJKoZIhvcNAQEFBQADggEBAE603Wiq
-Gj7gmiIQwdc0pPGUnIUBe2fbYFZJxFEb6Kz4KvWbK6T0tfB6jLjkvHIGgxLl1QAo
-g6bfEqCJ758J4R9ii1N72d2aLq2EMUpNmgEEJe/wORSikEA7fbHfW5zfxPgSvkZK
-XBTOApeOHyEeZJNC50/ntZpLJjfwRp2amMUVxUeVgkGJHTxkMw5VbLlELjHMW02B
-uzNRc6klcFcrP07gOu0zdwE07+OI7i+wE0Qls+ysXcCGC+jZJrkbEkTY18jjLvo9
-wB4mCO1FqOShVABtLQhLpu+imnH2SHGgjViOP/XHfPNymFMOhNDgU9j1qVFDjPzg
-oKfFUuXOmS1G2Ew=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.ucr.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.ucr.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucr.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucr.edu</ds:KeyName>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucr.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 220, expires on Thu Oct 30 20:58:09 2008 GMT -->
-          <ds:X509Certificate>
-MIIF1zCCBL+gAwIBAgICANwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAzMTIwNTgwOVoXDTA4MTAz
-MDIwNTgwOVowVzELMAkGA1UEBhMCVVMxKzApBgNVBAoTIlVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYS1SaXZlcnNpZGUxGzAZBgNVBAMTEnNoaWJib2xldGgudWNyLmVk
-dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALK8YCXNZ9JU8GCIfhNY
-JIOV2o6OqPdqfkUNrhFXYokkmR3r9/hkw7FizSqq8ojvyL/n8D03tIudNBsDsz7X
-J3SE0M/hK4INDpD5qH7kax9CEZoKdyiMrrIyDDzcdGNG99XO+2me24CYQJBUHvdl
-jytqMiFuf29x/lyLjJFd4OoapZRlfDL8PgKZdjkbis+mvcCUARpgTFaY68iWwOuc
-RIisVQx6QHvMorqfqJcvfW7a3Ta19nho8uKbB/BSjZ1Cp8ntK4z0qTUZMUCrY1sA
-wkOFEI2z1mWVNfEgBpEfNrxqWWP8jLkbQFCTNyP6GrWEQSnorDPftg7qMfTOmbyC
-HkUCAwEAAaOCAqwwggKoMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUdBdr9xbDpybh
-58J/mSI5cs0bFiswfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREE
-FjAUghJzaGliYm9sZXRoLnVjci5lZHUwDQYJKoZIhvcNAQEFBQADggEBAE603Wiq
-Gj7gmiIQwdc0pPGUnIUBe2fbYFZJxFEb6Kz4KvWbK6T0tfB6jLjkvHIGgxLl1QAo
-g6bfEqCJ758J4R9ii1N72d2aLq2EMUpNmgEEJe/wORSikEA7fbHfW5zfxPgSvkZK
-XBTOApeOHyEeZJNC50/ntZpLJjfwRp2amMUVxUeVgkGJHTxkMw5VbLlELjHMW02B
-uzNRc6klcFcrP07gOu0zdwE07+OI7i+wE0Qls+ysXcCGC+jZJrkbEkTY18jjLvo9
-wB4mCO1FqOShVABtLQhLpu+imnH2SHGgjViOP/XHfPNymFMOhNDgU9j1qVFDjPzg
-oKfFUuXOmS1G2Ew=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.ucr.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Riverside</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Riverside</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucr.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Russ Harvey</GivenName>
-    <EmailAddress>russ.harvey@ucr.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Mike Kennedy</GivenName>
-    <EmailAddress>mikek@ucr.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Steve Hock</GivenName>
-    <EmailAddress>shock@ucr.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- New York University -->
-<EntityDescriptor entityID="urn:mace:incommon:nyu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nyu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.nyu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 124, expires on Wed Jan 16 23:23:03 2008 GMT -->
-          <ds:X509Certificate>
-MIIGTTCCBTWgAwIBAgIBfDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcwMTE2MjMyMzAzWhcNMDgwMTE2
-MjMyMzAzWjA4MQswCQYDVQQGEwJVUzEMMAoGA1UEChMDTllVMRswGQYDVQQDExJz
-aGliYm9sZXRoLm55dS5lZHUwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11
-EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzX
-gTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7D
-AjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc
-9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEH
-EIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7
-YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA5GK+
-eV3YuyfbTeJXnqV4jT+Ocz7XCL4TmeYApcuA/tG7vRRKl2Oyo93VCe7GxwOAFyp2
-ajqxdzB/yB/Mcz80GELz/UE6vkA9CW315gHQ+zWImUbPxdp5vfoe1wZ7WmXDRN5+
-4SDptlKBPsZBatAJhBjJOkWL/z09dyRdg+YYXcGjggKsMIICqDAOBgNVHQ8BAf8E
-BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwHQYDVR0OBBYEFInR3E2yLHtThH/xcXn8RjPAFno4MH4GA1UdIwR3MHWAFJMt
-yGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT
-SW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcw
-AoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6
-Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0
-cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsG
-AQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L3ByYWN0aWNlcy5wZGYwHQYDVR0RBBYwFIISc2hpYmJvbGV0aC5ueXUuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQCtTu3zFQro8ocJP9jfnJe7LQwvC+8W0n/AxJnkoadA
-WXvL6sWU/FoTg48ppe6A4LFmZ8SZIq/7Neo6SfvUkhT+O9mArnjZJ6XAu/cH0fD/
-KBAkUhkEQlltSy1PT2Apor/ti20IV6ycXJPc4AVBh7X/mKpZ646CWnHvoiPUqPAi
-zjxkx0TmosaL+2IVA8/Vd2FXp+cJLJgoXMSDeTs2nfj90+hNE5GE9shRf6lJlpdV
-4nVc74u6E0RwoCe/76Uruk9VzciLSiJwEj/kuFPfg93s1K5w1xyslmtdxYd6HbEx
-NGqVSO5aqZjOpoF5O/Kp39NX1iv08yjLUGus10UlK5Bx
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.nyu.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nyu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.nyu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 124, expires on Wed Jan 16 23:23:03 2008 GMT -->
-          <ds:X509Certificate>
-MIIGTTCCBTWgAwIBAgIBfDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcwMTE2MjMyMzAzWhcNMDgwMTE2
-MjMyMzAzWjA4MQswCQYDVQQGEwJVUzEMMAoGA1UEChMDTllVMRswGQYDVQQDExJz
-aGliYm9sZXRoLm55dS5lZHUwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11
-EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzX
-gTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7D
-AjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc
-9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEH
-EIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7
-YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA5GK+
-eV3YuyfbTeJXnqV4jT+Ocz7XCL4TmeYApcuA/tG7vRRKl2Oyo93VCe7GxwOAFyp2
-ajqxdzB/yB/Mcz80GELz/UE6vkA9CW315gHQ+zWImUbPxdp5vfoe1wZ7WmXDRN5+
-4SDptlKBPsZBatAJhBjJOkWL/z09dyRdg+YYXcGjggKsMIICqDAOBgNVHQ8BAf8E
-BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwHQYDVR0OBBYEFInR3E2yLHtThH/xcXn8RjPAFno4MH4GA1UdIwR3MHWAFJMt
-yGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT
-SW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcw
-AoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6
-Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0
-cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsG
-AQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L3ByYWN0aWNlcy5wZGYwHQYDVR0RBBYwFIISc2hpYmJvbGV0aC5ueXUuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQCtTu3zFQro8ocJP9jfnJe7LQwvC+8W0n/AxJnkoadA
-WXvL6sWU/FoTg48ppe6A4LFmZ8SZIq/7Neo6SfvUkhT+O9mArnjZJ6XAu/cH0fD/
-KBAkUhkEQlltSy1PT2Apor/ti20IV6ycXJPc4AVBh7X/mKpZ646CWnHvoiPUqPAi
-zjxkx0TmosaL+2IVA8/Vd2FXp+cJLJgoXMSDeTs2nfj90+hNE5GE9shRf6lJlpdV
-4nVc74u6E0RwoCe/76Uruk9VzciLSiJwEj/kuFPfg93s1K5w1xyslmtdxYd6HbEx
-NGqVSO5aqZjOpoF5O/Kp39NX1iv08yjLUGus10UlK5Bx
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.nyu.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">New York University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">New York University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.nyu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Alison Kraskey</GivenName>
-    <EmailAddress>alison.kraskey@nyu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gary Chapman</GivenName>
-    <EmailAddress>gary.chapman@nyu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Michael Losapio</GivenName>
-    <EmailAddress>michael.losapio@nyu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="http://dram.nyu.edu/dram">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>dram.nyu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 128, expires on Sat Jan 26 15:38:16 2008 GMT -->
-          <ds:X509Certificate>
-MIIFrDCCBJSgAwIBAgICAIAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDEyNjE1MzgxNloXDTA4MDEy
-NjE1MzgxNlowMjELMAkGA1UEBhMCVVMxDDAKBgNVBAoTA05ZVTEVMBMGA1UEAxMM
-ZHJhbS5ueXUuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxySx
-tAOKfuAIUcRQUVoEZM3QiKrHoNWjyaL+o3pJCsDLcUhaco5HaewGrgD8HC/mNE9P
-lT58o98zL0jEwgRiKhIAaslXxMEjfXcy9rbVh7yhPzAs/siUau0t+aUcGheuJpnW
-PW4u1NIsVGOVpWutzH1SUJVW6GmXAWzQs/6Kv6aCqkDVTiZB7HHZSZgO7pbdBUHQ
-EUp79U/dioY2HvKdnlvwUdgcouwP1UJcNvbzvm4CT2rwVYAMsfEb/WVs3k8C9jcn
-+RLtURvsleMqbdK1RehcIVRir4P94myaIj3AaOHGi81kLymvgIK6bNsGmV+I5qJg
-HoiV0Q07BPJRTDbMLQIDAQABo4ICpjCCAqIwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBRp9Wzq5xVanTfrV1yghBlnTuZECDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8v
-aW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25j
-YTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0
-cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMu
-cGRmMBcGA1UdEQQQMA6CDGRyYW0ubnl1LmVkdTANBgkqhkiG9w0BAQUFAAOCAQEA
-sOesEs7X4aw5M40bVZ41uPn7IsR4f+My1Q+b6WyNeUmbXsOpq9By/Q8OmBjoFxdj
-119af8/Z6sP4L56CrzRYcTEpTYQeJYxahHm/wyBhlBbHGVQQ74QKiKFleWnkbFYK
-gSucnhuG0SkTMn6NOdPuMyGsOWU2+s9MK+ZJtXXm1UmrGy0Jv5JqDkanU+MsAYSV
-uDP5c02UbPiqnUvQZA5WZ82OUenLfQ4dP0oUjVTaU+44J3ABsnssEnmnbbzRgpix
-5gx/3ma9hCc4ZIFkc3IndySD7f7mqDakTIamdDx+d/eITsaOD+hffYbK8DYdmzjc
-fTA88yq6vVJ68HKssSuaCw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://dram.nyu.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">New York University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">New York University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.nyu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Thomas Cunningham</GivenName>
-    <EmailAddress>tom@nyu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Rick Ochoa</GivenName>
-    <EmailAddress>rick@nyu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gary Chapman</GivenName>
-    <EmailAddress>gary.chapman@nyu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Dartmouth College -->
-<EntityDescriptor entityID="urn:mace:incommon:dartmouth.edu">
-  <IDPSSODescriptor errorURL="http://login.dartmouth.edu/shibboleth/error.shtml" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">dartmouth.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.dartmouth.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 420, expires on Sun Aug 29 18:07:35 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAaQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyODE4MDczNVoXDTEwMDgy
-OTE4MDczNVowHjEcMBoGA1UEAxMTbG9naW4uZGFydG1vdXRoLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAsK4+1DskfBEFdKXU1b8hMnb3R3UjVVo8P9zB
-Y6+ReSCYQMTm4k3CXf/X4/fZ4DD6E/AE/SEX32ODo3LcsWZJwsOJzHK8xpnr5vyc
-lqyQlaDA2wf7GQczlEkWuWhWZG40ucOnqGzZRnzCPlsMwQEyoUj1XN7zYTIWf2LQ
-rZgoVYcCAwEAAaOCAqUwggKhMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUBEM0Yzwp
-FP/ecu6v1NLMnW5s2NgwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-sgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYIT
-bG9naW4uZGFydG1vdXRoLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAEgWNWLW6GrPI
-SocOFjWXIfNfComSoceSPJUEnE+xttmf5egMjv2ArCgMR92xGV2trIYcVSW0iX7g
-Lw73Y9UBs5Gw4PhAL/hBkoASmh7hWKjnjdSfte4dn9RSTXJao9G2MMpfeJBiy+eQ
-bdoOGeKQ/O5yT+C4hr92JRopIGheDQiNOC6lwVcyufCNIZua8VUIIdwdfBTXUgrg
-aq/0YiAzxM1ntmU4YW7lMIyXay/Y/icUVlRl6oo9wzlJRRrtVMH8eXsfxKlbiQXa
-Ywop7aYzfxblCHXXofZu5ccbrA8oOrm1In4Aqu0QDV/QuHq47uaxF3xiO35q5+nA
-CLWVhTQGVQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.dartmouth.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://login.dartmouth.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">dartmouth.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.dartmouth.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 420, expires on Sun Aug 29 18:07:35 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAaQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyODE4MDczNVoXDTEwMDgy
-OTE4MDczNVowHjEcMBoGA1UEAxMTbG9naW4uZGFydG1vdXRoLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAsK4+1DskfBEFdKXU1b8hMnb3R3UjVVo8P9zB
-Y6+ReSCYQMTm4k3CXf/X4/fZ4DD6E/AE/SEX32ODo3LcsWZJwsOJzHK8xpnr5vyc
-lqyQlaDA2wf7GQczlEkWuWhWZG40ucOnqGzZRnzCPlsMwQEyoUj1XN7zYTIWf2LQ
-rZgoVYcCAwEAAaOCAqUwggKhMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUBEM0Yzwp
-FP/ecu6v1NLMnW5s2NgwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-sgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYIT
-bG9naW4uZGFydG1vdXRoLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAEgWNWLW6GrPI
-SocOFjWXIfNfComSoceSPJUEnE+xttmf5egMjv2ArCgMR92xGV2trIYcVSW0iX7g
-Lw73Y9UBs5Gw4PhAL/hBkoASmh7hWKjnjdSfte4dn9RSTXJao9G2MMpfeJBiy+eQ
-bdoOGeKQ/O5yT+C4hr92JRopIGheDQiNOC6lwVcyufCNIZua8VUIIdwdfBTXUgrg
-aq/0YiAzxM1ntmU4YW7lMIyXay/Y/icUVlRl6oo9wzlJRRrtVMH8eXsfxKlbiQXa
-Ywop7aYzfxblCHXXofZu5ccbrA8oOrm1In4Aqu0QDV/QuHq47uaxF3xiO35q5+nA
-CLWVhTQGVQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.dartmouth.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Dartmouth College</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Dartmouth College</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.dartmouth.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Eric Bivona</GivenName>
-    <EmailAddress>Eric.J.Bivona@dartmouth.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>David Gelhar</GivenName>
-    <EmailAddress>David.E.Gelhar@dartmouth.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>David Gelhar</GivenName>
-    <EmailAddress>David.E.Gelhar@dartmouth.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Sean McNamara</GivenName>
-    <EmailAddress>Sean.R.McNamara@dartmouth.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California, Merced -->
-<EntityDescriptor entityID="urn:mace:incommon:ucmerced.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucmerced.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.ucmerced.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 264, expires on Fri Feb 19 21:12:25 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICAQgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIxOTIxMTIyNVoXDTEwMDIx
-OTIxMTIyNVowHDEaMBgGA1UEAxMRc2hpYi51Y21lcmNlZC5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAK+1zqQR1K+OwplBSS23f/xrl/ut8OqQWj+eObsX
-b1XFxAM+QfI5GvalEp4dZ8JggyAVFJJLkavJD/7014ENLmt0Y4SU0rVoUv/V08s+
-nHZLmLKL1lCLzCfeMOapcVKh+CzxvN/o61VdrKYkuIq+KbZY5AFBGcF3ma4BoSXt
-F1I5AgMBAAGjggKrMIICpzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFKokkF8r2K7l
-Ik4PzxZjD75n+TUHMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboG
-CCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0R
-BBUwE4IRc2hpYi51Y21lcmNlZC5lZHUwDQYJKoZIhvcNAQEFBQADggEBAF4pIerA
-OHNqLTp33YwBBdcwHUVingAMyvmxKJJmz8YenbaOaL4NtqofJHPB5G4ShaGUW5F+
-y247xUW9CQ8gXCSxO3KSkF+u+VKde86UrmFIyK67A0AxYRuGKKsotF8vngl19Bq5
-EbYbomDA48uuIaC8qK8bBBg99TwgqjE6ngkJuHisaY986sby9R7m2+kBqdFk6g+W
-t1givG65nDln0Lcnb19DXRDPEM28H56U1IqKuC82rl/E+vdw0W4T7IeTAnDBSy7l
-OhvX73biE+9ErXzxGFrCUaAE6P09Bhg/kZjv4HTvr6MDKnfpzYatTv7A6yhkJ8h9
-r5UEVmti4DxjcoE=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.ucmerced.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.ucmerced.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucmerced.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.ucmerced.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 264, expires on Fri Feb 19 21:12:25 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICAQgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIxOTIxMTIyNVoXDTEwMDIx
-OTIxMTIyNVowHDEaMBgGA1UEAxMRc2hpYi51Y21lcmNlZC5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAK+1zqQR1K+OwplBSS23f/xrl/ut8OqQWj+eObsX
-b1XFxAM+QfI5GvalEp4dZ8JggyAVFJJLkavJD/7014ENLmt0Y4SU0rVoUv/V08s+
-nHZLmLKL1lCLzCfeMOapcVKh+CzxvN/o61VdrKYkuIq+KbZY5AFBGcF3ma4BoSXt
-F1I5AgMBAAGjggKrMIICpzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFKokkF8r2K7l
-Ik4PzxZjD75n+TUHMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboG
-CCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0R
-BBUwE4IRc2hpYi51Y21lcmNlZC5lZHUwDQYJKoZIhvcNAQEFBQADggEBAF4pIerA
-OHNqLTp33YwBBdcwHUVingAMyvmxKJJmz8YenbaOaL4NtqofJHPB5G4ShaGUW5F+
-y247xUW9CQ8gXCSxO3KSkF+u+VKde86UrmFIyK67A0AxYRuGKKsotF8vngl19Bq5
-EbYbomDA48uuIaC8qK8bBBg99TwgqjE6ngkJuHisaY986sby9R7m2+kBqdFk6g+W
-t1givG65nDln0Lcnb19DXRDPEM28H56U1IqKuC82rl/E+vdw0W4T7IeTAnDBSy7l
-OhvX73biE+9ErXzxGFrCUaAE6P09Bhg/kZjv4HTvr6MDKnfpzYatTv7A6yhkJ8h9
-r5UEVmti4DxjcoE=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.ucmerced.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Merced</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Merced</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucmerced.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Greg Fellin</GivenName>
-    <EmailAddress>gfellin@ucmerced.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian Koehmstedt</GivenName>
-    <EmailAddress>bkoehmstedt@ucmerced.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Faust Gorham</GivenName>
-    <EmailAddress>fgorham@ucmerced.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Southern California -->
-<EntityDescriptor entityID="urn:mace:incommon:usc.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">usc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.usc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 215, expires on Fri Oct  3 20:09:10 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUjCCBDqgAwIBAgICANcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAwNDIwMDkxMFoXDTA4MTAw
-MzIwMDkxMFowVjELMAkGA1UEBhMCVVMxKjAoBgNVBAoTIVVuaXZlcnNpdHkgb2Yg
-U291dGhlcm4gQ2FsaWZvcm5pYTEbMBkGA1UEAxMSc2hpYmJvbGV0aC51c2MuZWR1
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM+gtGft1Rqp8EqSK4Do32kRYN
-MUz2glzZCyikRODKT0fodm655RUXM3KtU0EojBmpaDJvH9Gx4eCOOPCAdQ0zaM1h
-vok4hOmPbsbDJ1ZuBgDUmNNu+ArhTfTcVCnVIK0E6lwrYHvgccqpuJz3kdHEo9fw
-wqsrK6Nwyor4hPEOeQIDAQABo4ICrDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBToWvbYMPTntME48Hv8gLVKO0KwCTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8v
-aW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25j
-YTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0
-cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMu
-cGRmMB0GA1UdEQQWMBSCEnNoaWJib2xldGgudXNjLmVkdTANBgkqhkiG9w0BAQUF
-AAOCAQEADvZ2CCgyfTTi8+iC8269yNF4G74BkhSY1/t3L9IVcIzN6yp1bP9XCzEp
-ANbu4+9+z7MA8jGMVC+VEoGGgc4IzoT4Ozd88GTDjk0kaKqvBM+PFrDpW1t3Gybl
-1q89ZHgLnrzEFYxRQPMmNHLEmD+NKAg8G8Gw0g6daKoIzgEh46sZj12rvZFKAozG
-tXtSUWHHHbRCWOsaeLLv6DBVlQlY8jtlzZS3Z4km0Dchs8xbKELjnjG0fiomXLvO
-HAwYO/NexhX4xqhe0/e4Dqg1g4rZ3paW5oV98HVhPcnFpLJwtxzcB7Pm8Uxwm0hC
-i/+ujkDNOTfO58R8UdbZ6M2N8rnHhA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.usc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 433, expires on Fri Sep 17 18:10:09 2010 GMT -->
-          <ds:X509Certificate>
-MIIFETCCA/mgAwIBAgICAbEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxNjE4MTAwOVoXDTEwMDkx
-NzE4MTAwOVowHTEbMBkGA1UEAxMSc2hpYmJvbGV0aC51c2MuZWR1MIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDGqmK+0r4oZkmfLl70dD2yew9E39gkafTNTdDB
-28LV9BiM6Nsz2CXyyfhqHt4g9RQ7stTJR+MNayVKQPeGjdJPBxSbvbj5QVIT2Wb5
-9L6XaxM5/oUKklN54xducalBey7TePToou5TX+7UllxedrawhUZQYAqRlEA4g/Kf
-V6sfpwIDAQABo4ICpDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ91L7HB/qN
-lDJO6TkzQ40J2Pml7zB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGy
-BggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJz
-aGliYm9sZXRoLnVzYy5lZHUwDQYJKoZIhvcNAQEFBQADggEBAJOsixFfdbUyUoqK
-RcARsvIOxHjf8IKfUtWJJuxcAGtSYQ2WAS7ezAsfCKNjY/sVew42kGZdxNL/9Z6u
-7uaUDHoeI1YFL1jUcuHFAB1fGjImOa9DvDYC/GdQlbXEpGD4jvfGIjUi7jpnguDE
-w4reSxuNAE6wOdbiZ/SGmDovt7CWDonkYmF/F8PTBu4T55k61uG8zEbszuhQIAoa
-PpxZV+VbpdEmbm6fFviGTRBzTdP8Ges98ryQzkTXV1ivsahrftCtOo2imH22b0zd
-UyzcHstiqAfNX/TX6HSl/gtPda7Gcedc/RHiYNk8H5jFVFQYek5YhZMHfTGRZh+w
-aY7nMHE=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.usc.edu:8444/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.usc.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">usc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.usc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 215, expires on Fri Oct  3 20:09:10 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUjCCBDqgAwIBAgICANcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAwNDIwMDkxMFoXDTA4MTAw
-MzIwMDkxMFowVjELMAkGA1UEBhMCVVMxKjAoBgNVBAoTIVVuaXZlcnNpdHkgb2Yg
-U291dGhlcm4gQ2FsaWZvcm5pYTEbMBkGA1UEAxMSc2hpYmJvbGV0aC51c2MuZWR1
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM+gtGft1Rqp8EqSK4Do32kRYN
-MUz2glzZCyikRODKT0fodm655RUXM3KtU0EojBmpaDJvH9Gx4eCOOPCAdQ0zaM1h
-vok4hOmPbsbDJ1ZuBgDUmNNu+ArhTfTcVCnVIK0E6lwrYHvgccqpuJz3kdHEo9fw
-wqsrK6Nwyor4hPEOeQIDAQABo4ICrDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBToWvbYMPTntME48Hv8gLVKO0KwCTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8v
-aW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25j
-YTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0
-cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMu
-cGRmMB0GA1UdEQQWMBSCEnNoaWJib2xldGgudXNjLmVkdTANBgkqhkiG9w0BAQUF
-AAOCAQEADvZ2CCgyfTTi8+iC8269yNF4G74BkhSY1/t3L9IVcIzN6yp1bP9XCzEp
-ANbu4+9+z7MA8jGMVC+VEoGGgc4IzoT4Ozd88GTDjk0kaKqvBM+PFrDpW1t3Gybl
-1q89ZHgLnrzEFYxRQPMmNHLEmD+NKAg8G8Gw0g6daKoIzgEh46sZj12rvZFKAozG
-tXtSUWHHHbRCWOsaeLLv6DBVlQlY8jtlzZS3Z4km0Dchs8xbKELjnjG0fiomXLvO
-HAwYO/NexhX4xqhe0/e4Dqg1g4rZ3paW5oV98HVhPcnFpLJwtxzcB7Pm8Uxwm0hC
-i/+ujkDNOTfO58R8UdbZ6M2N8rnHhA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.usc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 433, expires on Fri Sep 17 18:10:09 2010 GMT -->
-          <ds:X509Certificate>
-MIIFETCCA/mgAwIBAgICAbEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxNjE4MTAwOVoXDTEwMDkx
-NzE4MTAwOVowHTEbMBkGA1UEAxMSc2hpYmJvbGV0aC51c2MuZWR1MIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDGqmK+0r4oZkmfLl70dD2yew9E39gkafTNTdDB
-28LV9BiM6Nsz2CXyyfhqHt4g9RQ7stTJR+MNayVKQPeGjdJPBxSbvbj5QVIT2Wb5
-9L6XaxM5/oUKklN54xducalBey7TePToou5TX+7UllxedrawhUZQYAqRlEA4g/Kf
-V6sfpwIDAQABo4ICpDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ91L7HB/qN
-lDJO6TkzQ40J2Pml7zB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGy
-BggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJz
-aGliYm9sZXRoLnVzYy5lZHUwDQYJKoZIhvcNAQEFBQADggEBAJOsixFfdbUyUoqK
-RcARsvIOxHjf8IKfUtWJJuxcAGtSYQ2WAS7ezAsfCKNjY/sVew42kGZdxNL/9Z6u
-7uaUDHoeI1YFL1jUcuHFAB1fGjImOa9DvDYC/GdQlbXEpGD4jvfGIjUi7jpnguDE
-w4reSxuNAE6wOdbiZ/SGmDovt7CWDonkYmF/F8PTBu4T55k61uG8zEbszuhQIAoa
-PpxZV+VbpdEmbm6fFviGTRBzTdP8Ges98ryQzkTXV1ivsahrftCtOo2imH22b0zd
-UyzcHstiqAfNX/TX6HSl/gtPda7Gcedc/RHiYNk8H5jFVFQYek5YhZMHfTGRZh+w
-aY7nMHE=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.usc.edu:8444/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Southern California</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Southern California</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.usc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Brendan Bellina</GivenName>
-    <EmailAddress>bbellina@usc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Asbed Bedrossian</GivenName>
-    <EmailAddress>asbed@usc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Russell Beall</GivenName>
-    <EmailAddress>beall@usc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- The Pennsylvania State University -->
-<EntityDescriptor entityID="urn:mace:incommon:psu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">psu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>as1.fim.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 178, expires on Sat Jul  5 20:48:29 2008 GMT -->
-          <ds:X509Certificate>
-MIIFTDCCBDSgAwIBAgICALIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcwNjIwNDgyOVoXDTA4MDcw
-NTIwNDgyOVowUzELMAkGA1UEBhMCVVMxKjAoBgNVBAoTIVRoZSBQZW5uc3lsdmFu
-aWEgU3RhdGUgVW5pdmVyc2l0eTEYMBYGA1UEAxMPYXMxLmZpbS5wc3UuZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkFtWl8heas1dMJHo4TNjQWznzbSU8
-piz5TmrHlGg6wDWQRKoTLHwFs2PRiII0jGwzNVC2eRGs5+GadehYfLv8KqhQXtJq
-SpUu3dccNxtrUrNcX5CL2r9/W0h8rPC+W7Z3Qvds2L6uvP9F/pP41rjnE77VWmaC
-GQl8sUh464l3SwIDAQABo4ICqTCCAqUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRn
-kR9rZ0bocCoX1tzgbdk+n8PNzTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MBoGA1UdEQQTMBGCD2FzMS5maW0ucHN1LmVkdTANBgkqhkiG9w0BAQUFAAOCAQEA
-gGfLXFGWGypSDvq4gcZdd0yPTards8F8vwVGJrjFILjwLvlDvluRMAk5bGiRhvd/
-v+gBLT/54bh3ypD7lqEYMYVJlFDddfWbDOlJbPBBW1ONEjpw/m93+Vrcrn4x4WZx
-jY/ATY2tcIYc4B76i/J2J89T8tWRPO00gd8bsiQFUDDjtQEEbeTKvR0ge4YA2yXh
-4Yh0a5Nu0jhUNZ76cRzZZwCw9rZuJNn7WAsWi1WhhkHVXzB28eRmzkxxbuqENNgF
-3Dg6Q/jBrpDdMmTmK1SeglkrDHdDp5ieRaqVa8La7LXHuGY/cNstDrsevwtVqlzQ
-c3XsTw1BfGqlUHGf2Xv2HQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>as1.fim.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 351, expires on Mon Jun 14 20:10:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAV8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxMzIwMTAxMloXDTEwMDYx
-NDIwMTAxMlowGjEYMBYGA1UEAxMPYXMxLmZpbS5wc3UuZWR1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCkFtWl8heas1dMJHo4TNjQWznzbSU8piz5TmrHlGg6
-wDWQRKoTLHwFs2PRiII0jGwzNVC2eRGs5+GadehYfLv8KqhQXtJqSpUu3dccNxtr
-UrNcX5CL2r9/W0h8rPC+W7Z3Qvds2L6uvP9F/pP41rjnE77VWmaCGQl8sUh464l3
-SwIDAQABo4ICqTCCAqUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRnkR9rZ0bocCoX
-1tzgbdk+n8PNzTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6Bggr
-BgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-CgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBoGA1UdEQQT
-MBGCD2FzMS5maW0ucHN1LmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAQQTATH0n/e2x
-QrAIoXJ8jaaIuEY/jXznkgyLpqfY7GvnEbis9XUK+3D9LzwYEyb6zFuDlRfGh1WU
-sVoYZlEk4kGS/yzMDaMSq2DfTjxS1GeEs6z6sPvGcrr23NFVfZ1TTbTCNvJtRljw
-7jr2LZGOeK7CP39nFaw8mCIaLlXt8kY3aELKf2pqR7XMPeb6e8n89VJCagKTAvgg
-s5o1JWZ+wLUUm49POFMf+KFIPxcHfw7Hnm2HI/axRvH4C/bh8RIP1tQFbAeX4qlo
-LZmOK8DcFwc1DbWGgqY7LbpuDC1jwp8y5FhlbEIUj0UXXNNkux7569nmMO7MeWxy
-t8lwzoppsg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://as1.fim.psu.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://as1.fim.psu.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">psu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>as1.fim.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 178, expires on Sat Jul  5 20:48:29 2008 GMT -->
-          <ds:X509Certificate>
-MIIFTDCCBDSgAwIBAgICALIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcwNjIwNDgyOVoXDTA4MDcw
-NTIwNDgyOVowUzELMAkGA1UEBhMCVVMxKjAoBgNVBAoTIVRoZSBQZW5uc3lsdmFu
-aWEgU3RhdGUgVW5pdmVyc2l0eTEYMBYGA1UEAxMPYXMxLmZpbS5wc3UuZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkFtWl8heas1dMJHo4TNjQWznzbSU8
-piz5TmrHlGg6wDWQRKoTLHwFs2PRiII0jGwzNVC2eRGs5+GadehYfLv8KqhQXtJq
-SpUu3dccNxtrUrNcX5CL2r9/W0h8rPC+W7Z3Qvds2L6uvP9F/pP41rjnE77VWmaC
-GQl8sUh464l3SwIDAQABo4ICqTCCAqUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRn
-kR9rZ0bocCoX1tzgbdk+n8PNzTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MBoGA1UdEQQTMBGCD2FzMS5maW0ucHN1LmVkdTANBgkqhkiG9w0BAQUFAAOCAQEA
-gGfLXFGWGypSDvq4gcZdd0yPTards8F8vwVGJrjFILjwLvlDvluRMAk5bGiRhvd/
-v+gBLT/54bh3ypD7lqEYMYVJlFDddfWbDOlJbPBBW1ONEjpw/m93+Vrcrn4x4WZx
-jY/ATY2tcIYc4B76i/J2J89T8tWRPO00gd8bsiQFUDDjtQEEbeTKvR0ge4YA2yXh
-4Yh0a5Nu0jhUNZ76cRzZZwCw9rZuJNn7WAsWi1WhhkHVXzB28eRmzkxxbuqENNgF
-3Dg6Q/jBrpDdMmTmK1SeglkrDHdDp5ieRaqVa8La7LXHuGY/cNstDrsevwtVqlzQ
-c3XsTw1BfGqlUHGf2Xv2HQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>as1.fim.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 351, expires on Mon Jun 14 20:10:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAV8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxMzIwMTAxMloXDTEwMDYx
-NDIwMTAxMlowGjEYMBYGA1UEAxMPYXMxLmZpbS5wc3UuZWR1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCkFtWl8heas1dMJHo4TNjQWznzbSU8piz5TmrHlGg6
-wDWQRKoTLHwFs2PRiII0jGwzNVC2eRGs5+GadehYfLv8KqhQXtJqSpUu3dccNxtr
-UrNcX5CL2r9/W0h8rPC+W7Z3Qvds2L6uvP9F/pP41rjnE77VWmaCGQl8sUh464l3
-SwIDAQABo4ICqTCCAqUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRnkR9rZ0bocCoX
-1tzgbdk+n8PNzTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6Bggr
-BgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-CgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBoGA1UdEQQT
-MBGCD2FzMS5maW0ucHN1LmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAQQTATH0n/e2x
-QrAIoXJ8jaaIuEY/jXznkgyLpqfY7GvnEbis9XUK+3D9LzwYEyb6zFuDlRfGh1WU
-sVoYZlEk4kGS/yzMDaMSq2DfTjxS1GeEs6z6sPvGcrr23NFVfZ1TTbTCNvJtRljw
-7jr2LZGOeK7CP39nFaw8mCIaLlXt8kY3aELKf2pqR7XMPeb6e8n89VJCagKTAvgg
-s5o1JWZ+wLUUm49POFMf+KFIPxcHfw7Hnm2HI/axRvH4C/bh8RIP1tQFbAeX4qlo
-LZmOK8DcFwc1DbWGgqY7LbpuDC1jwp8y5FhlbEIUj0UXXNNkux7569nmMO7MeWxy
-t8lwzoppsg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://as1.fim.psu.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Penn State</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Technical Staff</GivenName>
-    <EmailAddress>root@aset.psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Steven Kellogg</GivenName>
-    <EmailAddress>kellogg@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Mark Miller</GivenName>
-    <EmailAddress>max@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Penn State ITS Help Desk</GivenName>
-    <EmailAddress>helpdesk@psu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://angelshibaccept.ais.psu.edu/Shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>angelshibaccept.ais.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 394, expires on Sat Jul 31 18:12:17 2010 GMT -->
-          <ds:X509Certificate>
-MIIFIzCCBAugAwIBAgICAYowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDczMDE4MTIxN1oXDTEwMDcz
-MTE4MTIxN1owJjEkMCIGA1UEAxMbYW5nZWxzaGliYWNjZXB0LmFpcy5wc3UuZWR1
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClkfi6MuIJnWxOg+86vC9yUBHC
-3b16IwocbKkwCN8H95Ve9KYuEGUHpPd4cwGdAW8OPoDGQihoNcbkN3OxBgFfme02
-qS2nQv8zedWbkrrJdI++Nl+NWWXgEGTqHyCcaS1Ma1ws3NYXWwnoh89ieeqnFgRW
-UHDRUpWSimYsd4PmDQIDAQABo4ICrTCCAqkwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBSWp88hPoLAnWpKsbtUFgHC/PNTPTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAmBgNV
-HREEHzAdghthbmdlbHNoaWJhY2NlcHQuYWlzLnBzdS5lZHUwDQYJKoZIhvcNAQEF
-BQADggEBAGC8L2wH3T8UjKBtpPJnDdwlZZyHzzhjqIXQUTOo8WGsMXl6qplk3U6e
-maO8oHhUtmj9NXQZAAnEui+aj0dooLS9yLZ/EFrhOy1nHj50XcV7xR6id4nY5xaQ
-tKWlQ89+6AfvhWyS2QvLR0RuEVp9QzDp5oXHHnjg5cmEXBOQCEXDvOZcg6mSzXpZ
-wH3UBiyEKs5R2okUuPjdcxzOe4JSROPWSnz/PASCkINk6ApklX/5pjTSsv8z4+qB
-TiVjEVA4+cDK0KkqTgacX+MQYN+37rCYs3UD+8zLvw8N1PDukhxXYQoXLqzIHgqq
-E02jzU/990xdaEWR/lE2NUWxfabXyF8=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://angelshibaccept.ais.psu.edu/Shibboleth/Shibboleth.shire" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Penn State</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Terry O'Heron</GivenName>
-    <EmailAddress>tno1@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Andy Fisher</GivenName>
-    <EmailAddress>anf107@psu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://cms.psu.edu/Shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>cms.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 452, expires on Sat Oct 23 17:57:35 2010 GMT -->
-          <ds:X509Certificate>
-MIIFAzCCA+ugAwIBAgICAcQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyMjE3NTczNVoXDTEwMTAy
-MzE3NTczNVowFjEUMBIGA1UEAxMLY21zLnBzdS5lZHUwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKndAKfp08EdL5btW3Hc3Ir1HxymZBQR3qlFZr+SVVmx2p0F
-abon7kbxdpCYf4pikJgoUayA5hEIoXCtwqGv5tCBhplhHs6/hVuQU1HU3n22g1eX
-Axo3h6D+N5hGcea6duNKp8dAT6qn7P0O+mphfvsRF/nqTaXDtFD7ZC3VpoWNAgMB
-AAGjggKdMIICmTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFL7WHgfeGKus+T3GU4g
-X51d6ed2MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUF
-BwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsG
-AQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC2Ntcy5wc3Uu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBgu96Xx2Fr9b7W6G7n4jIhPWFgsEOguW9U
-kINOvW/2KOE9lYIn5IMtoGOjeUae0oD1KNTfay0W1GDvTlxHGebsRh1MClw1fa/u
-xAmBl3JdMkmlR4oilk0ppCylLkLCauCoSQ0O/PzHIwAWd2yWZ0PO+hVcjr/E3UT3
-51M97s5iQpDrPfa+bb2yYKaJEKQEOj7j+JgH3CmklOkvJwR9tuO++2NNy0gkYmcb
-JbFoduGzC0FRNfy+mjou9+pew/F9i6rsFq8ta6ODHh7sOSdJtmke097dsLjHha02
-zvntocfuV8nr0Y3Vtw5R0veT8NFhqeMzhUeWxvyHQWyF6IKqJpan
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cms.psu.edu/Shibboleth/Shibboleth.shire" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Penn State</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Andy Fisher</GivenName>
-    <EmailAddress>anf107@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Terry O'Heron</GivenName>
-    <EmailAddress>tno1@psu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://comanage.psu.edu/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>comanage.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 389, expires on Sat Jul 24 19:40:42 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkTCCBHmgAwIBAgICAYUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcyMzE5NDA0MloXDTEwMDcy
-NDE5NDA0MlowGzEZMBcGA1UEAxMQY29tYW5hZ2UucHN1LmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAJlP3NthFiuysD/g7nO1aBRU7Vw3HlAkt7Cp
-XrS4f94NggG3RxizVcpkt9ZxWa6Dot3xGa4mYnn/zTP/K5FhO2pKn2nnjmWnUpI8
-IqLtZmoVAL7aX0xLhYQ/ZdpKMqEjijYskwu1M/Ccu4wLEsW2/cmbqL0W1eXVBLwB
-rxs2SgnS3kMQugSzAFOgxI+7VJnOA7QQkcZjRf5uUEnlgf2fP7P+PnCTGBJ5G9ud
-AK4gi7C3g3nG7P1lUDMDtXw/i84kVKH3i4381DXrllgyeMIey+MD5EMAhk5U6Eoj
-aOFqUPqK9CcpMiZoR9rXW2nbBXRK9N+yBke3UZ/Zd1BrvsAOh9sCAwEAAaOCAqIw
-ggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUhAXkBcQz3OQaYgzE4t408AMMkh4w
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUw
-gaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKG
-Q2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRn
-ZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBE
-MEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQY29tYW5hZ2UucHN1LmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAN/MoUubNjZ51n/b4pHJ/Rv8iLouBUHnWUOC4
-wS7iKx1G0hYfjq/UsSw+Ua0DbAgRlNz+NJmunj7XplJi4tU3ZR/bq/z6A4u1R4pE
-2YIk4HUkmIqLE2vwRhxZOgATRS91HYSRpdckxgIVZVpc4MntybhmDx0pzMu/0x5t
-HPKcQW3qAnprbgdKsW3aplQ+RrmTIbuDcH0kAGFQNv0EiM7AdAUSV1gHK5LTxS1D
-J+85AUYzIxE+48DZgNPTKJ9ZSyQhnHDdxn15b3wSl1wgE2ONZkrsrrj0rTYTwEDg
-x4a/CszXVa2CKDJ7hRP3XiUoupIcgJXHhHfB8WXz4ifdM4F6UQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://comanage.psu.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://comanage.psu.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Penn State</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Chris Hubing</GivenName>
-    <EmailAddress>cjh@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Phil Devan</GivenName>
-    <EmailAddress>pmd@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Rich Cropp</GivenName>
-    <EmailAddress>rac@psu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://courseware.e-education.psu.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>courseware.e-education.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 352, expires on Mon Jun 14 20:10:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFtTCCBJ2gAwIBAgICAWAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxMzIwMTAyM1oXDTEwMDYx
-NDIwMTAyM1owKTEnMCUGA1UEAxMeY291cnNld2FyZS5lLWVkdWNhdGlvbi5wc3Uu
-ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sXG6NaOTDrSUKLo
-inAAJ8pdghMP/TZJcLQfxqoqKopLCEICNyX8w29AlKBCUEp2KYniUiN8Kogxcx+O
-ubdSEGFKhKRIBeFaJqRxvK3F3LEk5g1ujPhabujynV7idxBWuyxYd2ufQdp8tsyS
-4wD/KL58LPfSgnpCTbSCf+LdvxNtzWJIm04oESyUAkvORMyilbZJ3pbeHOUdLgHe
-EnIWbsrvCN1rsImf3yCfycoKSCIKohtHXRP6zUYweQihF3675SxdTJ+s7qYuDwXW
-pFQQLk+DDpdH3ukP7INMXgDF5ScRzUBVQS6hbfOSIbAW9VYojzGUsqVqFo4C41Yg
-m0wlkwIDAQABo4ICuDCCArQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSnjfqA3hwR
-oapxNTRPBQhZBX5lkTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCkGA1Ud
-EQQiMCCCHmNvdXJzZXdhcmUuZS1lZHVjYXRpb24ucHN1LmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEAlAgX/tzTM2uiSsgWSihPz1drLDqGvfZ6wKQcR9wCi0uJ+SeZDiDu
-sGrw1vyC4Z9p2MRueVXvTHtXhIhMvak8Oq2BkNET9bMYdEC73gQy8JAGM+o0NIds
-Ux1zCyZMzSd81uSXQOJhKrbjilGG2a1s1CURMhhtFZBfSZAkpOHI2Owc7Q4M3wk4
-bOBrNozXtP9Q1Vnd453NFdRjJa/UWV+DpiN7x+DUKVlJ22vHxIb0EcdCdkhkkPN2
-b62XxShsr9GdjEXZVos03a39wVV6tisBjWT9v/lwLEWH7V4RZVIMrm/VpsonfTNg
-5H4DLiqZuOGL7kOxBikdw9a9AkrFg1I29w==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://courseware.e-education.psu.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://courseware.e-education.psu.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Penn State</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Jeff Wolfe</GivenName>
-    <EmailAddress>wolfe@ems.psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jeff Buechler</GivenName>
-    <EmailAddress>jdb11@psu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.cic.psu.edu/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.cic.psu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 391, expires on Sat Jul 24 19:40:56 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjzCCBHegAwIBAgICAYcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcyMzE5NDA1NloXDTEwMDcy
-NDE5NDA1NlowGjEYMBYGA1UEAxMPd3d3LmNpYy5wc3UuZWR1MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiX8QaQ4uItYnyWLP8QSnfG0BKf9V8oYiY+t
-rCOiiajTAQNhctLhOtAVd/tcRjeDnLymfprUk53apLbmDTzGMnSSiAfRlU0qcAyw
-wI7GIgJGgHTQd+6QiMEco2Kwv2w2aDzzd+Av1B5dJ7xzuJOQUxVbwKK0Pun2QWT0
-O2FCmHe0c+5xf2qZMSYs47tE56J99Gcl7kKhB3AMBMhDDlHyxrn8n4zo54tfjCpO
-5ddWoyPpDmu+yngQYSjDtDNm1htqnu/4TGPvkUPPHik4yxx5HZh8A/BD6vhR9JT+
-K0O67cHH5R5oWD1UUncAlaN0OskIRwHIrCAFLSzOQr+iWRv4FQIDAQABo4ICoTCC
-Ap0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
-BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSPGLmSyeyjQ2LuQ1IvbdDn7FS3MTB+
-BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMC
-VVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29t
-bW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCB
-ojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZD
-aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdl
-L2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQw
-QgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg93d3cuY2ljLnBzdS5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAIuNpjnPqk7TsRnQayA8XZBeyzouThR7VP9aL47y
-o5jiiPzB7uAahfc+a7hHcaqKbEQaOU4GszrwG7V6QeoO0a1siciF3ggI740qfDPA
-Tm/cMwCnGs7PaCuE984vFSYCbF1IggziknW1P8G2A9ZptQbNt9CPsBaXzg0KPmIR
-EaPWY+d6wQfs/Q4hx1k2+eUrudgwfcUgqrlkqkdueT/GhM1qG0FtlaO+YBv6GXuG
-7LZf0HO/IQP/uXBudTfgv+wf3/FFsdWRCWawZZNer4Vn5Hvoukr6e+zN00obKnvS
-JOYtsMhuowiwsRpT0ie/draV1UiDitpdjhmN3hb5G4Btb70=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.cic.psu.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.cic.psu.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Penn State</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Chris Hubing</GivenName>
-    <EmailAddress>cjh@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Phil Devan</GivenName>
-    <EmailAddress>pmd@psu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Rich Cropp</GivenName>
-    <EmailAddress>rac@psu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Maryland Baltimore County -->
-<EntityDescriptor entityID="urn:mace:incommon:umbc.edu">
-  <IDPSSODescriptor errorURL="https://webauth.umbc.edu:443/shib_error_page.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umbc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.umbc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 236, expires on Fri Dec 11 21:54:05 2009 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAOwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIxMTIxNTQwNVoXDTA5MTIx
-MTIxNTQwNVowGzEZMBcGA1UEAxMQd2ViYXV0aC51bWJjLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAOq++RZo/e9vKLyJC+gW5q/5qvHh0oNjgExe
-7D5W1sH3TppYd3PZkvxeBwBKMo36dVpaCsEDR6KW0rH65Q9JGYeMfwh2g2zd0/YE
-k7lr7SB2lmaUN2syJ5S+zpOFiqtE79aa9AGOQ9fHhLZljctPCVov8nd5lBS6EtLM
-K0B6JmPhMEzpwtPt937O1p+LVKFjKKQfXbXUEHHCf88R9LI9DKOAWkkeahwmgRtr
-MZQ1ffC+GVZ6n2432mLH2j7SXvDjhtwi134dLBbdJ5OMGx3XQtCdPEn81VYUJeR+
-ATXif0Ptp30jff2PzaONR9DrsTB9GlgBRaHDBHmpCvgvWcoo1KECAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUfpHlqS7yWgDIq8i2Gx+8TFAil80w
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghB3ZWJhdXRo
-LnVtYmMuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQA3u/gGMozRp8+tJU/+92tyTUqr
-fi+/iv7eK1sdWExH8o8vmSyCuNQP64wQueMk53N8aRORvuyLKvGqkXU9JrfJrE+q
-ulgL1N7DqwVWhlFhbmF4Nch/Qtyz7bBQtSYKI02thBGthLcKC7Ayf6lgHjpFUkvY
-tNlML5lQTF2/fjDgIiOQYJxW/kDnB2A1RdQZPExCLN5CCeS9eEEc66OeApdOAY8a
-lZc6l7TeKPDD6KBsDR4mh9/6rsJO+fTQxp+LUzWODR37i/dg4w9IiGQvrn6uIJxw
-lrC3p8cqpK2/GC43XqxjvaUdIRKF7kfiSn7QwiDjNBCvVWEPJsNDczKS/joy
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.umbc.edu:443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.umbc.edu:443/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umbc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aa-incommon.shibboleth.umbc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 219, expires on Wed Oct 22 13:08:40 2008 GMT -->
-          <ds:X509Certificate>
-MIIFczCCBFugAwIBAgICANswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyMzEzMDg0MFoXDTA4MTAy
-MjEzMDg0MFowajELMAkGA1UEBhMCVVMxMTAvBgNVBAoTKFVuaXZlcnNpdHkgb2Yg
-TWFyeWxhbmQsIEJhbHRpbW9yZSBDb3VudHkxKDAmBgNVBAMTH2FhLWluY29tbW9u
-LnNoaWJib2xldGgudW1iYy5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AOLs1KMZeAlysUkdSlJrEQFe7wwN4lA4+n0jThxJqMOO0Zdn1FKELezi5kW7SeAe
-UVBgUWV3560td4f/9aa9SEFT4obgHyCiS9GLk+ex9yAK2RIcqYDVtyfiDf9qXuM6
-MXWa7jGsu0gp46uoiMnNcSSKj5HljTn1QTHuYtPI6a+rAgMBAAGjggK5MIICtTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFMtXJWS0LfivuhpcXHft1NucNkiwMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGn
-BggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0g
-VVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwKgYDVR0RBCMwIYIfYWEtaW5jb21tb24u
-c2hpYmJvbGV0aC51bWJjLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAVf2xNPRfe3jg
-QTP1ab+03IIjPgAGHNiop9TGCMFin8LdD9mzyJCmFbOFyw5+6mVgsyHJUrmx/GR6
-Zqyl+grfZgTfb3UQiz/W3jIXWnNV2nW7xfTkViu0/fO2Y7KO7I58t9QnZHn1PWtG
-QLvIsPXIwvVwOE6GiWNLkQiRNARwIBx6XIfRO1NzR7PcJN94KaDbyPyvLT0zpCsf
-wNtpXLh1nIKc/lTNeJ+3xZky60/cKOLFruf/iRRZXHa5RSL+Jv2VtIlqOAjowsES
-C/PBYc15MG7d6UqZVcZnIVj7i1rXW0qypLh3k1rKsHbZ2BJ/rGMupLER7qptYgKX
-I6VWrfzCqA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aa-incommon.shibboleth.umbc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 437, expires on Thu Sep 30 14:58:25 2010 GMT -->
-          <ds:X509Certificate>
-MIIFrzCCBJegAwIBAgICAbUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkyOTE0NTgyNVoXDTEwMDkz
-MDE0NTgyNVowKjEoMCYGA1UEAxMfYWEtaW5jb21tb24uc2hpYmJvbGV0aC51bWJj
-LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOGbA5T93O4CZr6Z
-/iD9ukvL8tKMcGTD9m7pnJIX1ZSEeyqFA2LgnKJfR2iVpAcOz6KZ70yXwnQfWhj0
-6Jq5s5gPS6zFrOrsHOD6tldVZU+9Dd6DLSDzI4h/x/zEJaSRW5Qg3rbEt2+ps+Ef
-4j0lRkauXBu/hWH3fIjqOWpb9N8XlslPgW0WAk52YJ8YwjIEt/MI6FMyZ2anKfEW
-sN33j5rfQS3pRmRBydz20bAqBOZ25N1+qG368xVwL7miJPtl5zHFzwoS6VHe9rc1
-Ff6U3HM56ZUyHT2qYykToIW35jlQsyGH+nB0ggN9W19l6O3oa5jAgeZwIgRF2WTd
-11jQv8ECAwEAAaOCArEwggKtMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUgnaDJZ+D
-baRKdAD4Pw9JPIlEG2owfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-sgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwKgYDVR0RBCMwIYIf
-YWEtaW5jb21tb24uc2hpYmJvbGV0aC51bWJjLmVkdTANBgkqhkiG9w0BAQUFAAOC
-AQEAttGsyiW9SyMR5G0y0SV9zjbAW8UShSgFpwe617hMAQIic8Lja6TPXIBiFISd
-i6bE/u4ItV3V2UAb/scli3JhUFbIGwQ9JyBK65KPM8YhWEPP3n7WLpCXsBuYr4xk
-QhE6kN3r5Bl2g+No5ocWdF/FnrEmFEKyC84HzoASPwjAP/B65kt9fB6WSJMGh/nb
-K36rof7KkRmVkXjZbSnt1ucif+cWxEgwLi0pEEJc6LoSyS5zY0QBZ8vZha4Wm8/0
-QrS6v1xdmIV/1saB77y9EnvDQ6Dg/64llchEtLDfiv1cmKWqK5Z3ehinPI6Q+FI/
-TliVDC0dSggCsRGcE4h6Lf+qpg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa-incommon.shibboleth.umbc.edu:443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Maryland Baltimore County</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Maryland Baltimore County</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.umbc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Jason Griego</GivenName>
-    <EmailAddress>jcgriego@umbc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Paul Riddle</GivenName>
-    <EmailAddress>paulr@umbc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://hdxdev.core.umbc.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>hdxdev.core.umbc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 292, expires on Fri Apr  2 20:31:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFoTCCBImgAwIBAgICASQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMTIwMzEyM1oXDTEwMDQw
-MjIwMzEyM1owHzEdMBsGA1UEAxMUaGR4ZGV2LmNvcmUudW1iYy5lZHUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJqc8Lz3w2ZCJqlr3qssnxwc8VHTpQ
-U45WTjnglSbxajxI3oXX8nu6h/EMxPseoFgU63V09zzB5uWNHWDYvo1IVP7ChWuF
-qV0jJGAiHSk3e65qdBpgEXqS+gotOgPExUkotV2vKmLKhUajx7nF0dSMNYT2akRp
-nZLM39gsyG8KO4kDh0R6tkVhvb6wDN/6Bms4VtB44ZdWo4cZ1m/sizLpVtIbgQUD
-qB5rPYIbhxdecXR5j8iInvOoVljnur8G3V+Nkdf+b+b6Z/psUJqZv0620QohqTPu
-m8zvZHN76Fax/SIdCSItFBOBYnat/yxPSEOAtkQU2iwixWKQYloOhm/FAgMBAAGj
-ggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU
-BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNPJXcERQBlvFx0SEaRSxvzn
-ecGeMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYD
-VQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMg
-SW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEB
-BIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJ
-c3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYDVR0RBBgwFoIUaGR4
-ZGV2LmNvcmUudW1iYy5lZHUwDQYJKoZIhvcNAQEFBQADggEBADCpJn33xgtBvl6T
-cwfMUwlxh1F2b+H4MJj46m1/nf6MNDE5/2b+VwOC7l5F8rExVNjylpBtd7s5Hqd9
-BVwiaMfMsxCIvADtwM2Y24uOQmpRfQzrXv2o6hjmjjtZ2KGrQxb/hxT5ygGj7Gdn
-WRscplkyAxTd6vv7GwTmgDuZZM/HIqMyfsUjEJo357OzPkqHqBJEx5PJbhwi+HyX
-36Ofoxbhqr6cYNKVrEy3+6cR6zTqU0yfAxLbgQwrpTFEr6+f1vaZrjbt4WWTi8l9
-DT6Zn9smsStM2W3Fwx0dYmn8GookN2zh4V541leDkZUV+7rgmxPQVkqRjWljFZrV
-EKMVes4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://hdxdev.core.umbc.edu/confluence/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://hdxdev.core.umbc.edu/confluence/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Maryland Baltimore County</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Maryland Baltimore County</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.umbc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Paul Riddle</GivenName>
-    <EmailAddress>paulr@umbc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://rt.umbc.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>rt.umbc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 474, expires on Sat Dec 11 21:01:42 2010 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAdowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIxMDIxMDE0MloXDTEwMTIx
-MTIxMDE0MlowFjEUMBIGA1UEAxMLcnQudW1iYy5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCz6NrCXgcYUs5mY5zBb+BNypBnU4HDSx8X9kJ2Kr2z
-beSEiaQpkANEhAe42/6QImhqeU5JkRbEu7qUkzMSk2HrJ16ida208sxzyobpigUr
-4WcQMEX1GKOfYKXIUt7d08WPB/5fb64cg4cuZ43DnJXKZzWW9teFEIiFrZjb9ll1
-UOfLjPbPgL+lcnbrJ/jYxyoAZEV2JiYMJZx/pH6qqMmP8so+fcMl/zvhxksa5ezt
-onacmefepb1UDdYixAdLPJSwBnITTibrVIwVk7B9e4oAzynP0PdDvryoSsd3riV3
-COdXvBclvQ7XDbK9rIg1RlL2oR2WGsk55z+AdfVZ5Ls1AgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFHrhgZ0xRZgseNwiABwbUM2XQmqyMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC3J0LnVtYmMuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQDQaRJ2SMJqH0FYEsai+pz2CUSyofnLmgA+WTbHzssNTiyNK2a4
-+tyG5gnqtKPoGp4JvEqI8d3t0Ujo1w44mekUsCB1PIRoKBkGo4u3jGq2/uxpD0xr
-+so2uO4Kf5wROZ8MGbSldn/3kv2ekyWLAQAOnrmEZ1jLOUA+H21K79cFLvmgkB8j
-IT+VLNtGZ5usYzKDJp8m5yeVI/L9F0bpr+EncA8qE/W43WwFpi7lVuwqZ+dNmkY+
-wtjCCMWk7aX5ZekT0NX2stxI1Acg32/A/QunZdoAUFONIctv4T8hKnJXnUdTceK9
-Bk3KgaiDbg2alJp0yXWmhdwf22fByPEm2Tbj
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://rt.umbc.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://rt.umbc.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Maryland Baltimore County</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Maryland Baltimore County</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.umbc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Paul Riddle</GivenName>
-    <EmailAddress>paulr@umbc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://spaces.umbc.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>spaces.umbc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 297, expires on Mon Apr 12 19:02:42 2010 GMT -->
-          <ds:X509Certificate>
-MIIFlzCCBH+gAwIBAgICASkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQxMTE5MDI0MloXDTEwMDQx
-MjE5MDI0MlowGjEYMBYGA1UEAxMPc3BhY2VzLnVtYmMuZWR1MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yY2CEF/b5WwWyC5STM3A/nYmQV0fmTfKI9R
-xrmQbxjr4CG9KJFEcEQoiEZtnCedQSaUzJVXwvLS0bjE3+fP6LSPFyrarA9zEdOW
-nL/lEvWgb0VaG/wEURBR0t03f5YSAaMqNsusMuXXeBu/grwjtRiwFHKbVQDQr9UW
-T6vBoLm96H5QNpCqobLVkPGyJehz3F3zTaPNig7f4K/9yQjiEuigkqGU8sPZiKNj
-loD/5YthLG39X8fN/rEs7wW067DfrysMEhHqrMKpupF+C96uLvop0ODYUZ3vcSes
-1Ubm6jeu0aZ+v4LuB6yYLGWIkoRNkbRfvLt7FLyU9JEp7VMW/QIDAQABo4ICqTCC
-AqUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
-BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTfy4V0Ou0H/XKQIwpcDcfsua+mujB+
-BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMC
-VVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29t
-bW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCB
-qjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVy
-cyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBoGA1UdEQQTMBGCD3NwYWNlcy51
-bWJjLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAVeNqz/YP52/3+Fg3ryqSFsQ9ljHP
-ETmGArvQOkdisohYFC4/Ywx2FG1DWgDn8FIwEG+Y0S1dpYAifgOUpwny5HVuPtm4
-IL3Ltx+Rml/1DeQjYURUAxXfCAKs59MKWmck/KaZCAigFdlgk3bnY8lsUwBrMCqH
-wCpfKjrHwUvlEm8xvUrBuT6pvcA3tz1CI3Gnl6vzTeE8nPtj5YdesfEGbSDLCt2D
-PAudx5Gm/7kYxTMVrK3KbutY50WiF5zoh6w+Lc5vWrBeRJeLO+81fLPFKMiMnKGg
-LPYFu6Ypaoy0R0+aIcPoohLHvrDM/0YtX960Pt3pDrQFYGiJMaRZrOEnOw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://spaces.umbc.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://spaces.umbc.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Maryland Baltimore County</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Maryland Baltimore County</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.umbc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Jason Griego</GivenName>
-    <EmailAddress>jcgriego@umbc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Paul Riddle</GivenName>
-    <EmailAddress>paulr@umbc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Duke University -->
-<EntityDescriptor entityID="urn:mace:incommon:duke.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">duke.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.oit.duke.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 218, expires on Fri Oct 17 18:48:00 2008 GMT -->
-          <ds:X509Certificate>
-MIIFwjCCBKqgAwIBAgICANowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAxODE4NDgwMFoXDTA4MTAx
-NzE4NDgwMFowQzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0R1a2UgVW5pdmVyc2l0
-eTEaMBgGA1UEAxMRc2hpYi5vaXQuZHVrZS5lZHUwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDZLnQ/SNUArYDHOXG9bqiCcAFgR0c6PRIBQgKSG8xS+gZG
-YKLBko8XiB1k4NQSmf+OPrJUk2uWyqVhF1RgabYnHK9HuQcF7uV0VkOkMVX8VAWl
-96ltzm+R7GVLh30+YjAZMBzoFTPHXbww++ntmMrxQ3YMNYq7hNwBJWnNUpFqNHqR
-2rtdmSu3If8XO39tnJiPyEp/mstVVzU7O2ltOXe8M5mtrjEXHohqMxLR3/Nyeb46
-SvqLDr1kTa+v6BnD1tZlujuR5ArN3a7aNJGN/q/xaXCEg5OVSl7Wu36x9VkvMHPJ
-ytJ7eDGhBxshReiwZJb+dIDb0DPOssKIJegkjminAgMBAAGjggKrMIICpzAOBgNV
-HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
-KwYBBQUHAwIwHQYDVR0OBBYEFKs6ASVxYi5YHvK45Bc0Is8E9VXsMH4GA1UdIwR3
-MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoG
-A1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggr
-BgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJ
-Omh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRn
-ZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBE
-MEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0RBBUwE4IRc2hpYi5vaXQuZHVrZS5l
-ZHUwDQYJKoZIhvcNAQEFBQADggEBAJvMqhgFMrdZlLN1FyMn/KnAxzvpAw+D4kuF
-D1C49Zr53Wl9JIZXu0ASEF80tYQ1w4MkZ5A556f4ipMdzXgEUe+aP1cHteryqobr
-wytaDhY3OhIlditm9O9JVAFBtEZMcWkKGsVTWeL6FmQslGgK5Kq3gFOTVLQqEZIt
-Bgu1swSpaZ8mleylYyWbPORHE3XP9ol0B/5dldRGKebLJq2xGJn/u+QJKWoReOyH
-FhJhr+3G4jU2k5ZjHgt78YWJTnOu+e/MP0S6PAzr+TpX2qYzE9tc9/3he2GGvWjJ
-OjsDUYGbjD43aAZTwLpUD+5pF+tYBadIwD7qLkLx73UQeC9tgJw=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.oit.duke.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 434, expires on Mon Sep 20 18:11:15 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkzCCBHugAwIBAgICAbIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxOTE4MTExNVoXDTEwMDky
-MDE4MTExNVowHDEaMBgGA1UEAxMRc2hpYi5vaXQuZHVrZS5lZHUwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZLnQ/SNUArYDHOXG9bqiCcAFgR0c6PRIB
-QgKSG8xS+gZGYKLBko8XiB1k4NQSmf+OPrJUk2uWyqVhF1RgabYnHK9HuQcF7uV0
-VkOkMVX8VAWl96ltzm+R7GVLh30+YjAZMBzoFTPHXbww++ntmMrxQ3YMNYq7hNwB
-JWnNUpFqNHqR2rtdmSu3If8XO39tnJiPyEp/mstVVzU7O2ltOXe8M5mtrjEXHohq
-MxLR3/Nyeb46SvqLDr1kTa+v6BnD1tZlujuR5ArN3a7aNJGN/q/xaXCEg5OVSl7W
-u36x9VkvMHPJytJ7eDGhBxshReiwZJb+dIDb0DPOssKIJegkjminAgMBAAGjggKj
-MIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFKs6ASVxYi5YHvK45Bc0Is8E9VXs
-MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQG
-EwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5D
-b21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGl
-MIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAC
-hkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNoaWIub2l0LmR1a2Uu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCf66Rd9fSCcrC6wq4VYAyC451Oamzfj9Xy
-SJzXbntT5TvDhxZrvEaBKE8HZK94ncwvd9BmgZucfW3SVkPwJjrWBiVD9waUyoyv
-KywQ/UjB0Hhf1LP2SHedtKeMH4NvatA40Udf3DZUqdf9rtjer9gcUgahx0iHWKX0
-s6C4rpghXJuZ1U/Iu5+r0uGIqFfvgf00vJpJ0bo0ExnEynetfN/4MudmKHMv0RRT
-SL/7kkDOvYdwAer+PKXkHWXzEJLA8uuvjDSpfyMubJQP+P6L2BvtKLMirckMiIAG
-lFB8YmSPRPc1VCtXe/LbLmG51ge3ykYpT+/r3ckhtnOuDMB4cbO1
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.oit.duke.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">duke.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.oit.duke.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 218, expires on Fri Oct 17 18:48:00 2008 GMT -->
-          <ds:X509Certificate>
-MIIFwjCCBKqgAwIBAgICANowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAxODE4NDgwMFoXDTA4MTAx
-NzE4NDgwMFowQzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0R1a2UgVW5pdmVyc2l0
-eTEaMBgGA1UEAxMRc2hpYi5vaXQuZHVrZS5lZHUwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDZLnQ/SNUArYDHOXG9bqiCcAFgR0c6PRIBQgKSG8xS+gZG
-YKLBko8XiB1k4NQSmf+OPrJUk2uWyqVhF1RgabYnHK9HuQcF7uV0VkOkMVX8VAWl
-96ltzm+R7GVLh30+YjAZMBzoFTPHXbww++ntmMrxQ3YMNYq7hNwBJWnNUpFqNHqR
-2rtdmSu3If8XO39tnJiPyEp/mstVVzU7O2ltOXe8M5mtrjEXHohqMxLR3/Nyeb46
-SvqLDr1kTa+v6BnD1tZlujuR5ArN3a7aNJGN/q/xaXCEg5OVSl7Wu36x9VkvMHPJ
-ytJ7eDGhBxshReiwZJb+dIDb0DPOssKIJegkjminAgMBAAGjggKrMIICpzAOBgNV
-HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
-KwYBBQUHAwIwHQYDVR0OBBYEFKs6ASVxYi5YHvK45Bc0Is8E9VXsMH4GA1UdIwR3
-MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoG
-A1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggr
-BgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJ
-Omh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRn
-ZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBE
-MEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0RBBUwE4IRc2hpYi5vaXQuZHVrZS5l
-ZHUwDQYJKoZIhvcNAQEFBQADggEBAJvMqhgFMrdZlLN1FyMn/KnAxzvpAw+D4kuF
-D1C49Zr53Wl9JIZXu0ASEF80tYQ1w4MkZ5A556f4ipMdzXgEUe+aP1cHteryqobr
-wytaDhY3OhIlditm9O9JVAFBtEZMcWkKGsVTWeL6FmQslGgK5Kq3gFOTVLQqEZIt
-Bgu1swSpaZ8mleylYyWbPORHE3XP9ol0B/5dldRGKebLJq2xGJn/u+QJKWoReOyH
-FhJhr+3G4jU2k5ZjHgt78YWJTnOu+e/MP0S6PAzr+TpX2qYzE9tc9/3he2GGvWjJ
-OjsDUYGbjD43aAZTwLpUD+5pF+tYBadIwD7qLkLx73UQeC9tgJw=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.oit.duke.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 434, expires on Mon Sep 20 18:11:15 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkzCCBHugAwIBAgICAbIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxOTE4MTExNVoXDTEwMDky
-MDE4MTExNVowHDEaMBgGA1UEAxMRc2hpYi5vaXQuZHVrZS5lZHUwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZLnQ/SNUArYDHOXG9bqiCcAFgR0c6PRIB
-QgKSG8xS+gZGYKLBko8XiB1k4NQSmf+OPrJUk2uWyqVhF1RgabYnHK9HuQcF7uV0
-VkOkMVX8VAWl96ltzm+R7GVLh30+YjAZMBzoFTPHXbww++ntmMrxQ3YMNYq7hNwB
-JWnNUpFqNHqR2rtdmSu3If8XO39tnJiPyEp/mstVVzU7O2ltOXe8M5mtrjEXHohq
-MxLR3/Nyeb46SvqLDr1kTa+v6BnD1tZlujuR5ArN3a7aNJGN/q/xaXCEg5OVSl7W
-u36x9VkvMHPJytJ7eDGhBxshReiwZJb+dIDb0DPOssKIJegkjminAgMBAAGjggKj
-MIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFKs6ASVxYi5YHvK45Bc0Is8E9VXs
-MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQG
-EwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5D
-b21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGl
-MIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAC
-hkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNoaWIub2l0LmR1a2Uu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCf66Rd9fSCcrC6wq4VYAyC451Oamzfj9Xy
-SJzXbntT5TvDhxZrvEaBKE8HZK94ncwvd9BmgZucfW3SVkPwJjrWBiVD9waUyoyv
-KywQ/UjB0Hhf1LP2SHedtKeMH4NvatA40Udf3DZUqdf9rtjer9gcUgahx0iHWKX0
-s6C4rpghXJuZ1U/Iu5+r0uGIqFfvgf00vJpJ0bo0ExnEynetfN/4MudmKHMv0RRT
-SL/7kkDOvYdwAer+PKXkHWXzEJLA8uuvjDSpfyMubJQP+P6L2BvtKLMirckMiIAG
-lFB8YmSPRPc1VCtXe/LbLmG51ge3ykYpT+/r3ckhtnOuDMB4cbO1
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.oit.duke.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Duke University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Duke University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.duke.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Shilen Patel</GivenName>
-    <EmailAddress>idmstech@duke.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Shilen Patel</GivenName>
-    <EmailAddress>idmstech@duke.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Ohio University Main Campus -->
-<EntityDescriptor entityID="urn:mace:incommon:ohio.edu">
-  <IDPSSODescriptor errorURL="https://shibboleth.ohio.edu" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ohio.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ohio.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 121, expires on Wed Jan  2 21:01:27 2008 GMT -->
-          <ds:X509Certificate>
-MIIFxTCCBK2gAwIBAgIBeTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcwMTAyMjEwMTI3WhcNMDgwMTAy
-MjEwMTI3WjBFMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPT2hpbyBVbml2ZXJzaXR5
-MRwwGgYDVQQDExNzaGliYm9sZXRoLm9oaW8uZWR1MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA+8JQBPIRuyJd4J3BPwGx0GK2gnB2SNu2ZFatIckaLqnp
-ks2W8Mqa1mZpTDJsH8Vk+vdKZIvN3zGCiypmewfpZFdX4LOZMvSKxtgSZB161CMh
-untIq/4uDqxPlDf59O4mt5GQvezPR/WrIE3CSHkKbTN/ZtVZmcrEtB49tS6Uex6L
-qVqF/1Eh2/qB3+I3BE6nLYDcmauquNHrfJuGV9dJpF78We/zeAohODfnTU2jkuiL
-UDGHF3S0S3WCEEyfCkyFVzanzQpCLR/SLQLiUIWxyNQEZA5b/TGvyRo8O+6BWVl3
-Au9X4g+yq9eFD033GoXrhf/QOVUvXmmaU2lXC/0qlwIDAQABo4ICrTCCAqkwDgYD
-VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
-CCsGAQUFBwMCMB0GA1UdDgQWBBTSFfhFNlXTyEdPrrYVwZ2MasnfUTB+BgNVHSME
-dzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAa
-BgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYI
-KwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVS
-STpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMB4GA1UdEQQXMBWCE3NoaWJib2xldGgub2hp
-by5lZHUwDQYJKoZIhvcNAQEFBQADggEBAE9xxHbThphYDeOJOHo3k+iQ5p2sf+IK
-1rxKzd111VUPQ9CQqQzvz+RMHf2i+hy3gOvkS85/ZTF7aPa7qA/OOmIKo2N/F1I9
-Jrwm31wGvkRcW5fSdEKOKFCqd+B0E2FdHQF3qnkaJ3fxDhofbC8hhbSpXE5RlUWr
-OVEK/uCXk/Pls7scAPLExQuo0Ex1aVYpaywy3AOYyrk078+P8TSFUU/VMYb8AXb7
-RLVnuLbkjVr5+hnuHcAWyqg+rj2FAWdkoBRbrqQM31WJBQaZ0m0XSEeDUeOx+Mfv
-WsTdoMPy7o7q3igCJnJoOWdyZGphhMbi55QPeeMuK6RkUN9zoR0VJlI=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.ohio.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ohio.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ohio.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 121, expires on Wed Jan  2 21:01:27 2008 GMT -->
-          <ds:X509Certificate>
-MIIFxTCCBK2gAwIBAgIBeTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcwMTAyMjEwMTI3WhcNMDgwMTAy
-MjEwMTI3WjBFMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPT2hpbyBVbml2ZXJzaXR5
-MRwwGgYDVQQDExNzaGliYm9sZXRoLm9oaW8uZWR1MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA+8JQBPIRuyJd4J3BPwGx0GK2gnB2SNu2ZFatIckaLqnp
-ks2W8Mqa1mZpTDJsH8Vk+vdKZIvN3zGCiypmewfpZFdX4LOZMvSKxtgSZB161CMh
-untIq/4uDqxPlDf59O4mt5GQvezPR/WrIE3CSHkKbTN/ZtVZmcrEtB49tS6Uex6L
-qVqF/1Eh2/qB3+I3BE6nLYDcmauquNHrfJuGV9dJpF78We/zeAohODfnTU2jkuiL
-UDGHF3S0S3WCEEyfCkyFVzanzQpCLR/SLQLiUIWxyNQEZA5b/TGvyRo8O+6BWVl3
-Au9X4g+yq9eFD033GoXrhf/QOVUvXmmaU2lXC/0qlwIDAQABo4ICrTCCAqkwDgYD
-VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
-CCsGAQUFBwMCMB0GA1UdDgQWBBTSFfhFNlXTyEdPrrYVwZ2MasnfUTB+BgNVHSME
-dzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAa
-BgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYI
-KwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVS
-STpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMB4GA1UdEQQXMBWCE3NoaWJib2xldGgub2hp
-by5lZHUwDQYJKoZIhvcNAQEFBQADggEBAE9xxHbThphYDeOJOHo3k+iQ5p2sf+IK
-1rxKzd111VUPQ9CQqQzvz+RMHf2i+hy3gOvkS85/ZTF7aPa7qA/OOmIKo2N/F1I9
-Jrwm31wGvkRcW5fSdEKOKFCqd+B0E2FdHQF3qnkaJ3fxDhofbC8hhbSpXE5RlUWr
-OVEK/uCXk/Pls7scAPLExQuo0Ex1aVYpaywy3AOYyrk078+P8TSFUU/VMYb8AXb7
-RLVnuLbkjVr5+hnuHcAWyqg+rj2FAWdkoBRbrqQM31WJBQaZ0m0XSEeDUeOx+Mfv
-WsTdoMPy7o7q3igCJnJoOWdyZGphhMbi55QPeeMuK6RkUN9zoR0VJlI=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.ohio.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Ohio University Main Campus</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Ohio University Main Campus</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiou.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>David Alexander</GivenName>
-    <EmailAddress>alexandd@ohio.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Todd Gardner</GivenName>
-    <EmailAddress>gardnet1@ohio.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Aaron Leatherwood</GivenName>
-    <EmailAddress>leatherw@ohio.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://avalon.cns.ohiou.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>avalon.cns.ohiou.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 283, expires on Sat Mar 20 19:06:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFoTCCBImgAwIBAgICARswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMxOTE5MDYwNloXDTEwMDMy
-MDE5MDYwNlowHzEdMBsGA1UEAxMUYXZhbG9uLmNucy5vaGlvdS5lZHUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV2fEaiKvae7jW0kI4HdzvM33jGkBv
-/6pdG5ubRjC/L/TE9uM4vQhc9JTfZGFrY9fAdJVFvoujH7ybyI1ZYjLpTjYpbeXX
-r9ZxQCa284eoin/aawnR4DHaBPdQtTi7SpwK7dntMC2qH6pQY4c74eUnpWqpDh9X
-AKSjZ0E7rwvaOYXCnM6Zf0MUkLZOKkoKCeO7QesTy+meS1yoXFEsKwTH3haEEQim
-9Oyq5NSYUNjX+YmtedxWfFwVu8ab73LULA3iZwakKdoq2SJRu4fOY6R3aAsSxMCA
-hEKfKAR6EFaCJRyEoGS3MRWeT24Pc6mg+p2MMFF7CFngWs4WNBpzM+ANAgMBAAGj
-ggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU
-BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJUko8dMKoecD6vyZyDF8LRz
-gHtDMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYD
-VQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMg
-SW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEB
-BIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJ
-c3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYDVR0RBBgwFoIUYXZh
-bG9uLmNucy5vaGlvdS5lZHUwDQYJKoZIhvcNAQEFBQADggEBAJMRbYS/dPiZJsJr
-qvyAx7gr48PcP38pouKWFxVqsi4v2Pz3Z02kBUzOrdRXZRVwlXDn1J8+Jf1oZaBM
-YSJzCWYlNuBnSJO+YIxhr/VgFnwoKCcW+PKeeAaXcoxrn6XCj3Pxh08TYqWQQQCc
-hBSDyhdxzYPmi8A7V3dTZZKhqyojUrm9j3eBhqYHnkn27q9nJdIYoJevnMYiL+wX
-OvR+cj2W5uHnV5WnPjqs7UZvbW29YeM1Y+913cTlDESx8jYQ9dbzvGEG4Ulq/hfg
-/myBTnGZmDzw5twb4sLp6kC+GbzoOKa828CwYCdwUwwvo+wZqtquk5WU4JLrQirf
-IW0MCvI=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://avalon.cns.ohiou.edu:8443/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Ohio University Main Campus</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Ohio University Main Campus</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiou.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>David Alexander</GivenName>
-    <EmailAddress>alexandd@ohio.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>OIT Service Desk</GivenName>
-    <EmailAddress>servicedesk@ohio.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Stony Brook University -->
-<EntityDescriptor entityID="urn:mace:incommon:stonybrook.edu">
-  <IDPSSODescriptor errorURL="https://shib.cc.stonybrook.edu/shibboleth/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">stonybrook.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.cc.stonybrook.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 258, expires on Fri Feb  5 20:17:26 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAQIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIwNTIwMTcyNloXDTEwMDIw
-NTIwMTcyNlowITEfMB0GA1UEAxMWc2hpYi5jYy5zdG9ueWJyb29rLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyk8siTi8b1NmPsn2iTu1ZXh2QxVKkjLx
-j91gX8CSLybwSuQL1qTyU+wHO1rwjSXrifyBCZrYDE5cmfbDKf0xd+K489Zf5koy
-gwSyPffu48sI6HdHU4yRRwljLh0cOOZEWDMAMxgXfbVlpta8qj1iNaETDY7qcmSr
-effZsEYizgMCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUMxal
-4gVod3rnMG6guawlo1zIU5EwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliLmNjLnN0b255YnJvb2suZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQA+za5epZx9NYHi2+lQXI8X+jWT990xskyWRp6K5ilebCLoa14JREdr4ALk
-UmjGJ3+A1tfr77zg7jRABJ+ATm+ECUsYSZB88GkpUtY/mABRi+Cwc6WC2yHGvPR/
-OgpkeBa4P+zf44AGfeFAwF3ANQ4bjAQx3dY3dOLZrQcMt75nY0sirK+R3Wh05O7F
-CvLlfa0JOEVLl0mLJgCMI9Gs92KK9d8ZzyWgn5jksxJJLBxwN4Q4/Gzb8aBuyhL5
-OU2ScNk8FiXMHDG4KJdG9I47PxukJlrj+/cUfGPzYDusbLQDIYJM69IFFu2nkQKV
-ITv/pkigpLXNxhHoyri1yy2Nnv0R
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.cc.stonybrook.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.cc.stonybrook.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">stonybrook.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.cc.stonybrook.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 258, expires on Fri Feb  5 20:17:26 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAQIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIwNTIwMTcyNloXDTEwMDIw
-NTIwMTcyNlowITEfMB0GA1UEAxMWc2hpYi5jYy5zdG9ueWJyb29rLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyk8siTi8b1NmPsn2iTu1ZXh2QxVKkjLx
-j91gX8CSLybwSuQL1qTyU+wHO1rwjSXrifyBCZrYDE5cmfbDKf0xd+K489Zf5koy
-gwSyPffu48sI6HdHU4yRRwljLh0cOOZEWDMAMxgXfbVlpta8qj1iNaETDY7qcmSr
-effZsEYizgMCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUMxal
-4gVod3rnMG6guawlo1zIU5EwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliLmNjLnN0b255YnJvb2suZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQA+za5epZx9NYHi2+lQXI8X+jWT990xskyWRp6K5ilebCLoa14JREdr4ALk
-UmjGJ3+A1tfr77zg7jRABJ+ATm+ECUsYSZB88GkpUtY/mABRi+Cwc6WC2yHGvPR/
-OgpkeBa4P+zf44AGfeFAwF3ANQ4bjAQx3dY3dOLZrQcMt75nY0sirK+R3Wh05O7F
-CvLlfa0JOEVLl0mLJgCMI9Gs92KK9d8ZzyWgn5jksxJJLBxwN4Q4/Gzb8aBuyhL5
-OU2ScNk8FiXMHDG4KJdG9I47PxukJlrj+/cUfGPzYDusbLQDIYJM69IFFu2nkQKV
-ITv/pkigpLXNxhHoyri1yy2Nnv0R
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.cc.stonybrook.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stony Brook University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stony Brook University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sunysb.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Sanjay Kapur</GivenName>
-    <EmailAddress>Sanjay.Kapur@stonybrook.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian Heller</GivenName>
-    <EmailAddress>Brian.Heller@stonybrook.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ezproxy.hsclib.sunysb.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>ezproxy.hsclib.sunysb.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 320, expires on Sat May 15 17:44:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICAUAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUxNDE3NDQ1MloXDTEwMDUx
-NTE3NDQ1MlowJDEiMCAGA1UEAxMZZXpwcm94eS5oc2NsaWIuc3VueXNiLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwdqjhr3h+VSlkbd+SdV7kjlLOfr5
-nKDv1MwKfnKNn7PmXOInHxQFPJd1dPl4CHB3m4/BDB44YPfs73irEck0hDBB4Ybf
-h0lQ1H+OuwxrjdyxFXIfrbOqwRkSO43G7VyjIdosu5iFAQCDOHSoYMSnw9q2qrr2
-IAuv5rINucNuN5ECAwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-5Ln51JfgQ8MS2iDb32wXm7BaOZ8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAkBgNVHREEHTAbghllenByb3h5LmhzY2xpYi5zdW55c2IuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQCa3KWqy+GI+xGMPn+PqKDA21flZvCLGOL40F8P+nssCh12I3fM
-ruTNC2zzgfNfymtuBJMfEyqpW6MRP2aZ0E3N3DCSRR/sGxForoCY9iVWo+J1gm3W
-SStOM0qCbDEXYcvcCKofIrfKDJutafXafBygjKvjhEjadY3mq59Hhho+nOTH9uVo
-BtSmcDgI/WhpOKW6VcIA5iNf/DOjqJrco20LJj9KfgMOpoe7ToNWyUvCmdTEI5xa
-vogYhelt+xnatqzGgN173QIxTsDSvaiOkzty5UZ0joKXq+ioslYqJTM/upKposus
-RjNlYmeo+yHlHWAcyZpCBz7mATbGqUvelRSL
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://login.ezproxy.hsclib.sunysb.edu/Shibboleth.shire" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stony Brook University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stony Brook University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sunysb.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Joseph Balsamo</GivenName>
-    <EmailAddress>jbalsamo@notes.cc.sunysb.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Uday Karki</GivenName>
-    <EmailAddress>Uday.Karki@stonybrook.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibezproxy.campus.stonybrook.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibezproxy.campus.stonybrook.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 151, expires on Fri May  2 19:32:46 2008 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAJcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDUwMzE5MzI0NloXDTA4MDUw
-MjE5MzI0NlowWjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlN0b255IEJyb29rIFVu
-aXZlcnNpdHkxKjAoBgNVBAMTIXNoaWJlenByb3h5LmNhbXB1cy5zdG9ueWJyb29r
-LmVkdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC9TzEloxXt5da2hHfU/s7AdyGR
-Dvfbaw7q9qNyEbKmQmv0+Nnnvh3CKKG9lzBU6LIYTwbg49pYX7yOHTgLyorjAgMB
-AAGjggK7MIICtzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFE1eSnxmfrx7/sICAkQK
-dzOh3K3eMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUF
-BwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlD
-QSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwLAYDVR0RBCUwI4Ih
-c2hpYmV6cHJveHkuY2FtcHVzLnN0b255YnJvb2suZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQBMwpWknhlr0aIWlC19b180hYpcOafG6mcosuCxsyj6eyZquGC0qUJmKNgG
-o+Zz2mribkvDfPpTiiLfbEnzQTdINmX7fS7ulKIbYc1XSd3oLYcdPBTVWQG1DMSh
-YCXEa+lPz1lLvKVvdMPnQ1eP+CCwoYiFB45B56o452StIKlCW3J5PCuIt9zQwJMv
-uUe7uc7N0aNGUGZhiKecGscyMBlPUCu1AthbycKMOzLLXlDaE06xU6BVpiabt9lK
-x11mGAv0+ffpypGN33jsOrcot8OPBGuqMrfdrlqlTGVFnH5R70M3ujJZDzeOUPHO
-uMOTN9rgXJYzAP1v7zxsADTZBTrI
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibezproxy.campus.stonybrook.edu:8443/Shibboleth.shire" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stony Brook University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stony Brook University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sunysb.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian Heller</GivenName>
-    <EmailAddress>Brian.Heller@stonybrook.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibtest.campus.stonybrook.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibtest.campus.stonybrook.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 129, expires on Tue Jan 29 22:05:48 2008 GMT -->
-          <ds:X509Certificate>
-MIIFXzCCBEegAwIBAgICAIEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDEyOTIyMDU0OFoXDTA4MDEy
-OTIyMDU0OFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlN0b255IEJyb29rIFVu
-aXZlcnNpdHkxJzAlBgNVBAMTHnNoaWJ0ZXN0LmNhbXB1cy5zdG9ueWJyb29rLmVk
-dTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo1L08nWqcFsQ7Vx28k1N2PkM
-EQGdKmc2akMpvm5gPwa9p918tJgeryNtJeHHLO1Vpbj5Zj8B7LCC3xujb4E32wi8
-HS813b/BoADjqIS62Ni+pzqWIYBRAneE8I4uKWbRsn4T3lKhLWd+t8xJXMHzh1Kx
-zTkJcEIwN7R0xW+qVt0CAwEAAaOCArgwggK0MA4GA1UdDwEB/wQEAwIFoDAMBgNV
-HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
-FgQUv47z+BWaqpjqpCUcVX450exFX24wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd
-3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBG
-ZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDov
-L2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRz
-L2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9u
-Y2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0
-dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2Vz
-LnBkZjApBgNVHREEIjAggh5zaGlidGVzdC5jYW1wdXMuc3Rvbnlicm9vay5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAFqZm9doLA98vros8skArzJit/YzetjiOQIcMN8z
-OSZq8QapbK7gjiwiUB4QM/RHYsYQnf2QcyMjJcrDM+mGRqHXsCUQnRsdZuG2FgSe
-G4GvZWAYxPyKcRV8fpzMlnJgd9rXMlYMub04gHAQxUHSrFjGuo9PwwUzeH6etzsZ
-rwiXhtASxVL/PDzfQczQVS5ztNN8TiEod58H2wfqiEqA7nbdbRIPEnftkANyUqfe
-BbMyJfwfNYWFLJpNpAgXlOp0eRocJ5IvWd03Vw98jOABP/ENWyNAF+ZEmuc9WCNo
-QrelhrE7f6gbpfjXeWL1u9y0EDjQ3gScz0SU2tYorqRxq1g=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibtest.campus.stonybrook.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://shibtest.campus.stonybrook.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stony Brook University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stony Brook University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sunysb.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Sanjay Kapur</GivenName>
-    <EmailAddress>Sanjay.Kapur@stonybrook.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian Heller</GivenName>
-    <EmailAddress>Brian.Heller@stonybrook.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Maryland College Park -->
-<EntityDescriptor entityID="urn:mace:incommon:umd.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umd.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.idm.umd.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 294, expires on Sat Apr  3 18:36:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICASYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMjE4MzYxNFoXDTEwMDQw
-MzE4MzYxNFowGzEZMBcGA1UEAxMQc2hpYi5pZG0udW1kLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA/LYv/nglT6i8PuSTmJlHIUWRwrMlY/sryTuW5roo
-edAZucZ24/sR0z49VRsCqGiuJfcbndlavOdoDxmw4i3cA3l2+n2aRAjOWjy4wuAu
-iUus77JMciRUXJRuVgm0qn68VkvKtIePOpcaUTLjlcTX5LkXWYmV1T1OIYiIwYHV
-zn0CAwEAAaOCAqowggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUkHT8aCyKXsBn
-fsg2MKch1QP6c0QwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREE
-FDASghBzaGliLmlkbS51bWQuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAjjbiHsMG5
-1c5uKXcLdVlU1wgXf4fcYFzGjWNsdFjyX+P/aM1HMlOHU9ESNYYoLWrmHcj7bhPz
-aZ4Ce6niXK8EJAfzzCNy2MyGEh1A2JNGOWl47yVnJbvrksxYquLPuVMZ+40vUb5h
-IN7h8ALSUyjqHpcqX4Fo9Twr1H5Yt/+QQlfSH3VKhAyHGiVXH8rzulCH/lmcxLM1
-jOuIlDwP7WWSm5sqlDQaLO6buON0Xxq2nlHvZExqc8KAVITKvnUkxQsSxXMwJ9u+
-fWlPPAHvTMsJ6mOehyJuE5yGMCruQkpXv2Wq0bQt49eyFNKU1C/rtr7XD59KT70W
-HnmRnSBaQPBx
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.idm.umd.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umd.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.idm.umd.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 294, expires on Sat Apr  3 18:36:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICASYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMjE4MzYxNFoXDTEwMDQw
-MzE4MzYxNFowGzEZMBcGA1UEAxMQc2hpYi5pZG0udW1kLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA/LYv/nglT6i8PuSTmJlHIUWRwrMlY/sryTuW5roo
-edAZucZ24/sR0z49VRsCqGiuJfcbndlavOdoDxmw4i3cA3l2+n2aRAjOWjy4wuAu
-iUus77JMciRUXJRuVgm0qn68VkvKtIePOpcaUTLjlcTX5LkXWYmV1T1OIYiIwYHV
-zn0CAwEAAaOCAqowggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUkHT8aCyKXsBn
-fsg2MKch1QP6c0QwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREE
-FDASghBzaGliLmlkbS51bWQuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAjjbiHsMG5
-1c5uKXcLdVlU1wgXf4fcYFzGjWNsdFjyX+P/aM1HMlOHU9ESNYYoLWrmHcj7bhPz
-aZ4Ce6niXK8EJAfzzCNy2MyGEh1A2JNGOWl47yVnJbvrksxYquLPuVMZ+40vUb5h
-IN7h8ALSUyjqHpcqX4Fo9Twr1H5Yt/+QQlfSH3VKhAyHGiVXH8rzulCH/lmcxLM1
-jOuIlDwP7WWSm5sqlDQaLO6buON0Xxq2nlHvZExqc8KAVITKvnUkxQsSxXMwJ9u+
-fWlPPAHvTMsJ6mOehyJuE5yGMCruQkpXv2Wq0bQt49eyFNKU1C/rtr7XD59KT70W
-HnmRnSBaQPBx
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.idm.umd.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Maryland College Park</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Maryland College Park</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.umd.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>David Barks</GivenName>
-    <EmailAddress>dbarks@umd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>John Pfeifer</GivenName>
-    <EmailAddress>shibboleth@umd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Daniel Carter</GivenName>
-    <EmailAddress>shibboleth@umd.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Jyoti Sawhney</GivenName>
-    <EmailAddress>shibboleth@umd.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- EBSCO Information Services -->
-<EntityDescriptor entityID="http://shibboleth.ebscohost.com">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ebscohost.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 286, expires on Sun Mar 28 15:10:33 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJTCCBA2gAwIBAgICAR4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMyNzE1MTAzM1oXDTEwMDMy
-ODE1MTAzM1owIzEhMB8GA1UEAxMYc2hpYmJvbGV0aC5lYnNjb2hvc3QuY29tMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOJsLwjX/1qADYZj5hs41bzfa+LHJe
-Rh4Fr6mkexEhiKkdMkO+N2Mf87wR8KQ3zrlm+yR40QvuHcnALDhHSP3azA2a7znL
-cnQ8zyaFO/X6nYjRlYuXsoXOzkJVCUbg2DAVE+/XHoIWnvNtKRNv0yRrkrxXE/YS
-7a5cjKSRtVgUPwIDAQABo4ICsjCCAq4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTR
-tA2HJR5/Wj6waGKY92phwXdH7DB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MCMGA1UdEQQcMBqCGHNoaWJib2xldGguZWJzY29ob3N0LmNvbTANBgkqhkiG9w0B
-AQUFAAOCAQEAhEGXiK+3T44QrXgONgdH/oh9O2njb7fBFa+gMeoMuv6uMlyRIwWA
-WN60EunykptjPyE6z6MUU8QjSbFzl0v9f6QJSEJnKJOVqlRhqPNfq3YEtArj4gO9
-tCczfpo+BDt/Csi8K6aV5qjqwmmPVtwjdgHssM4xCHhIp2csv/yYN+uKYyJYvRyw
-dqB2bdZaFcRkx00TrA6oS9H2qxgr2Omkno/4VoQIoax13yQB9as3hVkefc26JAnV
-pEvGx14b1GoEIVBlXF3CZOeWjYcrn6hgmyNooHHw8akxz+dxe88ORQ2olqr+drp2
-plKXri1kg8lCT/7PobvinTLX9PpQjxGxtA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.ebscohost.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">EBSCO Information Services</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">EBSCO Information Services</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ebsco.com/home/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Ron Burns</GivenName>
-    <EmailAddress>rburns@epnet.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Dave Flynn</GivenName>
-    <EmailAddress>dflynn@epnet.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Clemson University -->
-<EntityDescriptor entityID="urn:mace:incommon:clemson.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">clemson.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.clemson.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 235, expires on Sun Dec  6 15:28:32 2009 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAOswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIwNjE1MjgzMloXDTA5MTIw
-NjE1MjgzMlowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5jbGVtc29uLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxwX0u5TnJPAsC6+Sxm0ki6c5NWWijyAF
-o+CBXdD2up7QoSX71IMeA3nE7vhnJGL5t2qmbjH7t4lJBIhOon/dBvKWVKcFqMO5
-mrBwFj9cka2sdrpv7CIRxMZiHHrWxnu/2QB6Rexc5NwgcLBy+V4FLRHJkEmLKWzt
-qBCud6hQdScCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUzNJa
-IyoD1OEdDdEibw/2thWUtNUwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliYm9sZXRoLmNsZW1zb24uZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQAXgnWVTOp/YwHy/xFz3qN7Ys30qpG/dqUGvgrMLQ4uJJtYkPkwgP4TplUR
-mnKiDKnrlLLin2FW34uAGQ012XsXFm5TIdNISjfG2rNocnAjbrLuNrb20EXGJgfy
-Nc7peBumgUi+o2hhwF26plMjlD29M4FeiV+jjuq1d4wlr/mP5Q5BditU0tWjbAc5
-Z+0+zaqScBU4wV/ATmKMhNb2dl4ZBQWUvKlYSA+48febMhSQsZ4B+z5+wq4QNKDI
-5wtixw2ZISsrvyctoZtzyAFOgCeLxAya7Rn0zclMRrR8O8a0h32tYLx6p+rm0sH5
-Cr2jR6PniEzth8Gk/y8F+0IuJSG8
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.clemson.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.clemson.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">clemson.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.clemson.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 235, expires on Sun Dec  6 15:28:32 2009 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAOswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIwNjE1MjgzMloXDTA5MTIw
-NjE1MjgzMlowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5jbGVtc29uLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxwX0u5TnJPAsC6+Sxm0ki6c5NWWijyAF
-o+CBXdD2up7QoSX71IMeA3nE7vhnJGL5t2qmbjH7t4lJBIhOon/dBvKWVKcFqMO5
-mrBwFj9cka2sdrpv7CIRxMZiHHrWxnu/2QB6Rexc5NwgcLBy+V4FLRHJkEmLKWzt
-qBCud6hQdScCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUzNJa
-IyoD1OEdDdEibw/2thWUtNUwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliYm9sZXRoLmNsZW1zb24uZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQAXgnWVTOp/YwHy/xFz3qN7Ys30qpG/dqUGvgrMLQ4uJJtYkPkwgP4TplUR
-mnKiDKnrlLLin2FW34uAGQ012XsXFm5TIdNISjfG2rNocnAjbrLuNrb20EXGJgfy
-Nc7peBumgUi+o2hhwF26plMjlD29M4FeiV+jjuq1d4wlr/mP5Q5BditU0tWjbAc5
-Z+0+zaqScBU4wV/ATmKMhNb2dl4ZBQWUvKlYSA+48febMhSQsZ4B+z5+wq4QNKDI
-5wtixw2ZISsrvyctoZtzyAFOgCeLxAya7Rn0zclMRrR8O8a0h32tYLx6p+rm0sH5
-Cr2jR6PniEzth8Gk/y8F+0IuJSG8
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.clemson.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Clemson University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Clemson University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.clemson.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Kyle Peacock</GivenName>
-    <EmailAddress>kpeacoc@clemson.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Barry Johnson</GivenName>
-    <EmailAddress>hbj@clemson.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Barry Johnson</GivenName>
-    <EmailAddress>hbj@clemson.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://hsscwiki.clemson.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>hsscwiki.clemson.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 238, expires on Sun Dec 13 17:21:59 2009 GMT -->
-          <ds:X509Certificate>
-MIIFoTCCBImgAwIBAgICAO4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIxMzE3MjE1OVoXDTA5MTIx
-MzE3MjE1OVowHzEdMBsGA1UEAxMUaHNzY3dpa2kuY2xlbXNvbi5lZHUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsAeyvhAw5SDn01FJevX5SFblUT7BB
-UZotPqQzBNto/01WRyTz5FRZBOoCpGvs36Ja/eqTLKbGwp7ab46bYkFj9o+U4shy
-P6IwazsweO4UQfZ7wQgqJglCAoBZQtQU4NBMNimUEwxma4YcIFPQ7fscWzyuAFpd
-9DXu8P0thjwcTuuL2Nigj491iD9EJGwDv+CdzDzZa0IQE3Ad+K7TIxrcWfD9MgbH
-mWSgj7f4pCrCJgM1lX5S8kcmKF7ra2vnQOMQHX8zpwriuk7jp2oaAkc24CmVBurr
-Lm3PbeFFPVV1I7BXmnQC9FGQYZjUPNob/JiWK7Zx2JGD3WWHPmlETzMNAgMBAAGj
-ggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU
-BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFIaFy6/2NgCf8v3UgRkepXQ
-DM17MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYD
-VQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMg
-SW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEB
-BIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJ
-c3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYDVR0RBBgwFoIUaHNz
-Y3dpa2kuY2xlbXNvbi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAHWONB9MCvUoBsUl
-tT8pMPzOq+/wHs2Z9Dk/9XNiMbFllPySjbyr/RmwU82u/v+DRd8qGgALACAHQMfn
-FvxVwJcKb2RJn7jSaXD5+wctuuyDyJy78P8f1hXscABlbN6LuWt7ud9fedvLkzWy
-KHp7VkbcUrUcdXkAVsg0vxqQ5WbGg4+MeJIO9I9Rhv8DZcWX+arjK7FDBvDbn9u1
-SoC5deoDldRvYkGfBWsY8ONH/kcCyjXfsiAdAtf5DQy6IOeHO8UNH/5x4Da1wyN1
-tMM4WKlk/dIe7M7DbkRO5r4ascIulaXOlvaKKD8aTS5zReQ4aHKqoxzLgHXrcSfu
-Ph1vpoI=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://hsscwiki.clemson.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://hsscwiki.clemson.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://hsscwiki.clemson.edu/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://hsscwiki.clemson.edu/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Clemson University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Clemson University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.clemson.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Kyle Peacock</GivenName>
-    <EmailAddress>kpeacoc@clemson.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Barry Johnson</GivenName>
-    <EmailAddress>hbj@clemson.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.intelligentriver.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.intelligentriver.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 416, expires on Sun Aug 22 18:13:03 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAaAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyMTE4MTMwM1oXDTEwMDgy
-MjE4MTMwM1owIzEhMB8GA1UEAxMYd3d3LmludGVsbGlnZW50cml2ZXIub3JnMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnMuvBQ2fe9fBGKxmDB2TtxwZs3Jqy
-MfjjprjLtYlG/3MRHmDtVT/t45D8cogmooJnkP/xf1ps3zNtQT/V12g2f6tSmcRE
-7HUY0rVt/1G5QNFnnZMhmc/t07EiwAFK0vT3VF68HwgzgTm1Oc/alxMxIR/RRcry
-LuLUCP8Cezxz4QIDAQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT6
-oxcz+PUFOfSg+OrZ/FVA8CXe8jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREE
-HDAaghh3d3cuaW50ZWxsaWdlbnRyaXZlci5vcmcwDQYJKoZIhvcNAQEFBQADggEB
-AE+YLgBlhcHgqvGaPU6iJtgknqi0BaIBW4PqrPJbyvRZY93QdthK2KdXRN25hM9F
-7FRm+Oz08uSUaStJG5pt6p4l5JE3nwAX3+LWlFZX3JRkdx87oldrrM7PYq73wtEQ
-2f9AQRR8yiptHR/R5PgbOgjrZypYtDA/qbDPHFOXoW4iTs/aFiwrsXLlrvwfSWsQ
-5sX4VLLwoor93QsWVSiE5fmGlz+lyUJfNAg7n5R9RKwr8bubApBORahwDXKl9pTz
-gJsJ3Do+Fg6nH0EGj6SdLoFeChkKoBW9ftNwdNlMEUEGjfml/XxSaax36QGnyaon
-8TEkIYNxRKaeWjSIpMQ4MB0=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.intelligentriver.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.intelligentriver.org/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://www.intelligentriver.org/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://www.intelligentriver.org/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Clemson University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Clemson University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.clemson.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Barry Johnson</GivenName>
-    <EmailAddress>hbj@clemson.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Kyle Peacock</GivenName>
-    <EmailAddress>kpeacoc@clemson.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.marinegenomics.org/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.marinegenomics.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 332, expires on Sun May 30 19:08:16 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAUwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyOTE5MDgxNloXDTEwMDUz
-MDE5MDgxNlowITEfMB0GA1UEAxMWd3d3Lm1hcmluZWdlbm9taWNzLm9yZzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArEduauqR/NLfLHuOK8+58uIig6XvoJIx
-8jT8dptoB7POMl/4Bg2k6f+bSY5lzSz7aVEoGdRxpUtLh1GYMfO22l+gXtJNQVGm
-YHmXgliNjwBisxXAF4P7IbwK4Sclei0Xnynm983ZnVtOuNk0Dvi19LBYQyMxBerm
-uh3RjYlXo5sCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUdohI
-nTDYynNz5/1mikm/Hr0Gi7MwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZ3d3cubWFyaW5lZ2Vub21pY3Mub3JnMA0GCSqGSIb3DQEBBQUA
-A4IBAQC/JJ8hprM/EaslwAmti3ye3SbJ+kAgRvdKhURsixQx7pyEms+6WtL6hBM6
-q4q+QiUbahrrte6bYEAD2wbayJS/U6+ZEkYXf/jg57+qyflOvEqn9RfxRdXWs5mr
-7txMduY8j2RDcAALVjCbfDr5SVQfuXyngd0qYZVJ0OjwpReg+qN9cPQGA2JbaRzJ
-oLsqEcRuKyJThiASXEDBHaDCvL0F/8JLj7z40t+kaD6S9tRy9MRTLWLHQCSSQzlr
-W3LY/kOkqo7KMiJ88tcc48mFGn2QxZhZZVd3wuzZOffIk9KGpxnlY6dexTA9+XD+
-aRhp4TJtqNi1rlhg+COOay/0lum6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.marinegenomics.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.marinegenomics.org/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://www.marinegenomics.org/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://www.marinegenomics.org/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Clemson University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Clemson University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.clemson.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Kyle Peacock</GivenName>
-    <EmailAddress>kpeacoc@clemson.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Jill Gemmill</GivenName>
-    <EmailAddress>gemmill@clemson.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Barry Johnson</GivenName>
-    <EmailAddress>cyclist@clemson.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Cengage Learning -->
-<EntityDescriptor entityID="https://auth.galegroup.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.galegroup.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 263, expires on Sun Feb 14 21:17:15 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJTCCBA2gAwIBAgICAQcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIxNDIxMTcxNVoXDTEwMDIx
-NDIxMTcxNVowIzEhMB8GA1UEAxMYc2hpYmJvbGV0aC5nYWxlZ3JvdXAuY29tMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFIQLiQ3kYwGP4qng27fovdEkFCnwQ
-nLTfeWZPK7cxHvEKIqbTBQc9NqkoNl2S2+frw9O2pp5pYoXqd9F3JQRaosItV0qd
-UIoS5ETOQMrsg19cveo4754hJMi/RMG2UeMSJRolJQP/5v74EE3oSYNqSJAPqpvg
-EBXcQN8m+R17KQIDAQABo4ICsjCCAq4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ1
-b9DSyKkMlostz9E+G08roQUZbzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MCMGA1UdEQQcMBqCGHNoaWJib2xldGguZ2FsZWdyb3VwLmNvbTANBgkqhkiG9w0B
-AQUFAAOCAQEAprTyzUe6RzrggkPc/hEe7oyyMAMro3NQb6SIdE33LjxsVlJkR76x
-wvf33rXPuAM+Eo1mqH9aX6vAqcMMkDIaABF/MH3tTjnDa18WVG2JUXSuh3rKLZFW
-HL3kBeUW06ZlSUDySxLtjP4v0duqThwN5mVfZ00YLfiKrSTiGJGhdlN5snYS825X
-wtoVbzmvsQXJrdl3f3yii5doUWmP/1+r7K66zUl8P9QR/OtBL/0AAgMfDCV6Ba3b
-dbBRL29YqEg7Z8s3AQRlMTp9ppQLvxWZlKlFUDokg3TtJpaf/RScWOVwzdP7M/xH
-ffnOsSafpO+hFdF0HTXUD+r3UEDbysI97A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.galegroup.com/auth/capmAuthentication.do" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.galeext.com/auth/capmAuthentication.do" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.galedemo.com/auth/capmAuthentication.do" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.qa.galeext.com/auth/capmAuthentication.do" index="4"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.qa.ggtest.com/auth/capmAuthentication.do" index="5"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.qa.gghybrid.com/auth/capmAuthentication.do" index="6"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tg-txpres2.oh.ggtest.com:8443/auth/capmAuthentication.do" index="7"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tg-dxpres1.oh.ggtest.com:8443/auth/capmAuthentication.do" index="8"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tg-dxpres1.oh.ggtest.com:8444/auth/capmAuthentication.do" index="9"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://phtndev1.ggtest.com:8443/auth/capmAuthentication.do" index="10"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://phtndev2.ggtest.com:8443/auth/capmAuthentication.do" index="11"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.galegroup.com/ps/capmAuthentication.do " index="12"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.galeext.com/ps/capmAuthentication.do " index="13"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.galedemo.com/ps/capmAuthentication.do " index="14"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.qa.galeext.com/ps/capmAuthentication.do " index="15"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.qa.ggtest.com/ps/capmAuthentication.do " index="16"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.qa.gghybrid.com/ps/capmAuthentication.do " index="17"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tg-txpres2.oh.ggtest.com:8443/ps/capmAuthentication.do " index="18"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tg-dxpres1.oh.ggtest.com:8443/ps/capmAuthentication.do " index="19"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tg-dxpres1.oh.ggtest.com:8444/ps/capmAuthentication.do" index="20"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://phtndev1.ggtest.com:8443/ps/capmAuthentication.do " index="21"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://phtndev2.ggtest.com:8443/ps/capmAuthentication.do " index="22"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://tg-dxpres1.oh.ggtest.com:8445/Shibboleth.sso/SAML/POST" index="23"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Cengage Learning</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Cengage Learning</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.cengage.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Daniel Steinberg</GivenName>
-    <EmailAddress>daniel.steinberg@cengage.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Bhargavi Krishnamachari</GivenName>
-    <EmailAddress>bhargavi.krishnamachari@contractor.cengage.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Gale Technical Support</GivenName>
-    <EmailAddress>gale.technicalsupport@cengage.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Gary Pollack</GivenName>
-    <EmailAddress>gary.pollack@cengage.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- JSTOR -->
-<EntityDescriptor entityID="https://qa.jstor.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.jstor.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 262, expires on Sat Feb 13 21:33:32 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkzCCBHugAwIBAgICAQYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIxMzIxMzMzMloXDTEwMDIx
-MzIxMzMzMlowGDEWMBQGA1UEAxMNd3d3LmpzdG9yLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKcWEkGmq9QNA4X2teJQtJnz2aw7nqspjk/k7LhA
-9AAEQvRdyeCF2wzWJkplwcDqFc7ET+NlfF87P/O7QrnC9tiamfGjO3kisAE09fEK
-174rCTP2WQjIAwR0dygcy9f//0gafAW/gaijUnpiU1yARORZ3nKevsw+F64N73bS
-V6JPiUu7MZ8fO//xTg2dtlQxrUjPp12CXlDXzcgloDwSbSThVhJYb1CLF379bE9h
-RB1GuNqRZEx0bI1KHV6OZD6tcELhHwoTG+XJZJr5B1o6bIIsxriooHQJ35sWv6b1
-RFHm9f1MX7irqLGWBLYXQLzjlhZGVaPBxS7m5YE0ZCfJIb8CAwEAAaOCAqcwggKj
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUv/7WaGV/eHa+J3Dp7Ns1OE2B7RQwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaow
-gacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMg
-LSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
-dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2Vl
-Y3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMB
-BAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAYBgNVHREEETAPgg13d3cuanN0b3Iu
-b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQCVzBQLXqlufn+Tni0G8FBjn4bKT89OXa2z
-T3Aw/wZ07zykSMRm6Sude5ojxyJDR19wfhWJDe/bxcyuHusSpjvIsYLm6AzECtwO
-qW8CeB8vOO71Ss7AWC57pbn8w2GVqW+cTu/Ar6MZqt7WdYK/rUznPmKZiPHoBSNc
-FKrie5V92lO8JtFIOBhOSNYt80nuEwO/jUYqXxMMXe46DMVM6RlSZWOHqiRvSsbH
-5stXFmk2l7BG9M2beqd9UQSfV6X+GlSOMv5dPIVMctm3h1xUB5QU8KUgOMpx2cVL
-O41VYoKi6ksEmHDxa4+vp2FJ+PJDIyiaWQsDSrHXe7ANuwzb3AjO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://omega.jstor.org/action/samlACS" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">JSTOR</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">JSTOR</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.jstor.org</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Spencer Thomas</GivenName>
-    <EmailAddress>spencer.thomas@jstor.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Ronald Snyder</GivenName>
-    <EmailAddress>ronald.snyder@jstor.org</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.jstor.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.jstor.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 262, expires on Sat Feb 13 21:33:32 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkzCCBHugAwIBAgICAQYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIxMzIxMzMzMloXDTEwMDIx
-MzIxMzMzMlowGDEWMBQGA1UEAxMNd3d3LmpzdG9yLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKcWEkGmq9QNA4X2teJQtJnz2aw7nqspjk/k7LhA
-9AAEQvRdyeCF2wzWJkplwcDqFc7ET+NlfF87P/O7QrnC9tiamfGjO3kisAE09fEK
-174rCTP2WQjIAwR0dygcy9f//0gafAW/gaijUnpiU1yARORZ3nKevsw+F64N73bS
-V6JPiUu7MZ8fO//xTg2dtlQxrUjPp12CXlDXzcgloDwSbSThVhJYb1CLF379bE9h
-RB1GuNqRZEx0bI1KHV6OZD6tcELhHwoTG+XJZJr5B1o6bIIsxriooHQJ35sWv6b1
-RFHm9f1MX7irqLGWBLYXQLzjlhZGVaPBxS7m5YE0ZCfJIb8CAwEAAaOCAqcwggKj
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUv/7WaGV/eHa+J3Dp7Ns1OE2B7RQwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaow
-gacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMg
-LSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
-dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2Vl
-Y3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMB
-BAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAYBgNVHREEETAPgg13d3cuanN0b3Iu
-b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQCVzBQLXqlufn+Tni0G8FBjn4bKT89OXa2z
-T3Aw/wZ07zykSMRm6Sude5ojxyJDR19wfhWJDe/bxcyuHusSpjvIsYLm6AzECtwO
-qW8CeB8vOO71Ss7AWC57pbn8w2GVqW+cTu/Ar6MZqt7WdYK/rUznPmKZiPHoBSNc
-FKrie5V92lO8JtFIOBhOSNYt80nuEwO/jUYqXxMMXe46DMVM6RlSZWOHqiRvSsbH
-5stXFmk2l7BG9M2beqd9UQSfV6X+GlSOMv5dPIVMctm3h1xUB5QU8KUgOMpx2cVL
-O41VYoKi6ksEmHDxa4+vp2FJ+PJDIyiaWQsDSrHXe7ANuwzb3AjO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.jstor.org/action/samlACS" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibtest.jstor.org/action/samlACS" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://classic.jstor.org/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://omega.jstor.org/action/samlACS" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">JSTOR</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">JSTOR</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.jstor.org</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Spencer Thomas</GivenName>
-    <EmailAddress>spencer.thomas@jstor.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Ronald Snyder</GivenName>
-    <EmailAddress>ronald.snyder@jstor.org</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Florida State University -->
-<EntityDescriptor entityID="urn:mace:incommon:fsu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">fsu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.fsu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 327, expires on Fri May 28 19:28:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjzCCBHegAwIBAgICAUcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyNzE5Mjg0M1oXDTEwMDUy
-ODE5Mjg0M1owFjEUMBIGA1UEAxMLaWRwLmZzdS5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQChThukvsx+K6TbtRC3DUPv2q9jH1APBBqZvImmhwTV
-M7myhRjhhj9iaX63iVY5LcxgrFFjXqY7Gd4/y7LjBVJQjsJTnkn28ua7/84tbuq2
-jVSvnWkoI7wOljShPrxZv38dECpaOwMRNQWB5bN1UhhuXFHKQScbnfHmSdMqf2ya
-DiB8Zx4TaAqzoX5vlaE7gw86A6AI8EXeqLZoy5hPACNGv5Yk3BgXXvl0vuqU4ej7
-qEXiOu0Z4kxiQwYSdxziLiuocHVYTlWyLti9GHuEqpTO1l40MNpl9rU/h0AYR/AW
-VNWtVOIqV+5w18AyCy1+JcPe6MbIrPbIeZkAB7tpbwPtAgMBAAGjggKlMIICoTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFEFCZ55Pp5N5O06XuiOb04iv+ogkMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGn
-BggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0g
-VVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwFgYDVR0RBA8wDYILaWRwLmZzdS5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAEFJmFUrwl7IsaD+/dTh7W0jDDV6JEPYQkIRHGn4
-mGi+4Tod/+EDQnAQ0y+6WCHQ8FyD3uttsrVaOrdOZb7RcAiHPovSPg2E5yYTDsQa
-PW9IOnlq3pBmal6Nk3vohE+r49MyB8jA153AUed91XHMhDdx2bKOGJBxEnrtJnrO
-LKLUq0uUoR+fe5wG6FNTHNAVwc5FDsokNqfVT8jG87ZevsgymwZPDGi3waoolajl
-LFFIcXLXl88uUjdrzCmzc91yzJyvtnFH5WVFa7XXAVwNJDLzrob6EaF1FQXqBBEZ
-2vkeI2Ez5h4aZ/soW69ZKsJvrYSZnoMXedmb6spU6le1qkM=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.fsu.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">fsu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.fsu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 327, expires on Fri May 28 19:28:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjzCCBHegAwIBAgICAUcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyNzE5Mjg0M1oXDTEwMDUy
-ODE5Mjg0M1owFjEUMBIGA1UEAxMLaWRwLmZzdS5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQChThukvsx+K6TbtRC3DUPv2q9jH1APBBqZvImmhwTV
-M7myhRjhhj9iaX63iVY5LcxgrFFjXqY7Gd4/y7LjBVJQjsJTnkn28ua7/84tbuq2
-jVSvnWkoI7wOljShPrxZv38dECpaOwMRNQWB5bN1UhhuXFHKQScbnfHmSdMqf2ya
-DiB8Zx4TaAqzoX5vlaE7gw86A6AI8EXeqLZoy5hPACNGv5Yk3BgXXvl0vuqU4ej7
-qEXiOu0Z4kxiQwYSdxziLiuocHVYTlWyLti9GHuEqpTO1l40MNpl9rU/h0AYR/AW
-VNWtVOIqV+5w18AyCy1+JcPe6MbIrPbIeZkAB7tpbwPtAgMBAAGjggKlMIICoTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFEFCZ55Pp5N5O06XuiOb04iv+ogkMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGn
-BggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0g
-VVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwFgYDVR0RBA8wDYILaWRwLmZzdS5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAEFJmFUrwl7IsaD+/dTh7W0jDDV6JEPYQkIRHGn4
-mGi+4Tod/+EDQnAQ0y+6WCHQ8FyD3uttsrVaOrdOZb7RcAiHPovSPg2E5yYTDsQa
-PW9IOnlq3pBmal6Nk3vohE+r49MyB8jA153AUed91XHMhDdx2bKOGJBxEnrtJnrO
-LKLUq0uUoR+fe5wG6FNTHNAVwc5FDsokNqfVT8jG87ZevsgymwZPDGi3waoolajl
-LFFIcXLXl88uUjdrzCmzc91yzJyvtnFH5WVFa7XXAVwNJDLzrob6EaF1FQXqBBEZ
-2vkeI2Ez5h4aZ/soW69ZKsJvrYSZnoMXedmb6spU6le1qkM=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.fsu.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Florida State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Florida State University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.fsu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Ethan Kromhout</GivenName>
-    <EmailAddress>ekromhout@fsu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- OhioLink -->
-<EntityDescriptor entityID="urn:mace:incommon:ohiolink.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ohiolink.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>authdb.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 259, expires on Sun Feb  7 21:04:30 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAQMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIwNzIxMDQzMFoXDTEwMDIw
-NzIxMDQzMFowHjEcMBoGA1UEAxMTYXV0aGRiLm9oaW9saW5rLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAob4wEfkTd9weHRFCRCbyV17CuLf9St0atewM
-H2EAgo9fyWk6KSmX9odoFJ91SFr6xIjAuY3oyIMXVM8uJqlWS+yYzTjjqYumdHtO
-TNO22Sw31FP/sWgNbzrzp6AZWrzZO5fuBAr63QeUOt3R1aF9V4xLexaib6Sc2xIF
-Gv+He78CAwEAAaOCAq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU2pndIGo9
-T0vh04sEQLdp/eFbslQwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-ugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNV
-HREEFzAVghNhdXRoZGIub2hpb2xpbmsuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQB/
-J9X+PbXlREVgeBKNWHNvA15LUtxQ86mUwWKyvElCu9u6x6y3PFbyH3WKu8jbocWL
-YVUJMu3ACEO0+CgU5TMvX1wMJtgWHifUu8e92h3JI7NccZ5XnyTKpePeuJqX0CFL
-c8arVxS4JwsOg5r+UpEk3GlDSGrcsGsUu+wIBHGZuFzDQbQ8bMVc4nWUjpFjoJZO
-kVsbKk2Y08/DeazDWCL6tD4yi9lA18LXGBMFdv83ecR8P+YBrsEqUYzvLB4cQ70z
-6Yc4C4elnvwercaMheEJ0Z6IAdRwjWmj9oQEjO+YG5JRf/k5Mm3mURxD07Ss0Yta
-KX6yxZkpIg9EzzdiotPp
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://authdb.ohiolink.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://authdb.ohiolink.edu/shibboleth/"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ohiolink.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>authdb.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 259, expires on Sun Feb  7 21:04:30 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAQMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIwNzIxMDQzMFoXDTEwMDIw
-NzIxMDQzMFowHjEcMBoGA1UEAxMTYXV0aGRiLm9oaW9saW5rLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAob4wEfkTd9weHRFCRCbyV17CuLf9St0atewM
-H2EAgo9fyWk6KSmX9odoFJ91SFr6xIjAuY3oyIMXVM8uJqlWS+yYzTjjqYumdHtO
-TNO22Sw31FP/sWgNbzrzp6AZWrzZO5fuBAr63QeUOt3R1aF9V4xLexaib6Sc2xIF
-Gv+He78CAwEAAaOCAq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU2pndIGo9
-T0vh04sEQLdp/eFbslQwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-ugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNV
-HREEFzAVghNhdXRoZGIub2hpb2xpbmsuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQB/
-J9X+PbXlREVgeBKNWHNvA15LUtxQ86mUwWKyvElCu9u6x6y3PFbyH3WKu8jbocWL
-YVUJMu3ACEO0+CgU5TMvX1wMJtgWHifUu8e92h3JI7NccZ5XnyTKpePeuJqX0CFL
-c8arVxS4JwsOg5r+UpEk3GlDSGrcsGsUu+wIBHGZuFzDQbQ8bMVc4nWUjpFjoJZO
-kVsbKk2Y08/DeazDWCL6tD4yi9lA18LXGBMFdv83ecR8P+YBrsEqUYzvLB4cQ70z
-6Yc4C4elnvwercaMheEJ0Z6IAdRwjWmj9oQEjO+YG5JRf/k5Mm3mURxD07Ss0Yta
-KX6yxZkpIg9EzzdiotPp
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://authdb.ohiolink.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://dmc.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>dmc.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 343, expires on Sun Jun  6 18:24:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAVcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwNTE4MjQxMloXDTEwMDYw
-NjE4MjQxMlowGzEZMBcGA1UEAxMQZG1jLm9oaW9saW5rLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKjPyUJlApMijxnRGgxhpl7/1dzLztZ4Wu6M
-HEpfQLTml6PeGQsg6XJT2wVy4Fdp8zwWLIP2hWN2n8Bi2wtnV9/ROg+0p5PzV5aU
-OUyOqhfdRaGrKyoks+5/wfci/8/78p/ViOikNiWsoFdUGGo4LEZO/eDuu/0E54Hh
-IV6W3UBikfxX8CV1FdHZ80t142wU/zE3sKLoPy6u2N/uRrY8KfIe5mD/IrRrJ/qG
-HNyFrNjhaszCrrDPlIDLorEMhN9+n49fvALfStaR/tjT8+aCnlLacmqcCtsjzkNo
-mNIBCLST3THLTGdtYXo3a8+PQjyjvqurU9imp5V2syIcc7dJss8CAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUuz+CgLH2jaEZfVUrl2lsYWgJG+8w
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghBkbWMub2hp
-b2xpbmsuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAEzelBdknRavjvtvOJmROnl5xI
-UgI77y09DOF4qn82TnF8SFYjo6EgsBeoNiFMjM5A9+MRR96uYP5UU5wlAWmep/Mb
-TUqKWRIc1KlL1qTHJJquExekIZpVIsoWqCF9PsJduTdQrei17cZAplwXXFnyKx5t
-Wvr+0pBzuU+pPgpDKNUzCnTyBcAID6SUOSQKL1nHH3oZ/wEv+8JsA6SjSmMZ/vfH
-h3LEEl8wqlAU3DyqVY/8dOCA5IzN7TsPYmRSXoL2ahY7kwnrZZ0X2xvfI5lEDt/r
-yb5YNadixqVmtN0IGHY48kDUNIl4EO/hvupjIAnxuuJ3mSqqUxyEnDSefdv0
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://dmc.ohiolink.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://dmc.ohiolink.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ebooks.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>ebooks.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 344, expires on Sun Jun  6 18:24:28 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAVgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwNTE4MjQyOFoXDTEwMDYw
-NjE4MjQyOFowHjEcMBoGA1UEAxMTZWJvb2tzLm9oaW9saW5rLmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMndP3Y8X0TeHRt93jbRzfU5DjNUQvU2
-IU2BkEiLW0KbBNDNvyn21Ry7b2vM7RQZSnrg9ZomQFNGc9ZwW3YsyvBoSPNCvc6X
-g82WeAmclYyslUjGPK+5Uw9i4Ksd5Fad68ELG/Fw2hEOtKDnHImfi/Wy+uzIQ54O
-HvrwAyRwyZLwpssfDh0IooH5JwiEaE2ZF6lUWZ/DVYeety6frTQvaT2E9fVZKFbA
-92x3nkDDSCBmZ7vIpUhqodJv+TRIf/LCfYCN+DdD6BMwC2Fe1VMAfzS2N4PyArZn
-jaEVOkCN5bxggDt9m2j/BotmFdPtd6i9HQu9ZZ02SZ3NSBGmqMCJODcCAwEAAaOC
-Aq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUwgWLhQoacmZ5cc2NCYNJuk3U
-ncwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEE
-ga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElz
-c3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNVHREEFzAVghNlYm9v
-a3Mub2hpb2xpbmsuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBWsGzvREURv813MzGe
-aC+ICjVIWXMzZfwRd6Pe+HCTjl4WYemDbyUD0EpJcKvFt69fVYnVecuUcb8Df3iV
-7SnNssBV5W5jQYSOy2tNaQDxc+zwfFduFlA3Kwy23uB95w9hWZIGIeQ6caWHOIUJ
-BohRmC8tpGhD+L1FC4lnONLpASL/AuaFdcZ6WP5XJr0dLuTRSBax0bFYYNLrWe3p
-H1XHSq/p5UK1+fvzfaFTYVkI8AFQiaykia+yuomyT1bK5I1JYsxrlY/2CqflPLWI
-buKGZ+KnupYwvvBq8dbB5SbAZQiLBWNfSujoK/HGYRyCZNDd9MZzjSu00UBLx6wX
-YWEl
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ebooks.ohiolink.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://ebooks.ohiolink.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://etextb.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>etextb.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 353, expires on Thu Jun 17 19:04:35 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAWEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxNjE5MDQzNVoXDTEwMDYx
-NzE5MDQzNVowHjEcMBoGA1UEAxMTZXRleHRiLm9oaW9saW5rLmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALLPO+FlMzTazSr1Zg9axZyT0cfyCZAQ
-hWArXrKmAjd7YP+faqw0rb5REB3o2lS5GLv3AVc8JYItTf1//PkpvyuNVoZpG6DN
-YxdeKBUyohAfiqjfz1vFu7QsJqcM0fpaakkbdRb6shsmfZRigU76ItfUmfF8ET9G
-ZiPk46Fz/zfwItdu2vlUTf+mw56vBIpoUQ1kOSz81lN5kNlnkhTMghkPN8k1zCwQ
-iN73xqryM1aa1pc0SzQEygIaFWc/gMMPFAHrLtY4sTPjGQQ5qgjq5F5rCFlhLy9g
-3RBlhWIR2RgkPbZf7nBmeYLUcuOzMUoRsvVq5D/55GCkQ229Yx0MCykCAwEAAaOC
-Aq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUJuDfSvvT/z76zTO2gLIVIutH
-NNkwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEE
-ga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElz
-c3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNVHREEFzAVghNldGV4
-dGIub2hpb2xpbmsuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBfmMTTtpnU0yuhKSIp
-A1CC4RfHtuqe9YjDhRCwXGEliQ0wBvV2mg6hbrTY54FB7WeNNrcmkl22P0ZEXYmd
-ogMY62sgx1MwZ61C+Ktt1Y/D1Z+EKXz6masRZFTRsPJn0TUvco+1WcJZJqEiNy06
-2tvA9BnkGHMbIC4QETiEJJgOrW5MAwTGoLykalmyU7MJFT0sUweUlnDkrmDvR6J7
-+5o29M0KuZbkFVMrMZ4HuYaz0O9TaWyBMURVb6OrEwf9Hs6OxNQDPwrdFHtPcFtB
-vC4AIOMng7Xj/IJf3DZhH7W58hsTG2k3ksBl3sP6d3QfEQh2N52BtoQjRm0G4fLz
-kHBl
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://etextb.ohiolink.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://etextb.ohiolink.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://journals.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>journals.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 348, expires on Fri Jun 11 19:16:56 2010 GMT -->
-          <ds:X509Certificate>
-MIIFozCCBIugAwIBAgICAVwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxMDE5MTY1NloXDTEwMDYx
-MTE5MTY1NlowIDEeMBwGA1UEAxMVam91cm5hbHMub2hpb2xpbmsuZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oNDgVLYyciPS4CbrLnCx/eyvTDE
-aabJ7z3pIuHUUQcZ31StfdQO5qDovi2AF6AkMka0exZCUkU4wyi5badVfLM6gF0M
-D8vkyvYhXzo6zM8AUYtEH/mxN3ZCpCOyZHYhJyRPp2WOOYpYQoftCtk7p+EHEiw5
-YcSC4Gl8gAsJGVuHdcmNixiLecevbE4ct5vLUi/zfRLR3uojnSAuny1nhghMeGue
-071bpca1uBx/+ghL53HGfQM0FAJSlctvTU+SdFXwaVNxY8ameKWJMc2vqyEBth/Y
-Rq7j6zC/vjpd7kqHtEH9GG1I6I4h6tvJNlBTslM0r5dqikIHewrtCBUU3wIDAQAB
-o4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSkvKmUo/vY3G2jRMCZqoF0
-MbpR2zB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcB
-AQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0Eg
-SXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAGA1UdEQQZMBeCFWpv
-dXJuYWxzLm9oaW9saW5rLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAVlAqcMDc1//8
-38fjGQ8YxXQ9HsYngckzcmwYI/ldRKdpJjClkhbFdJ073gTTSXDZC9DYn9elTw5d
-ya82Gbj8TB+9uiEkPLjNW69PiNs8snV1AnJMrdrJebnVkeuXXruQ1EcaYC1bwMUz
-LrLMA22GDpjkEtpGFlqyoY/7hgyAUQu+jrqZY6WMT88eSjL9+YdP5ZRJc0pcckzd
-y/ydzTFnofezcC1S+waVlwFJOAp/C1HlxWt2fRv8ClGfYNERYHx9D5ntipZ2wQIz
-dCPv5SUBKA58jSvOtIn0snd59WTenmz3X+LwBYGNkLVMyGbtJh7nmvqAum+uDvJ7
-s8VfL1wn+w==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://journals.ohiolink.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://journals.ohiolink.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://olc3.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>olc3.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 354, expires on Thu Jun 17 19:04:44 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmzCCBIOgAwIBAgICAWIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxNjE5MDQ0NFoXDTEwMDYx
-NzE5MDQ0NFowHDEaMBgGA1UEAxMRb2xjMy5vaGlvbGluay5lZHUwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4mWPWNkpZuAYb/iDXUBMVVL8fGko4HmR4
-iM/KcdaCEBNJ9HMZoFVTun5QUeASuoYkXIZTH+Xo1jXFeJ4GymoYW8MU60P9v9HQ
-te09AUD/yqCa4m7nN1B6YVbs0kysC36OzDFzNpsbkh/vpQT0RAVZGxesorzb4ZlN
-HmPOxU0LdGCxl7sI9rGdLk68fq0qVMBWSP2vhSfRuPXKiE5H8ZOE6kG9DkNNPlnk
-zVtRobRjecDMrDIlO3vDqJLzG3ZR3s24xW0bcLq4wLBQ46PZ3020a9I5Wx9dYgLC
-DogiQGMe1N/PitKUxBn9+4Z0IJfP6pOlAJIHREgfqSsqBj4d+KGVAgMBAAGjggKr
-MIICpzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFAInmIDN5Ev+6SerydbcHeakY++t
-MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQG
-EwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5D
-b21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGt
-MIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1
-ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEE
-Aa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0RBBUwE4IRb2xjMy5v
-aGlvbGluay5lZHUwDQYJKoZIhvcNAQEFBQADggEBAHORKik9roYA+H2vlg/2MC4U
-GH+KQLKfrTZYAeJj9m6vsiUscBSiemeEsymx1marAqvggNWKaPLijBYyHQ6wjkpO
-TSztwzfS7rqTt2xBjFEzYpoVXVv9SBZ0kJEQG1tPXxSAdlS1QW4T+TChEyVsIBmB
-KwVkvasWtApmxWEe6j9uDYHUdQHpKeEuIFtm4JqkneWO2KN5ShLbcmwa/0Aa4YWX
-Do6/FLukzli7p7moaL336IyL8P2y7jtszfFIHaGA9YhFVmVwWhXbq+el9i1YV3Ch
-dwKGsl8OgB2KpzqIAYw//+o3AsVIT8OC2KE37lojw9pxX6a6z0nMTZTcBZVeWYg=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://olc3.ohiolink.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://olc3.ohiolink.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://proxy.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.proxy.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 253, expires on Fri Jan 29 16:57:47 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJTCCBA2gAwIBAgICAP0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEyOTE2NTc0N1oXDTEwMDEy
-OTE2NTc0N1owIzEhMB8GA1UEAxMYbG9naW4ucHJveHkub2hpb2xpbmsuZWR1MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+VcTqQgiMRnJ1A6QQ7KxFTCaEyZFP
-wFYl2hzCmZwOz555MZuTZcuqKo2j6u2sMW1czRMUrGraWJPITVZLfnI4BjvLLoYy
-On+rOMOc73GS20J/mPHxZsR93QsCDnfbo634oY5ay3vr+678T0MJnzkxiYs8Ok1C
-wjoJhiglaPcDnwIDAQABo4ICsjCCAq4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSs
-1YZzAjZbETsyh4f7A7hrOOj3RTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO6
-58pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVy
-YXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MCMGA1UdEQQcMBqCGGxvZ2luLnByb3h5Lm9oaW9saW5rLmVkdTANBgkqhkiG9w0B
-AQUFAAOCAQEAIJhkS0IEVjJCzYnYz+xWDaEy7Xf6CdT9Sz+HyMy5nHb3isndFKlS
-O49jGxsPkGa0zgnxsGFQHM7NV0/sfg5QZtDMHz3zp9mx1uScJUyDz2U4Poe0BlJB
-cjsP8cf7lDskiJW7AiGj5IUyk3JeCycAKRfCmuku98qccQ5GK91TIz7Wtb3e0ney
-ZPGnLg6nqhcoSFZisKguR0d4TQDhL9Uld1tFN4GCvdz2rMb1745fPgjw531FBAGK
-ql+qjOhbyA5//B1xvlpKX6tXK9YgU+NWID260O3RuSzKA6Y3lQPgDPpWTL+go5Oa
-U1xm2IVsMEtwGaOFKp/29jtaIoAA36EdVw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://proxy.ohiolink.edu:9100/Shibboleth.shire" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/Artifact" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://login.proxy.ohiolink.edu:9100/Shibboleth.shire " index="4"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://login.proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/POST " index="5"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://login.proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/Artifact " index="6"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Greg German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://streamer.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>streamer.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 357, expires on Sun Jun 20 18:22:39 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmzCCBIOgAwIBAgICAWUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxOTE4MjIzOVoXDTEwMDYy
-MDE4MjIzOVowIDEeMBwGA1UEAxMVc3RyZWFtZXIub2hpb2xpbmsuZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcAQHF8sES74/gLCgAhJcEvWFN2K
-Of/GW5i2/pIDYgN+gbx+/XGAtm65WRptle/Wr6ybcOJHctvcePN3DMws+jVR0pq0
-djTYjY28YbEcBouPWwqs0bXsoOAHB2k1D+RO56M+cGeyPW/YaxARnrGrPKEizaZ7
-t8e37Xcm+oI4f1TEV9shI/0xs/9YGKJDAkyxQlnSdUHNkomFwHwvyRKz9mXaD5dR
-1y7WsW6I2E2zlG2b2l3dmbh49PL+IQDNVA6frsncaXrWgET7i3GXGqnOtdangpQt
-NRTM1O2ktW6wH+L9Vh5MASqtKvox9a7+XyLxJATEZnCzNBrUkxFGUTBljwIDAQAB
-o4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQvyoyGz5SFR30J52VDGp89
-/YZD4TB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcB
-AQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEF
-BQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
-dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2Vl
-Y3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMB
-BAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAXghVzdHJlYW1lci5v
-aGlvbGluay5lZHUwDQYJKoZIhvcNAQEFBQADggEBABKg/FtFVflvVFv84HCYSyBA
-DVawxHU6GPz0yMR1b/ipg1Utht9XBh1gsqLdh7CFwEfCoXNRf8rlZk7O1Aw0K63+
-Z680jZBhU1ycNPZP+DLdlcaIMcWzhz8LiTPruLJhnDmAi4pokcLOOOT/lJ80HOok
-hRUA+ytmQzatabALIvn9vwnISsaCj6rUh06AGiHg+epx7vkiuK670Db+vgsVuT01
-2qVuwpzst7n/iXnTD9sWuAeYYt5AjD+GX5SBRo4QlaGg9joJsHRp2LzKuMUPfyPB
-xhXbLlfC1BQ1DUMYsZ+hmLRqLVnU96O6mYCD9JKiYFoIZjfknOhOPQCZEkr1l+o=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://streamer.ohiolink.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://streamer.ohiolink.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.ohiolink.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.ohiolink.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 406, expires on Fri Aug 13 18:48:21 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkTCCBHmgAwIBAgICAZYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxMjE4NDgyMVoXDTEwMDgx
-MzE4NDgyMVowGzEZMBcGA1UEAxMQd3d3Lm9oaW9saW5rLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAM371aZiGyvGU2bdXnnZw6FogwFZrkMyu+D+
-Gy3By3802LqTNkNl345vQuhuUCkYCMoFW61CPGAlSbwdgLrU6u5ZDA1+LDRVouPB
-CNJwJLPTc5spdNM+RY2y1VUV/y/tqiPNik82i/BMQMt5ytgPv9gSVcJZEJO7mdV4
-o1knQOW99Hn7Pn60wF+YyhXEzzzyPTz70rbrzY2OfXRVemSF1wwdzzWgc+K4I/5r
-jXQ6dRHLEL+11dTnze2VAWpgaE7GsOI5hWS0ybRckruULE0bF0e7i3klSZZp0lbX
-D/jpHSZ60XSAmMusdq5pwE4pi97JXZ9yWs4csZuJhiIAFcRrwDUCAwEAAaOCAqIw
-ggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUzG8bbsc5H/UmyDDheF/t5a1fvR8w
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUw
-gaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKG
-Q2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRn
-ZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBE
-MEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQd3d3Lm9oaW9saW5rLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAVdfYZizQagLaX4CL367/cDrUc+XmLjXVen1g
-PBAG6QJuCGwQSoQ0WTJC8QNqbBNTUrN6TLjc2z5G9DjOsNAjIhWSlwHxCIdPS5nH
-4XRtqX/0f3n6dcKgKxHVlEa3D10xxcBA+RZKY2v/s/TqCdYy0lxe9+6GNOjepG9i
-xwaj0sEH+K0j8sOJqdeLFvOdowXi41oQMLfGev0YSDp9jUeZE119R2GgHYsYRx6h
-KO81n5pVTHtjiZd9SbaPH9tqejow/vtFZu8SHBXqM2OuqG/2aA2lLv9/RqCWE0F9
-j0W9wv8IBnuIVcqw07ZX01wGVt6i0AU21zC7rQwkaI0f0myvxA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.ohiolink.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.ohiolink.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">OhioLink</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">OhioLink</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ohiolink.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Gregory German</GivenName>
-    <EmailAddress>greg@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>E. Stuart Hicks</GivenName>
-    <EmailAddress>stuart@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Anita Cook</GivenName>
-    <EmailAddress>anita@ohiolink.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Johns Hopkins University -->
-<EntityDescriptor entityID="urn:mace:incommon:johnshopkins.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">johnshopkins.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.johnshopkins.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 328, expires on Fri May 28 19:28:49 2010 GMT -->
-          <ds:X509Certificate>
-MIIFKzCCBBOgAwIBAgICAUgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyNzE5Mjg0OVoXDTEwMDUy
-ODE5Mjg0OVowJjEkMCIGA1UEAxMbc2hpYmJvbGV0aC5qb2huc2hvcGtpbnMuZWR1
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4+bfyVwD2ZiXBdRJO2bA61Hz2
-QXKOZhkjXA2Jjt4erKOu62bhNonUa7pz8pHoCdSyvQFjJF0h2meFeNidRLRGq0ti
-d6rF8nX+/yxaBC1Cgerce+eHywscsgvWEJ7lqZX19aVj4vWjMpGRagTMX4LgfQh8
-jvejWFtW/7G2Nhc80wIDAQABo4ICtTCCArEwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBRw9kg/wA61UlIuiiWoJYYaiMIqgjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8v
-aW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25j
-YTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0
-cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMu
-cGRmMCYGA1UdEQQfMB2CG3NoaWJib2xldGguam9obnNob3BraW5zLmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEAW2JN17rqDOMy37Yd38K1QsKA5qG3NPcZN90Qit6r/mxF
-PWqnfCL0hClOMvpDd4PmVCPzAfXSjSWetbZgbrdKXgPCorpukjRQF1lTP/0BM59s
-vyErO+HNhdjuIA7hO3OPy34hRyXBxf6G1nupQ0KXUTPHxPxpINPaqBtYkcAHX6iq
-pNPFbRTc1xZuWE79sTFpCiHewvGd5Qix5nIlnqpq6NwUMYHEby1ED+h9G66Kau7E
-pdGrgRIJZlQCwRT2zbOH/S0EDbC5QKwjtcIymMQ/YF+WTpBI75xnvWiAk/V4QZgz
-+ICZXWjZ+4nTPfMM+ioBsGrWEzTt83rsSnylLAg4qg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.johnshopkins.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.johnshopkins.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">johnshopkins.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.johnshopkins.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 168, expires on Thu Jun 12 19:39:09 2008 GMT -->
-          <ds:X509Certificate>
-MIIFXzCCBEegAwIBAgICAKgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDYxMzE5MzkwOVoXDTA4MDYx
-MjE5MzkwOVowWjELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFRoZSBKb2hucyBIb3Br
-aW5zIFVuaXZlcnNpdHkxJDAiBgNVBAMTG3NoaWJib2xldGguam9obnNob3BraW5z
-LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuPm38lcA9mYlwXUSTtmw
-OtR89kFyjmYZI1wNiY7eHqyjrutm4TaJ1Gu6c/KR6AnUsr0BYyRdIdpnhXjYnUS0
-RqtLYneqxfJ1/v8sWgQtQoHq3Hvnh8sLHLIL1hCe5amV9fWlY+L1ozKRkWoEzF+C
-4H0IfI73o1hbVv+xtjYXPNMCAwEAAaOCArUwggKxMA4GA1UdDwEB/wQEAwIFoDAM
-BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
-HQ4EFgQUcPZIP8AOtVJSLoolqCWGGojCKoIwfgYDVR0jBHcwdYAUky3IYRitY+Ob
-ZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1v
-biBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0
-cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2Nl
-cnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29t
-bW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwx
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0
-dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVj
-cmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEW
-Nmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3Rp
-Y2VzLnBkZjAmBgNVHREEHzAdghtzaGliYm9sZXRoLmpvaG5zaG9wa2lucy5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAAXye6TAfWQjO3ksFW5uNrf6uJ1QcmPTZtAw7KyI
-OBDcdG/J0ZnWu3NwrgaYPl5TayNvY4AU9LYJ6C3lFgIhR/ONQogrCdacPCZa5YUc
-hWU8QTUL9IjgGuvxJtdGnEC1Gwmhq6HlG4IRKuhxY+4GyXBAlIBFrPmLDlk7Y/NT
-BuhT5Z+8QrKQ4Hfz45F8rT1euqibb4etyb6Ie3L0pXsLozPsbhc88veBPlWEmWjo
-PWYFah/YTAxrgNKYx8q0lNnzyQxhub3zXutoZNjugUJZSfynyjmpwC582LyjcJtN
-vuw4c7NpuIbb0UoKLw9KO5ql9WGNQkAaEJvlJ/i7WSDFqo0=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.johnshopkins.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 328, expires on Fri May 28 19:28:49 2010 GMT -->
-          <ds:X509Certificate>
-MIIFKzCCBBOgAwIBAgICAUgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyNzE5Mjg0OVoXDTEwMDUy
-ODE5Mjg0OVowJjEkMCIGA1UEAxMbc2hpYmJvbGV0aC5qb2huc2hvcGtpbnMuZWR1
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4+bfyVwD2ZiXBdRJO2bA61Hz2
-QXKOZhkjXA2Jjt4erKOu62bhNonUa7pz8pHoCdSyvQFjJF0h2meFeNidRLRGq0ti
-d6rF8nX+/yxaBC1Cgerce+eHywscsgvWEJ7lqZX19aVj4vWjMpGRagTMX4LgfQh8
-jvejWFtW/7G2Nhc80wIDAQABo4ICtTCCArEwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBRw9kg/wA61UlIuiiWoJYYaiMIqgjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8v
-aW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25j
-YTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0
-cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMu
-cGRmMCYGA1UdEQQfMB2CG3NoaWJib2xldGguam9obnNob3BraW5zLmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEAW2JN17rqDOMy37Yd38K1QsKA5qG3NPcZN90Qit6r/mxF
-PWqnfCL0hClOMvpDd4PmVCPzAfXSjSWetbZgbrdKXgPCorpukjRQF1lTP/0BM59s
-vyErO+HNhdjuIA7hO3OPy34hRyXBxf6G1nupQ0KXUTPHxPxpINPaqBtYkcAHX6iq
-pNPFbRTc1xZuWE79sTFpCiHewvGd5Qix5nIlnqpq6NwUMYHEby1ED+h9G66Kau7E
-pdGrgRIJZlQCwRT2zbOH/S0EDbC5QKwjtcIymMQ/YF+WTpBI75xnvWiAk/V4QZgz
-+ICZXWjZ+4nTPfMM+ioBsGrWEzTt83rsSnylLAg4qg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.johnshopkins.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Johns Hopkins University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Johns Hopkins</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.jhu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Andrew Baldwin</GivenName>
-    <EmailAddress>andrew.baldwin@jhu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Etan Weintraub</GivenName>
-    <EmailAddress>eweintra@jhmi.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Enterprise Authentication Team</GivenName>
-    <EmailAddress>enterpriseauth@jhmi.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://muse.jhu.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>muse.jhu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 447, expires on Mon Oct 18 19:23:18 2010 GMT -->
-          <ds:X509Certificate>
-MIIFBTCCA+2gAwIBAgICAb8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAxNzE5MjMxOFoXDTEwMTAx
-ODE5MjMxOFowFzEVMBMGA1UEAxMMbXVzZS5qaHUuZWR1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCpwNi1v8zzl2d8q7GHDMywsAckpgOW9bobcvdRJX95PK17
-Dox3ISLVc/WqjOmnpDAm2kNjD8xsObojvN1Ae6eGAd2bvpMJ4/rriGWdv4ZXwl+B
-j3LCtwpGW2ufA7V9VP0B8GiUSC2eDIJ7fbdwBYaCBgUEAHBU2+tZLZeA9HwdOQID
-AQABo4ICnjCCApowDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBS7nFggW7cUMdXuKp9H
-AZVTLsACKDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEF
-BQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggr
-BgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAXBgNVHREEEDAOggxtdXNlLmpo
-dS5lZHUwDQYJKoZIhvcNAQEFBQADggEBAAd/lCl4ikmSqP64YDFIphAOiYSSG/91
-HxuUeBtKqB4sE12HlfC1omQAAOES/2Y4IjR1Nkp+bLkvDWOqL0/ZWDNXWlRAbsAh
-016ua2U8Pa5KaEzmiWHa/S102LNsL3XozXwH/+YDAM4i21x7O9vD9A81Z6lVN24X
-qSAKyOEh8tfRBoKiqJDjaQrD0s1t1BsB3XgT5BtBfWGDsPAF7eM46JPSgCTfi/Ja
-UdJuse0zGU7XlPHw3TuqJV07S6X+7bRKC9KpbCaRbQoqcb3U4HNPhc0Bv0mrKMgS
-Qm5bbjHXqrYneaEhvt4iO5evZI16+m3HJ3e5p/zocftddMbXeIKYBeU=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://muse.jhu.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://muse.jhu.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://muse.uq.edu.au/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://muse.uq.edu.au/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Johns Hopkins University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Johns Hopkins</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.jhu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Mark Malloy</GivenName>
-    <EmailAddress>malloy@jhu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Wendy Queen</GivenName>
-    <EmailAddress>wqueen@press.jhu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- RefWorks, LLC -->
-<EntityDescriptor entityID="https://rwtm.refworks.com/shibboleth/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.refworks.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 179, expires on Fri Jul 11 20:10:36 2008 GMT -->
-          <ds:X509Certificate>
-MIIFOTCCBCGgAwIBAgICALMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcxMjIwMTAzNloXDTA4MDcx
-MTIwMTAzNlowPzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFJlZldvcmtzIExMQzEZ
-MBcGA1UEAxMQd3d3LnJlZndvcmtzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA2GcwYNZFJrDpGWopMC16wgtTJfWMhv66q+LkLYzS942wXLgXg28PrScu
-ZR9TvfFzjBDkWWSx/ONADLrtp2ZdTDJ15NDSX57fetIt404uhsl42y5PeTkXUPat
-wHb15R3KblvZPQRqTJNi+0jup7qLvLRAwGNUOXtSzeCOAJUgNDkCAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/O6sOke/PNyTz7HDZM0iiCZkow
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghB3d3cucmVm
-d29ya3MuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQDA2FXXg/69MA3eq9/oCvUYg1DB
-p7UiUo4NgKn4hrdsYxSLugAoXA8yHzRn70AGIyxi3gfYRhXWl43MIKB4JGKP2T8r
-xWnd9pAs2rFfqL8bhGHSodm4PrJtAa+Y79qdl8pXgEOuN+2mQ1TPbaF8FTtaQGCE
-iDTt/LpI8GDi7kJIy1Fdv7wgkcPkD54rJeJ+TwbvdGyZZnpiOLV1dNn+rfvWiTiH
-dvd6p871dvhk3RYx8YEIsT82WwzNGcDwnH++JAVYSRU9/zJ1mJCXxn0JbCqGztK0
-cMbHf/4cZu6hP/S3lXnZ7zJN8ZLp0KKNwfpP784VbQYmEhzCUoI65/u/tGI2
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.refworks.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 371, expires on Sat Jul  3 18:27:18 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICAXMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMjE4MjcxOFoXDTEwMDcw
-MzE4MjcxOFowGzEZMBcGA1UEAxMQd3d3LnJlZndvcmtzLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA2GcwYNZFJrDpGWopMC16wgtTJfWMhv66q+LkLYzS
-942wXLgXg28PrScuZR9TvfFzjBDkWWSx/ONADLrtp2ZdTDJ15NDSX57fetIt404u
-hsl42y5PeTkXUPatwHb15R3KblvZPQRqTJNi+0jup7qLvLRAwGNUOXtSzeCOAJUg
-NDkCAwEAAaOCAqIwggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/O6sOke/PN
-yTz7HDZM0iiCZkowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQd3d3
-LnJlZndvcmtzLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAwcELEENx7Wec5q3vMfKH
-WPXvYDlf8/IF+dbOacpab2OteOYihctswzP9oH+2pAngLmfeq7PWJ/nUCtgCjPvF
-C5XTJ9fDPu7dfe3clWPXsR5VjeOSNl07MUV+wDLKhHP0B+L7wtMvpQozWi9M7V+M
-gTxRn8o80mY8oVUu9odi4Qzuu7P6A0OBFvd2OWha5oyQVsKedcdiIyieT0xf9E2R
-eQGftWPOGZONrv8rG5wc6MwHrPvWJz1yGt45ZHZVVa7aGssG/dc0lBPipxqoMoMd
-0RhpU0iikjs782WYuXCglm6AMgNGEOepLLxnbcK8OdmUme/IlGfpmprT3kAdwgcb
-pQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://rwtm.refworks.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://rwtm.refworks.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">RefWorks, LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">RefWorks, LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://refworks.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Norman Kenney</GivenName>
-    <EmailAddress>nkenney@refworks.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://rwt.refworks.com/shibboleth/testshib/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.refworks.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 179, expires on Fri Jul 11 20:10:36 2008 GMT -->
-          <ds:X509Certificate>
-MIIFOTCCBCGgAwIBAgICALMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcxMjIwMTAzNloXDTA4MDcx
-MTIwMTAzNlowPzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFJlZldvcmtzIExMQzEZ
-MBcGA1UEAxMQd3d3LnJlZndvcmtzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA2GcwYNZFJrDpGWopMC16wgtTJfWMhv66q+LkLYzS942wXLgXg28PrScu
-ZR9TvfFzjBDkWWSx/ONADLrtp2ZdTDJ15NDSX57fetIt404uhsl42y5PeTkXUPat
-wHb15R3KblvZPQRqTJNi+0jup7qLvLRAwGNUOXtSzeCOAJUgNDkCAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/O6sOke/PNyTz7HDZM0iiCZkow
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghB3d3cucmVm
-d29ya3MuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQDA2FXXg/69MA3eq9/oCvUYg1DB
-p7UiUo4NgKn4hrdsYxSLugAoXA8yHzRn70AGIyxi3gfYRhXWl43MIKB4JGKP2T8r
-xWnd9pAs2rFfqL8bhGHSodm4PrJtAa+Y79qdl8pXgEOuN+2mQ1TPbaF8FTtaQGCE
-iDTt/LpI8GDi7kJIy1Fdv7wgkcPkD54rJeJ+TwbvdGyZZnpiOLV1dNn+rfvWiTiH
-dvd6p871dvhk3RYx8YEIsT82WwzNGcDwnH++JAVYSRU9/zJ1mJCXxn0JbCqGztK0
-cMbHf/4cZu6hP/S3lXnZ7zJN8ZLp0KKNwfpP784VbQYmEhzCUoI65/u/tGI2
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.refworks.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 371, expires on Sat Jul  3 18:27:18 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICAXMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMjE4MjcxOFoXDTEwMDcw
-MzE4MjcxOFowGzEZMBcGA1UEAxMQd3d3LnJlZndvcmtzLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA2GcwYNZFJrDpGWopMC16wgtTJfWMhv66q+LkLYzS
-942wXLgXg28PrScuZR9TvfFzjBDkWWSx/ONADLrtp2ZdTDJ15NDSX57fetIt404u
-hsl42y5PeTkXUPatwHb15R3KblvZPQRqTJNi+0jup7qLvLRAwGNUOXtSzeCOAJUg
-NDkCAwEAAaOCAqIwggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/O6sOke/PN
-yTz7HDZM0iiCZkowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQd3d3
-LnJlZndvcmtzLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAwcELEENx7Wec5q3vMfKH
-WPXvYDlf8/IF+dbOacpab2OteOYihctswzP9oH+2pAngLmfeq7PWJ/nUCtgCjPvF
-C5XTJ9fDPu7dfe3clWPXsR5VjeOSNl07MUV+wDLKhHP0B+L7wtMvpQozWi9M7V+M
-gTxRn8o80mY8oVUu9odi4Qzuu7P6A0OBFvd2OWha5oyQVsKedcdiIyieT0xf9E2R
-eQGftWPOGZONrv8rG5wc6MwHrPvWJz1yGt45ZHZVVa7aGssG/dc0lBPipxqoMoMd
-0RhpU0iikjs782WYuXCglm6AMgNGEOepLLxnbcK8OdmUme/IlGfpmprT3kAdwgcb
-pQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://rwt.refworks.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://rwt.refworks.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://rwt.refworks.com/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://rwt.refworks.com/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">RefWorks, LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">RefWorks, LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://refworks.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Norman Kenney</GivenName>
-    <EmailAddress>nkenney@refworks.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.refworks.com/shibboleth/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.refworks.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 179, expires on Fri Jul 11 20:10:36 2008 GMT -->
-          <ds:X509Certificate>
-MIIFOTCCBCGgAwIBAgICALMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcxMjIwMTAzNloXDTA4MDcx
-MTIwMTAzNlowPzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFJlZldvcmtzIExMQzEZ
-MBcGA1UEAxMQd3d3LnJlZndvcmtzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA2GcwYNZFJrDpGWopMC16wgtTJfWMhv66q+LkLYzS942wXLgXg28PrScu
-ZR9TvfFzjBDkWWSx/ONADLrtp2ZdTDJ15NDSX57fetIt404uhsl42y5PeTkXUPat
-wHb15R3KblvZPQRqTJNi+0jup7qLvLRAwGNUOXtSzeCOAJUgNDkCAwEAAaOCAqow
-ggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/O6sOke/PNyTz7HDZM0iiCZkow
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0w
-gaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3Vl
-cnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREEFDASghB3d3cucmVm
-d29ya3MuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQDA2FXXg/69MA3eq9/oCvUYg1DB
-p7UiUo4NgKn4hrdsYxSLugAoXA8yHzRn70AGIyxi3gfYRhXWl43MIKB4JGKP2T8r
-xWnd9pAs2rFfqL8bhGHSodm4PrJtAa+Y79qdl8pXgEOuN+2mQ1TPbaF8FTtaQGCE
-iDTt/LpI8GDi7kJIy1Fdv7wgkcPkD54rJeJ+TwbvdGyZZnpiOLV1dNn+rfvWiTiH
-dvd6p871dvhk3RYx8YEIsT82WwzNGcDwnH++JAVYSRU9/zJ1mJCXxn0JbCqGztK0
-cMbHf/4cZu6hP/S3lXnZ7zJN8ZLp0KKNwfpP784VbQYmEhzCUoI65/u/tGI2
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.refworks.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 371, expires on Sat Jul  3 18:27:18 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICAXMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMjE4MjcxOFoXDTEwMDcw
-MzE4MjcxOFowGzEZMBcGA1UEAxMQd3d3LnJlZndvcmtzLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA2GcwYNZFJrDpGWopMC16wgtTJfWMhv66q+LkLYzS
-942wXLgXg28PrScuZR9TvfFzjBDkWWSx/ONADLrtp2ZdTDJ15NDSX57fetIt404u
-hsl42y5PeTkXUPatwHb15R3KblvZPQRqTJNi+0jup7qLvLRAwGNUOXtSzeCOAJUg
-NDkCAwEAAaOCAqIwggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUmo/O6sOke/PN
-yTz7HDZM0iiCZkowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQd3d3
-LnJlZndvcmtzLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAwcELEENx7Wec5q3vMfKH
-WPXvYDlf8/IF+dbOacpab2OteOYihctswzP9oH+2pAngLmfeq7PWJ/nUCtgCjPvF
-C5XTJ9fDPu7dfe3clWPXsR5VjeOSNl07MUV+wDLKhHP0B+L7wtMvpQozWi9M7V+M
-gTxRn8o80mY8oVUu9odi4Qzuu7P6A0OBFvd2OWha5oyQVsKedcdiIyieT0xf9E2R
-eQGftWPOGZONrv8rG5wc6MwHrPvWJz1yGt45ZHZVVa7aGssG/dc0lBPipxqoMoMd
-0RhpU0iikjs782WYuXCglm6AMgNGEOepLLxnbcK8OdmUme/IlGfpmprT3kAdwgcb
-pQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.refworks.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.refworks.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">RefWorks, LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">RefWorks, LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://refworks.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Norman Kenney</GivenName>
-    <EmailAddress>nkenney@refworks.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California, Davis -->
-<EntityDescriptor entityID="urn:mace:incommon:ucdavis.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucdavis.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucdavis.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 313, expires on Sun May  9 19:29:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICATkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUwODE5MjkyM1oXDTEwMDUw
-OTE5MjkyM1owITEfMB0GA1UEAxMWc2hpYmJvbGV0aC51Y2RhdmlzLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2xXztyjxg2CSp16UuRLZTJI1z9nWeP4w
-k7izZPqoPQXTu1lD3VLMPE3BNp+tAOLXZgsO+dlm+zNZwwBMpZ5IK+aJJbmcX626
-ab4VDbZLdYnqZqdA4zAlmzH7iEExCiPB+PzlaMUqktCv8hIWaY081gnawo2GtHdZ
-TIXdPKm+fIcCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUbphT
-aBLESaYl7XdU2mJ8uYj5l3cwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliYm9sZXRoLnVjZGF2aXMuZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQAbU8tNK18JbdR5ZR6fg59veCekKWUWg4eNxbLQfayM35omLuVXpJu4yuIu
-pJwoPExP3D3Vfrk8LPM1EP/guRzM1RRmsdcquC23/xAh3W+RpMS1ru0eRVnQcilP
-YXDFh2zYremRY5mPWowrS9XZYkdLd3MTBLJM22XlUZJhqkwlV3fPo5mzzCSBFiFl
-jaEKH2m/D08b7iJnj3/xSy+P3Mu8Un0hx3wu4bAvCm1Lg6zW5tFsVFm11WAPYUFQ
-LEFhqgZ+CRis8+XPrHBrr3SIHpIWH+cr9pXHlwwlTeb/n0ZHPUPNUDLrguy+7/tA
-GayinPu1tGbGo0e8aDpSJLj+E37P
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.ucdavis.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.ucdavis.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucdavis.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucdavis.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 313, expires on Sun May  9 19:29:23 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICATkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUwODE5MjkyM1oXDTEwMDUw
-OTE5MjkyM1owITEfMB0GA1UEAxMWc2hpYmJvbGV0aC51Y2RhdmlzLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2xXztyjxg2CSp16UuRLZTJI1z9nWeP4w
-k7izZPqoPQXTu1lD3VLMPE3BNp+tAOLXZgsO+dlm+zNZwwBMpZ5IK+aJJbmcX626
-ab4VDbZLdYnqZqdA4zAlmzH7iEExCiPB+PzlaMUqktCv8hIWaY081gnawo2GtHdZ
-TIXdPKm+fIcCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUbphT
-aBLESaYl7XdU2mJ8uYj5l3cwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliYm9sZXRoLnVjZGF2aXMuZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQAbU8tNK18JbdR5ZR6fg59veCekKWUWg4eNxbLQfayM35omLuVXpJu4yuIu
-pJwoPExP3D3Vfrk8LPM1EP/guRzM1RRmsdcquC23/xAh3W+RpMS1ru0eRVnQcilP
-YXDFh2zYremRY5mPWowrS9XZYkdLd3MTBLJM22XlUZJhqkwlV3fPo5mzzCSBFiFl
-jaEKH2m/D08b7iJnj3/xSy+P3Mu8Un0hx3wu4bAvCm1Lg6zW5tFsVFm11WAPYUFQ
-LEFhqgZ+CRis8+XPrHBrr3SIHpIWH+cr9pXHlwwlTeb/n0ZHPUPNUDLrguy+7/tA
-GayinPu1tGbGo0e8aDpSJLj+E37P
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.ucdavis.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Davis</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Davis</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucdavis.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Infrastructure Systems Management</GivenName>
-    <EmailAddress>sysadmin@ucdavis.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Tom Poage</GivenName>
-    <EmailAddress>tfpoage@ucdavis.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://dev.ucanr.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.ucanr.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 461, expires on Fri Nov  5 20:00:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFCTCCA/GgAwIBAgICAc0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTEwNDIwMDAxMloXDTEwMTEw
-NTIwMDAxMlowGTEXMBUGA1UEAxMOc2hpYi51Y2Fuci5vcmcwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAJ1tz/FzFgzfE59AM+LS0KJ9c/x3931Vq5UBCzzeCrvT
-RUNrWxezlp+qnPG8w4Qq+Y8EfpHwzSbwj+rcAidLqH+Ns08vyRmQy+UOitK/nv9Z
-IihBpVao0vefsb+cXM7HwefFSRWuafwRIhiYGBaILbCgzYYTPHfhAI1/lmaszULn
-AgMBAAGjggKgMIICnDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD9wnKyH63bngIyk
-xfyO1wR5YTqBMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBW
-MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcG
-A1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsG
-AQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDnNoaWIu
-dWNhbnIub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAvTeipl6YFq/VAp19KmzLmGT/c
-pa07C1wtMrrqu7DI2fv5XPyRLmXM5UQkA46OzBampuH9q8iFkm70tyemDzQPK8dQ
-YV8SlpR61mWl72LPKkXXf/nIqHwIKDfRTiVdpdjbd9o2M65oRHYaEvtDU0hO3mL6
-diWKuEESaYCQA9NUlN8xlMzDB0RjPrKFiq/6AvBRVUFWbY3LXIB//cYusyndrVMM
-ju44dYPkilrhAcId926nrmPwn9xfR8fmRIyGFvsHUYptHfSiDBO7BIKCTneiEtdZ
-pgNUfm7ViqZIhU0mVrNFBaGPWtSEI3l/a2H4dK/LPzNtIlgsxtU153F4hj9I
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://dev.ucanr.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://dev.ucanr.org/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Davis</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Davis</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucdavis.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bryon Noel</GivenName>
-    <EmailAddress>bjnoel@ucdavis.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Karl Krist</GivenName>
-    <EmailAddress>kakrist@ucdavis.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://psl-230.ucdavis.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.ucdavis.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 158, expires on Tue Jun  3 13:38:56 2008 GMT -->
-          <ds:X509Certificate>
-MIIFVzCCBD+gAwIBAgICAJ4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDYwNDEzMzg1NloXDTA4MDYw
-MzEzMzg1NlowVzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHlVuaXZlcnNpdHkgb2Yg
-Q2FsaWZvcm5pYSBEYXZpczEfMB0GA1UEAxMWc2hpYmJvbGV0aC51Y2RhdmlzLmVk
-dTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2xXztyjxg2CSp16UuRLZTJI1
-z9nWeP4wk7izZPqoPQXTu1lD3VLMPE3BNp+tAOLXZgsO+dlm+zNZwwBMpZ5IK+aJ
-JbmcX626ab4VDbZLdYnqZqdA4zAlmzH7iEExCiPB+PzlaMUqktCv8hIWaY081gna
-wo2GtHdZTIXdPKm+fIcCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNV
-HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
-FgQUbphTaBLESaYl7XdU2mJ8uYj5l3cwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd
-3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBG
-ZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDov
-L2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRz
-L2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9u
-Y2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0
-dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2Vz
-LnBkZjAhBgNVHREEGjAYghZzaGliYm9sZXRoLnVjZGF2aXMuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQC7Zqw7I6ZcCkKSfa7U6ncSW9ceOIpLCNhfkJT06fcMBeXFQdtg
-2oqIXKKkNiyY6MRUgwO4a+rNIGpfLsYMq+9y5rVzlCpX13TVciCorApeVhiWFGoF
-yGSDhPUDVjsjQLLeokp7KHW685C3QNzY3RPTrcs2BGuMt7Slasc+ZMqpPbHR7PPU
-Y6r7ucdxiT8Imw9KmphMwFoA0UFbVb1Qta+H0K+JPDgAuHdAjlhDMQZ+T2ig4c4c
-D+gCKNXOY8v68soV0vMeCnMiB83frporNLAA9KFZKgxtOM3X0Rqj8equ2N/1qfSV
-p+OOofLQ7RYV9hMixPRXiBQCOWui4ofYm2Hp
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://psl-230.ucdavis.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Davis</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Davis</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucdavis.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Tom Poage</GivenName>
-    <EmailAddress>tfpoage@ucdavis.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shib.ucanr.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.ucanr.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 461, expires on Fri Nov  5 20:00:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFCTCCA/GgAwIBAgICAc0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTEwNDIwMDAxMloXDTEwMTEw
-NTIwMDAxMlowGTEXMBUGA1UEAxMOc2hpYi51Y2Fuci5vcmcwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAJ1tz/FzFgzfE59AM+LS0KJ9c/x3931Vq5UBCzzeCrvT
-RUNrWxezlp+qnPG8w4Qq+Y8EfpHwzSbwj+rcAidLqH+Ns08vyRmQy+UOitK/nv9Z
-IihBpVao0vefsb+cXM7HwefFSRWuafwRIhiYGBaILbCgzYYTPHfhAI1/lmaszULn
-AgMBAAGjggKgMIICnDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD9wnKyH63bngIyk
-xfyO1wR5YTqBMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBW
-MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcG
-A1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsG
-AQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDnNoaWIu
-dWNhbnIub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAvTeipl6YFq/VAp19KmzLmGT/c
-pa07C1wtMrrqu7DI2fv5XPyRLmXM5UQkA46OzBampuH9q8iFkm70tyemDzQPK8dQ
-YV8SlpR61mWl72LPKkXXf/nIqHwIKDfRTiVdpdjbd9o2M65oRHYaEvtDU0hO3mL6
-diWKuEESaYCQA9NUlN8xlMzDB0RjPrKFiq/6AvBRVUFWbY3LXIB//cYusyndrVMM
-ju44dYPkilrhAcId926nrmPwn9xfR8fmRIyGFvsHUYptHfSiDBO7BIKCTneiEtdZ
-pgNUfm7ViqZIhU0mVrNFBaGPWtSEI3l/a2H4dK/LPzNtIlgsxtU153F4hj9I
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucanr.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://ucanr.org/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Davis</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Davis</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucdavis.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bryon Noel</GivenName>
-    <EmailAddress>bjnoel@ucdavis.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Karl Krist</GivenName>
-    <EmailAddress>kakrist@ucdavis.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Texas A & M University -->
-<EntityDescriptor entityID="urn:mace:incommon:tamu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">tamu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.tamu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 382, expires on Sat Jul 17 18:10:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFiTCCBHGgAwIBAgICAX4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNjE4MTAwNloXDTEwMDcx
-NzE4MTAwNlowFzEVMBMGA1UEAxMMaWRwLnRhbXUuZWR1MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAy1wPpa/omkKFhZT12f3aYFNNmDVcr6CsIRJpMWeM
-NdeYWFnfJTaVUmsu3Lolmg0S3sgzykXOOKVbHiOlUBH8Qw0727RWdcudPxG5rt4X
-foVygpzIX8dsnstwNcAT8lTzT418kc0ur50TtKoeYxfCx5bRwjtcyXJ2VVb4p0CQ
-sLGjt4Fa9Kni2Ys0cacz1LhtIy4KriMOah2iA4s1BlP48AV4RbY5QTXPOJxa9Tij
-rKz9bnhKKmETK17S6DCTvlFCpvXraIQeG/iDxrBZOkcXqxLbxZeYtaph4OGhfnCw
-Ki8NNZIQDAhfj9Wtz+0OMMZxSZQv2ZSNT9Q+QHlVLebCRQIDAQABo4ICnjCCApow
-DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSfnAZqaUuadGj4HzAppnUyO62NsTB+BgNV
-HSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0
-cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2Nl
-cnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYI
-KwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvcHJhY3RpY2VzLnBkZjAXBgNVHREEEDAOggxpZHAudGFtdS5lZHUwDQYJKoZI
-hvcNAQEFBQADggEBALPnsXq+tSorDccY7e6Vssg359ovYbiNU7wHg4Q5bwA2xpts
-4Q3Hja4smOltnvWI2w8AAlLcixLtUaVKLyyHVFSBevbJMro73dvD/bhvuTccHDxk
-Awau8w02cJHXcNXji8dzKKgWpfWoPSuCFnDbD50O1bpKezJ9sVkLGON9jjt3iMBd
-AHO5gk0oFfc08zXXr58FSmMVb1qarZ6Bt6GYzUa2KRFeWIdpJ4xe20aBmo11OO3x
-b9kyJVI1ifJKhBjgdZJf7kfJMOHILXJ2GYGwvg6kv7odIV1ofWrMOoQ9uuXhMDmp
-Jss05k0o3H6bpoMTyMQJ/3N8gaqhWnbna8JvDrs=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.tamu.edu/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.tamu.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">tamu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.tamu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 382, expires on Sat Jul 17 18:10:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFiTCCBHGgAwIBAgICAX4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNjE4MTAwNloXDTEwMDcx
-NzE4MTAwNlowFzEVMBMGA1UEAxMMaWRwLnRhbXUuZWR1MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAy1wPpa/omkKFhZT12f3aYFNNmDVcr6CsIRJpMWeM
-NdeYWFnfJTaVUmsu3Lolmg0S3sgzykXOOKVbHiOlUBH8Qw0727RWdcudPxG5rt4X
-foVygpzIX8dsnstwNcAT8lTzT418kc0ur50TtKoeYxfCx5bRwjtcyXJ2VVb4p0CQ
-sLGjt4Fa9Kni2Ys0cacz1LhtIy4KriMOah2iA4s1BlP48AV4RbY5QTXPOJxa9Tij
-rKz9bnhKKmETK17S6DCTvlFCpvXraIQeG/iDxrBZOkcXqxLbxZeYtaph4OGhfnCw
-Ki8NNZIQDAhfj9Wtz+0OMMZxSZQv2ZSNT9Q+QHlVLebCRQIDAQABo4ICnjCCApow
-DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSfnAZqaUuadGj4HzAppnUyO62NsTB+BgNV
-HSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0
-cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2Nl
-cnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYI
-KwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvcHJhY3RpY2VzLnBkZjAXBgNVHREEEDAOggxpZHAudGFtdS5lZHUwDQYJKoZI
-hvcNAQEFBQADggEBALPnsXq+tSorDccY7e6Vssg359ovYbiNU7wHg4Q5bwA2xpts
-4Q3Hja4smOltnvWI2w8AAlLcixLtUaVKLyyHVFSBevbJMro73dvD/bhvuTccHDxk
-Awau8w02cJHXcNXji8dzKKgWpfWoPSuCFnDbD50O1bpKezJ9sVkLGON9jjt3iMBd
-AHO5gk0oFfc08zXXr58FSmMVb1qarZ6Bt6GYzUa2KRFeWIdpJ4xe20aBmo11OO3x
-b9kyJVI1ifJKhBjgdZJf7kfJMOHILXJ2GYGwvg6kv7odIV1ofWrMOoQ9uuXhMDmp
-Jss05k0o3H6bpoMTyMQJ/3N8gaqhWnbna8JvDrs=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.tamu.edu:7443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Texas A &amp; M University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Texas A &amp; M University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.tamu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Xavier Chapa</GivenName>
-    <EmailAddress>xchapa@tamu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Xavier Chapa</GivenName>
-    <EmailAddress>xchapa@tamu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Indiana University -->
-<EntityDescriptor entityID="urn:mace:incommon:iu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">iu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.iu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 293, expires on Fri Apr  2 20:31:29 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjTCCBHWgAwIBAgICASUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMTIwMzEyOVoXDTEwMDQw
-MjIwMzEyOVowFTETMBEGA1UEAxMKaWRwLml1LmVkdTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANh4Olm29tGUBcXW/ivei5WPrddfAEgi0aPxXg9QuOu1
-FvGCLpWFICcBrOcZVmxxpw6cl1qbz2YGWtUisA3HA72nVK8YYiZtIUbO/aOssV4t
-saUmIK1UT2U4wT7AxZOg7tbuh0zONaZNcQUlrKhGHLJr4KSs4M/o3CkXKoNg8HL1
-83rf4QjC51Wdejf9Wj4kAM1fiwC99XpdEecnSnUWfZwJH9fIwOZlX7qttRTYxFvD
-5uQ+MAu9AtRs3PDOtVrX2iYqNor6loFC+vVso50OrHcwWboZDGg0wlo3mapELlM7
-WC0bTYC42pSZxqwevWZZnDyKo8h3MG6cGiu/CKRZ0L0CAwEAAaOCAqQwggKgMA4G
-A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjAdBgNVHQ4EFgQUEleAdAbWMvTiPw2p+CVOhF0NGMcwfgYDVR0j
-BHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRww
-GgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacG
-CCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBV
-Ukk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJp
-ZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRw
-Oi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Js
-cy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEB
-MEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAVBgNVHREEDjAMggppZHAuaXUuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQASfgOzT0jVeXXIKxeHFqxrZDHAM7LEbhkVD0FCPVtS
-hSRgUfqxbpiU1k2zOTMbPMb/fkdw+Co8kGJStK8HvybiH2FANV86pME9HXXD01nV
-o7sXUWxSMEjyQKkOtLUXQndD8KUJWa5VIOE+Xdeh9sjev5OxuvrL5VtiPvtx6VcT
-kh1xX1SZb6/pWDSr5Nfr7FxYZ8i35G0PDY45CcC9567/j29oH2+BDtarVWfTV2Nb
-t+O2ZHGxG4lt0aXP6ToWIiYuAC5CmgOsAq2sp/mkOG0xFcfXMYL5uIuGlnX5WC3f
-FOkZBAu9zYrWmegbO8zvawH0ySCYxPbQVXF7zUjRzqfG
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.iu.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.iu.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">iu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.iu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 293, expires on Fri Apr  2 20:31:29 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjTCCBHWgAwIBAgICASUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMTIwMzEyOVoXDTEwMDQw
-MjIwMzEyOVowFTETMBEGA1UEAxMKaWRwLml1LmVkdTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANh4Olm29tGUBcXW/ivei5WPrddfAEgi0aPxXg9QuOu1
-FvGCLpWFICcBrOcZVmxxpw6cl1qbz2YGWtUisA3HA72nVK8YYiZtIUbO/aOssV4t
-saUmIK1UT2U4wT7AxZOg7tbuh0zONaZNcQUlrKhGHLJr4KSs4M/o3CkXKoNg8HL1
-83rf4QjC51Wdejf9Wj4kAM1fiwC99XpdEecnSnUWfZwJH9fIwOZlX7qttRTYxFvD
-5uQ+MAu9AtRs3PDOtVrX2iYqNor6loFC+vVso50OrHcwWboZDGg0wlo3mapELlM7
-WC0bTYC42pSZxqwevWZZnDyKo8h3MG6cGiu/CKRZ0L0CAwEAAaOCAqQwggKgMA4G
-A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjAdBgNVHQ4EFgQUEleAdAbWMvTiPw2p+CVOhF0NGMcwfgYDVR0j
-BHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRww
-GgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacG
-CCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBV
-Ukk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJp
-ZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRw
-Oi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Js
-cy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEB
-MEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAVBgNVHREEDjAMggppZHAuaXUuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQASfgOzT0jVeXXIKxeHFqxrZDHAM7LEbhkVD0FCPVtS
-hSRgUfqxbpiU1k2zOTMbPMb/fkdw+Co8kGJStK8HvybiH2FANV86pME9HXXD01nV
-o7sXUWxSMEjyQKkOtLUXQndD8KUJWa5VIOE+Xdeh9sjev5OxuvrL5VtiPvtx6VcT
-kh1xX1SZb6/pWDSr5Nfr7FxYZ8i35G0PDY45CcC9567/j29oH2+BDtarVWfTV2Nb
-t+O2ZHGxG4lt0aXP6ToWIiYuAC5CmgOsAq2sp/mkOG0xFcfXMYL5uIuGlnX5WC3f
-FOkZBAu9zYrWmegbO8zvawH0ySCYxPbQVXF7zUjRzqfG
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.iu.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Indiana University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Indiana University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.indiana.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Alan Walsh</GivenName>
-    <EmailAddress>alwalsh@indiana.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Rahul Doshi</GivenName>
-    <EmailAddress>rdoshi@indiana.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shib-db.grnoc.iu.edu">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib-db.grnoc.iu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 448, expires on Mon Oct 18 19:23:28 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICAcAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAxNzE5MjMyOFoXDTEwMTAx
-ODE5MjMyOFowHzEdMBsGA1UEAxMUc2hpYi1kYi5ncm5vYy5pdS5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAM6q7s5f2xUXd4Astfm/EW4v2ZhMGXdVHooE
-Zrl71VCBZ/gIRYOLKZk515TqwQ0a8FBKVU4idK/M14CkCRbabLPoZD7N8q5bY/eR
-W/yO/xUnegCjEZMu8wdIYrtInSlJ4wy2KAbm3SmYFeGv3qfW9wzJF4qRNIM1f+ms
-Wh4k+nMjAgMBAAGjggKmMIICojAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFG2kkLVf
-D1+OEObfWjNRcux+IfSJMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUw
-gYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUw
-UwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2Eu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB8GA1UdEQQYMBaC
-FHNoaWItZGIuZ3Jub2MuaXUuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCDFKi9w7Vc
-N1q7kYw6jGwBCos6Mnt5y6DQdSg8TzTMO5vCjnScA1+EGYQs3+K1rRvejzixhiJf
-I/eCLWFiditZZnoFmEnPwLqeXCuuGDC9cR7E6Qwa9jrieu8XTaPih315YnoAATd0
-h3Tso3iuHffN+DSE1cNpVOhUfddSEclKbhp5fNqXzrhOr55LhINU6ZUIUDVO+NCG
-8wtQD5tsDBZ8edWphLNKbezyrV4Wn0UODQ83T8jOBvq9o+G8N0zoIc2FJUMQv8He
-5Bd+NivRlGD5AXbWA6ddtgHSgYTmwX7xtvjQ5Kzfw6ZWHw3/f+I4aZb35wd8710c
-nOC32OILeaqc
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib-db.grnoc.iu.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://shib-db.grnoc.iu.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Indiana University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Indiana University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.indiana.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>AJ Ragusa</GivenName>
-    <EmailAddress>aragusa@grnoc.iu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://www.indianactsi.org">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.indianactsi.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 477, expires on Mon Dec 20 19:36:13 2010 GMT -->
-          <ds:X509Certificate>
-MIIFlzCCBH+gAwIBAgICAd0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIxOTE5MzYxM1oXDTEwMTIy
-MDE5MzYxM1owHjEcMBoGA1UEAxMTd3d3LmluZGlhbmFjdHNpLm9yZzCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMul91iK/w7aDZKx5qD5ncj2pEAsxl3a
-5xmeOjFwHrbDTiCq4wkuwDx32emekuz4oFgrdnzKqrCy/Kv72OeJkBdKVqj2kg8h
-BK/kC9+91+RidN7oGWphmt8ZdKvLv998rug0mdh+ES+IoaQymCNmRaKd0TuittMa
-qQfw1do+RG3/pLB1GLtZ9lOQFvi0Abl1ZM1861AHM0oEdCgSK/0SNkvIMedBhvKV
-Wx51t3SAzC7FMeNoYS/WdGET64n5JbgM/XHtDrygFJHlc5o5wqfcZpwTLRgc/VmW
-OmPgSsye/GuAPwyswBVOys4QgZAsO8UVU/ter9y7zmrwAIwIer0+CEsCAwEAAaOC
-AqUwggKhMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUVc0P5TC7RiG0B2kh6olh2Enr
-aZYwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEE
-gaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUH
-MAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYITd3d3LmluZGlhbmFj
-dHNpLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEABAetPsUTDh95xPIA3vh2uXKuoI0v
-njrqPfHBvwbZ+RRux13fM0+l7ng4s8Op0FULlC2RwQ7uUPU4u+qTA5t5jPZ3FzPA
-hGsgLga6w9YIFOBdkKCnQxdneh6HGnc/ZcG6rOPSUwCrnnqpJCjFylMEI5n/uxzZ
-vVMh7RYjumfslRomfbBoKERJnPGoOKTYXN8V6cOegd60PmHCqs8j2ouRPbO+tD+L
-eA/PFu3zfbO40EMfRuExQs0S8qjh//kr6hy/RAafJKpYXyNv6qC1W5XyiYpN5rly
-Pm8hfv13OrKqSIGFwX2uXd+aPQFntENO2+S9lTaIu1DMHAQPuFOiPUdBLw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.indianactsi.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.indianactsi.org/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://www.indianactsi.org/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://www.indianactsi.org/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Indiana University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Indiana University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.indiana.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Rahul Doshi</GivenName>
-    <EmailAddress>rdoshi@indiana.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Northwestern University -->
-<EntityDescriptor entityID="urn:mace:incommon:northwestern.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">northwestern.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>fed.it.northwestern.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 197, expires on Wed Aug 13 20:51:28 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUjCCBDqgAwIBAgICAMUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgxNDIwNTEyOFoXDTA4MDgx
-MzIwNTEyOFowUTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF05vcnRod2VzdGVybiBV
-bml2ZXJzaXR5MSAwHgYDVQQDExdmZWQuaXQubm9ydGh3ZXN0ZXJuLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwdFG9W6W07bV34fsGA98SogJqKlBSX59
-qnASfTyd5bCFPghZZ0r8HCT3a8BkK06rKrtChPF8h+vfPfaVAat2D8JGYgie6drY
-rshhKkzPXtqDzA0Q9ZpZCLOwvpLt7HY1SN1eeTlvg0FmKUQrk1q49sCHomwToIrr
-CbD5cypdRGkCAwEAAaOCArEwggKtMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUySIv
-BraIXyoqgttX+Q418ujuNUUwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAi
-BgNVHREEGzAZghdmZWQuaXQubm9ydGh3ZXN0ZXJuLmVkdTANBgkqhkiG9w0BAQUF
-AAOCAQEAGP3ty5VziTJ5PhY4yoTbiyBCYYCnhYO7dEiGt608w4N9Ts5CJ7Fj7aQ0
-tjocHE3ZEfJq/o/rd8vC8zKRm8pDqKrV0WFc9QqDVGIlf+lzG4iJOVuAfO/tYeM1
-z6Zwls+hJf/Vkhqpfonn9ZodzEH4Qgh2cEN0UPLHgZ7eg5i7e2GbEw+kh/6q3Cnu
-fAv61N+UeO7UuDGSrFwDNo/MbzrMP7Wspd/sD6J0Y5UxzDRWhVS/hQ81OTA8gNoB
-QYzBfafChXi7CgmJxUACKqcWJLBw+LeitwNHlo4bbJk/3Fy8DMhLSl2sLH1QHGNy
-J8T44pjHay36sZtynT+UyIsSGXKEww==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>fed.it.northwestern.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 381, expires on Sat Jul 17 18:10:00 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAX0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNjE4MTAwMFoXDTEwMDcx
-NzE4MTAwMFowIjEgMB4GA1UEAxMXZmVkLml0Lm5vcnRod2VzdGVybi5lZHUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHRRvVultO21d+H7BgPfEqICaipQUl+
-fapwEn08neWwhT4IWWdK/Bwk92vAZCtOqyq7QoTxfIfr3z32lQGrdg/CRmIInuna
-2K7IYSpMz17ag8wNEPWaWQizsL6S7ex2NUjdXnk5b4NBZilEK5NauPbAh6JsE6CK
-6wmw+XMqXURpAgMBAAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFMki
-Lwa2iF8qKoLbV/kONfLo7jVFMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQb
-MBmCF2ZlZC5pdC5ub3J0aHdlc3Rlcm4uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAD
-+XfGEUJhL8dl8Cc8Ea4VuFXn1t2EMdWsoXgPz3zXEVkCkAoO02fVjlM+AAkfpP+f
-REvGSbJrsD9++0PYMc1smhkus0fSDrl3AMSEXZFtYab8uetnMJ3C3SsIqXamr7CI
-pPXQLdSbbgpLifLZR4jWUoSEGGP+EmyuYtlGMQW5r8eykO2svs6KXhy4wmhTf+nx
-zlaH3ON/gNOsA9MUTijspzKqd/gWvhXwxyfMu5ogVwnKFgl3VlCJNkzKg3sKqVpy
-9+GCDmiWsOgJm4XAs6K09FfnfczqtqUzfCgNj4jCzeom4I3smjTnok0t14E9EGmH
-Aj+YkGZVtNBY7jFW/1ET
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://fed.it.northwestern.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">northwestern.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>fed.it.northwestern.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 197, expires on Wed Aug 13 20:51:28 2008 GMT -->
-          <ds:X509Certificate>
-MIIFUjCCBDqgAwIBAgICAMUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgxNDIwNTEyOFoXDTA4MDgx
-MzIwNTEyOFowUTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF05vcnRod2VzdGVybiBV
-bml2ZXJzaXR5MSAwHgYDVQQDExdmZWQuaXQubm9ydGh3ZXN0ZXJuLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwdFG9W6W07bV34fsGA98SogJqKlBSX59
-qnASfTyd5bCFPghZZ0r8HCT3a8BkK06rKrtChPF8h+vfPfaVAat2D8JGYgie6drY
-rshhKkzPXtqDzA0Q9ZpZCLOwvpLt7HY1SN1eeTlvg0FmKUQrk1q49sCHomwToIrr
-CbD5cypdRGkCAwEAAaOCArEwggKtMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUySIv
-BraIXyoqgttX+Q418ujuNUUwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAi
-BgNVHREEGzAZghdmZWQuaXQubm9ydGh3ZXN0ZXJuLmVkdTANBgkqhkiG9w0BAQUF
-AAOCAQEAGP3ty5VziTJ5PhY4yoTbiyBCYYCnhYO7dEiGt608w4N9Ts5CJ7Fj7aQ0
-tjocHE3ZEfJq/o/rd8vC8zKRm8pDqKrV0WFc9QqDVGIlf+lzG4iJOVuAfO/tYeM1
-z6Zwls+hJf/Vkhqpfonn9ZodzEH4Qgh2cEN0UPLHgZ7eg5i7e2GbEw+kh/6q3Cnu
-fAv61N+UeO7UuDGSrFwDNo/MbzrMP7Wspd/sD6J0Y5UxzDRWhVS/hQ81OTA8gNoB
-QYzBfafChXi7CgmJxUACKqcWJLBw+LeitwNHlo4bbJk/3Fy8DMhLSl2sLH1QHGNy
-J8T44pjHay36sZtynT+UyIsSGXKEww==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>fed.it.northwestern.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 381, expires on Sat Jul 17 18:10:00 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAX0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNjE4MTAwMFoXDTEwMDcx
-NzE4MTAwMFowIjEgMB4GA1UEAxMXZmVkLml0Lm5vcnRod2VzdGVybi5lZHUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHRRvVultO21d+H7BgPfEqICaipQUl+
-fapwEn08neWwhT4IWWdK/Bwk92vAZCtOqyq7QoTxfIfr3z32lQGrdg/CRmIInuna
-2K7IYSpMz17ag8wNEPWaWQizsL6S7ex2NUjdXnk5b4NBZilEK5NauPbAh6JsE6CK
-6wmw+XMqXURpAgMBAAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFMki
-Lwa2iF8qKoLbV/kONfLo7jVFMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQb
-MBmCF2ZlZC5pdC5ub3J0aHdlc3Rlcm4uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAD
-+XfGEUJhL8dl8Cc8Ea4VuFXn1t2EMdWsoXgPz3zXEVkCkAoO02fVjlM+AAkfpP+f
-REvGSbJrsD9++0PYMc1smhkus0fSDrl3AMSEXZFtYab8uetnMJ3C3SsIqXamr7CI
-pPXQLdSbbgpLifLZR4jWUoSEGGP+EmyuYtlGMQW5r8eykO2svs6KXhy4wmhTf+nx
-zlaH3ON/gNOsA9MUTijspzKqd/gWvhXwxyfMu5ogVwnKFgl3VlCJNkzKg3sKqVpy
-9+GCDmiWsOgJm4XAs6K09FfnfczqtqUzfCgNj4jCzeom4I3smjTnok0t14E9EGmH
-Aj+YkGZVtNBY7jFW/1ET
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://fed.it.northwestern.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Northwestern University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Northwestern University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.northwestern.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Xiaoxia Dong</GivenName>
-    <EmailAddress>x-dong@northwestern.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Phil Tracy</GivenName>
-    <EmailAddress>ptracy@northwestern.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University At Buffalo, The State University of New York -->
-<EntityDescriptor entityID="urn:mace:incommon:buffalo.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">buffalo.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.buffalo.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 330, expires on Sat May 29 19:32:21 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAUowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyODE5MzIyMVoXDTEwMDUy
-OTE5MzIyMVowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5idWZmYWxvLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyudY4gMFANHEzm8QVm9JMVgQkEPApOC7
-zeHpSBDxBPkMxtbaui3wy9zu4qvtA3LUkZ5Qj80NeVhLz/d8wTZNN38qn1C27tZ+
-dXprEZegbDKHgqfK36pJj/CcxXuq2DzFdV4/ALXmpVp5pf8OUkvPXOJeBR7VlyAL
-Ossd6Es9HBECAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU4u0w
-GY/Kd1/1k8PTUGBwkm7NhdIwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliYm9sZXRoLmJ1ZmZhbG8uZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQBUa5FA4QGce26UFeuoM2115n70w2oeuRW1pTJfYFUhH1ffnd1S59ShKooJ
-EqUcPG8A5NhbTUnOXWcMLgm7NLMx8MIRKL5/6Krjm5c290/XwdLpPxkB+osaLAFA
-/XA11Vdrhk3wizWzrhPkgrRUZBjIaf+e6XXk7owSSqeumrXrvC7yvn6ybNTpEtiH
-3HiPhqt2Zc2kWSVCIheollXPrK1++mbFnCljS1rV6lfsgIWRHOknC6zdeEn04Owk
-6sGE9Xu3bZO4pn99apCZLWcGoPR7wfSRxUPEftHeIP6U6Wm19EcGR1Gdf3Hk3cYi
-Z7NAhSF4wNHqfKvri6b/7En3TEWW
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.buffalo.edu/shibboleth-ext/HS"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">buffalo.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.buffalo.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 330, expires on Sat May 29 19:32:21 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAUowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyODE5MzIyMVoXDTEwMDUy
-OTE5MzIyMVowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5idWZmYWxvLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyudY4gMFANHEzm8QVm9JMVgQkEPApOC7
-zeHpSBDxBPkMxtbaui3wy9zu4qvtA3LUkZ5Qj80NeVhLz/d8wTZNN38qn1C27tZ+
-dXprEZegbDKHgqfK36pJj/CcxXuq2DzFdV4/ALXmpVp5pf8OUkvPXOJeBR7VlyAL
-Ossd6Es9HBECAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU4u0w
-GY/Kd1/1k8PTUGBwkm7NhdIwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZzaGliYm9sZXRoLmJ1ZmZhbG8uZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQBUa5FA4QGce26UFeuoM2115n70w2oeuRW1pTJfYFUhH1ffnd1S59ShKooJ
-EqUcPG8A5NhbTUnOXWcMLgm7NLMx8MIRKL5/6Krjm5c290/XwdLpPxkB+osaLAFA
-/XA11Vdrhk3wizWzrhPkgrRUZBjIaf+e6XXk7owSSqeumrXrvC7yvn6ybNTpEtiH
-3HiPhqt2Zc2kWSVCIheollXPrK1++mbFnCljS1rV6lfsgIWRHOknC6zdeEn04Owk
-6sGE9Xu3bZO4pn99apCZLWcGoPR7wfSRxUPEftHeIP6U6Wm19EcGR1Gdf3Hk3cYi
-Z7NAhSF4wNHqfKvri6b/7En3TEWW
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.buffalo.edu:7443/shibboleth-ext/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University At Buffalo, The State University of New York</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">The State University of New York at Buffalo</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.buffalo.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Joel W. Murphy</GivenName>
-    <EmailAddress>jmurphy@buffalo.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>EIS Auth Support</GivenName>
-    <EmailAddress>auth-support@buffalo.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Charles Dunn</GivenName>
-    <EmailAddress>chuck@buffalo.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>EIS Auth Support</GivenName>
-    <EmailAddress>auth-support@buffalo.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Michigan State University -->
-<EntityDescriptor entityID="urn:mace:incommon:msu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">msu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.idm.msu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 459, expires on Mon Nov  1 19:09:16 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjzCCBHegAwIBAgICAcswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAzMTE5MDkxNloXDTEwMTEw
-MTE5MDkxNlowGjEYMBYGA1UEAxMPaWRwLmlkbS5tc3UuZWR1MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6W6D3g5YdYxAiqq2is4WWRIH8iaXzY5zoLX
-26KtgXe4c9p041h1Or6y4wUJYnipgz3XlnMP+x5jQzpiv2Jbb6qKdJE//V94JaYg
-KRjBfYTo8pbrnZT2NdKrYE3ZhKTAVBsXNXEQxTEa6nBs5c5FjTY5AntuSDf9MV4h
-eK+IMQy6IRNDZfqTdxJoUSLg/A23dp4MsKe8DJpwh6yP3NYa5VmtUnsaFniLbD2Q
-Z4LO51wD2U5b3K90dQi2A4z33xT4pFCVorlV1Sptx81Q+vXvnXYxELqHOH1bA1az
-cwzS4NacuLXd7e5lFRdZfhAB86z1CDQfikx8m10AzgyJZLAnywIDAQABo4ICoTCC
-Ap0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
-BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRzfgqd8L3e/E1TQsK6tdlVgiFkvTB+
-BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMC
-VVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29t
-bW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCB
-ojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZD
-aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdl
-L2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQw
-QgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg9pZHAuaWRtLm1zdS5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAM4ZBmn4sfvJopB+Ng+fFWTfoVRn7OTNdgQJdF3G
-psOGDx+K7vdVL7ZsR07ST1HRvNSo4JOaRgf9sGI7+tIDJxq0ortbM5LpBR3IzVGz
-RtWeh39GIFaF9Qz8Q5txzGisTW7mYplyctbC0B7VGIA5+tJA/za0RIqFiO9tnz5I
-EKc8a6ZN6vub3AQ3E9KeVn3PVFFzQ52P+yrD/UBwGTkJRiRsDwCl8dUAuajfJvrk
-VY+oDGW4ccX8oEN/+U1kVguKdw9LRQkTcWmXhWFLz1oTDZeUL+W7TYjfQelZGqjT
-Jc9B8QpemljxxKy4HNmbX7jG9JSLP0Tbbqgpq6ctIxpX1XE=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.idm.msu.edu/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.idm.msu.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">msu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.idm.msu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 459, expires on Mon Nov  1 19:09:16 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjzCCBHegAwIBAgICAcswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAzMTE5MDkxNloXDTEwMTEw
-MTE5MDkxNlowGjEYMBYGA1UEAxMPaWRwLmlkbS5tc3UuZWR1MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6W6D3g5YdYxAiqq2is4WWRIH8iaXzY5zoLX
-26KtgXe4c9p041h1Or6y4wUJYnipgz3XlnMP+x5jQzpiv2Jbb6qKdJE//V94JaYg
-KRjBfYTo8pbrnZT2NdKrYE3ZhKTAVBsXNXEQxTEa6nBs5c5FjTY5AntuSDf9MV4h
-eK+IMQy6IRNDZfqTdxJoUSLg/A23dp4MsKe8DJpwh6yP3NYa5VmtUnsaFniLbD2Q
-Z4LO51wD2U5b3K90dQi2A4z33xT4pFCVorlV1Sptx81Q+vXvnXYxELqHOH1bA1az
-cwzS4NacuLXd7e5lFRdZfhAB86z1CDQfikx8m10AzgyJZLAnywIDAQABo4ICoTCC
-Ap0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
-BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRzfgqd8L3e/E1TQsK6tdlVgiFkvTB+
-BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMC
-VVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29t
-bW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCB
-ojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZD
-aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdl
-L2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQw
-QgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg9pZHAuaWRtLm1zdS5lZHUw
-DQYJKoZIhvcNAQEFBQADggEBAM4ZBmn4sfvJopB+Ng+fFWTfoVRn7OTNdgQJdF3G
-psOGDx+K7vdVL7ZsR07ST1HRvNSo4JOaRgf9sGI7+tIDJxq0ortbM5LpBR3IzVGz
-RtWeh39GIFaF9Qz8Q5txzGisTW7mYplyctbC0B7VGIA5+tJA/za0RIqFiO9tnz5I
-EKc8a6ZN6vub3AQ3E9KeVn3PVFFzQ52P+yrD/UBwGTkJRiRsDwCl8dUAuajfJvrk
-VY+oDGW4ccX8oEN/+U1kVguKdw9LRQkTcWmXhWFLz1oTDZeUL+W7TYjfQelZGqjT
-Jc9B8QpemljxxKy4HNmbX7jG9JSLP0Tbbqgpq6ctIxpX1XE=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.idm.msu.edu:8444/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Michigan State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Michigan State University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.msu.edu/home/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Matt Kolb</GivenName>
-    <EmailAddress>mk@msu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Matt Kolb</GivenName>
-    <EmailAddress>mk@msu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>John Callaghan</GivenName>
-    <EmailAddress>jpc@msu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Lafayette College -->
-<EntityDescriptor entityID="urn:mace:incommon:lafayette.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">lafayette.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp0.lafayette.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 355, expires on Fri Jun 18 18:05:37 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnTCCBIWgAwIBAgICAWMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxNzE4MDUzN1oXDTEwMDYx
-ODE4MDUzN1owHTEbMBkGA1UEAxMSaWRwMC5sYWZheWV0dGUuZWR1MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI/W1xD4c4RJZSi7cC42uO+Q3cQFXL0l
-SAEzC2hNkfrYsqsW9n4+YozT2+9b6n0uGUfzNM81Liszow45/787X6KzG/yc9sVT
-OgW+5w5BmNfnTHrdXPK6wVNyPwXqFDmhdpdr+ye+QSZJ1pvfo9K/jSL5i6JYa8x9
-SiTGM34TRtzSN10gnGMJp7v7zDbm45Usi/6L7pj3k0f6+0mTh1eE5rrQa5sY25Ad
-z4kdZGz90EAdl8/JMKGwh7e6DO2FF0N/SAQbyqHALFkdXbf0ynag2Rrms64iFd7O
-2c0C1rulLF9xaQs0Pp/jLmso6H/9/5/9+S+oj2/gVno1DhKXzOXR/wIDAQABo4IC
-rDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT6yrfcm+QuJE07k65XXgexyT8E
-PTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSB
-rTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNz
-dWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1UdEQQWMBSCEmlkcDAu
-bGFmYXlldHRlLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAMleULlWZaMNRqxAf2mft
-m1//bAJkH+CYqc0IcwjwmrC0G99zyC1PD+9rUsNrNnbegJdWFu9sSqVq17X7DsyK
-aKV8jXpKp+njpN+IA3bVjfp+DeDGIGQdc8QTzbmGemj6FqB16FsY+z3PkvZ4ww/A
-RnZOJFcKcQ7ng5uH/OqPh/ooiUuFYoe8r45TOj4pQBfsxoGZHNxq42kSYYl7qF6U
-LAgu/pbhTu49sNvaD36NIlYkNNk+wFrJ5hTEl9Ejpw+izVSljoX70xfOewE8oafD
-zK+49+I28Y7Vrj9nT8TOQ4Ma0EN1yjY0njGxDPCP4GGyU0kLJD5EN5I34JPtRo77
-NA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp0.lafayette.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp0.lafayette.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">lafayette.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp0.lafayette.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 355, expires on Fri Jun 18 18:05:37 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnTCCBIWgAwIBAgICAWMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYxNzE4MDUzN1oXDTEwMDYx
-ODE4MDUzN1owHTEbMBkGA1UEAxMSaWRwMC5sYWZheWV0dGUuZWR1MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI/W1xD4c4RJZSi7cC42uO+Q3cQFXL0l
-SAEzC2hNkfrYsqsW9n4+YozT2+9b6n0uGUfzNM81Liszow45/787X6KzG/yc9sVT
-OgW+5w5BmNfnTHrdXPK6wVNyPwXqFDmhdpdr+ye+QSZJ1pvfo9K/jSL5i6JYa8x9
-SiTGM34TRtzSN10gnGMJp7v7zDbm45Usi/6L7pj3k0f6+0mTh1eE5rrQa5sY25Ad
-z4kdZGz90EAdl8/JMKGwh7e6DO2FF0N/SAQbyqHALFkdXbf0ynag2Rrms64iFd7O
-2c0C1rulLF9xaQs0Pp/jLmso6H/9/5/9+S+oj2/gVno1DhKXzOXR/wIDAQABo4IC
-rDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT6yrfcm+QuJE07k65XXgexyT8E
-PTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSB
-rTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNz
-dWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1UdEQQWMBSCEmlkcDAu
-bGFmYXlldHRlLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAMleULlWZaMNRqxAf2mft
-m1//bAJkH+CYqc0IcwjwmrC0G99zyC1PD+9rUsNrNnbegJdWFu9sSqVq17X7DsyK
-aKV8jXpKp+njpN+IA3bVjfp+DeDGIGQdc8QTzbmGemj6FqB16FsY+z3PkvZ4ww/A
-RnZOJFcKcQ7ng5uH/OqPh/ooiUuFYoe8r45TOj4pQBfsxoGZHNxq42kSYYl7qF6U
-LAgu/pbhTu49sNvaD36NIlYkNNk+wFrJ5hTEl9Ejpw+izVSljoX70xfOewE8oafD
-zK+49+I28Y7Vrj9nT8TOQ4Ma0EN1yjY0njGxDPCP4GGyU0kLJD5EN5I34JPtRo77
-NA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp0.lafayette.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Lafayette College</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Lafayette College</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.lafayette.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bob Bailey</GivenName>
-    <EmailAddress>baileyb@lafayette.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://moodle4.lafayette.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>moodle4.lafayette.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 430, expires on Fri Sep 10 18:14:11 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmzCCBIOgAwIBAgICAa4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwOTE4MTQxMVoXDTEwMDkx
-MDE4MTQxMVowIDEeMBwGA1UEAxMVbW9vZGxlNC5sYWZheWV0dGUuZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUTqwRN6wEQrEec/91PZqmUQ0jpa
-qITkKEk2kT635TEwfg5ta43Ay3sV2vRZuiNYQsNic5nR+n/390Lu9fDxcP5Svq+D
-iqN0BccFB2To7qobzHUsAXK6yD7zGYB79XQlnxqproAko+oDu8/Q6xIw/qQ2lPVP
-xqgUcyhpTn10mGDOh0Xb2FegD+GObm6gJEf9ba2QNThsjXlNgiNyVuG9oX3nPyrl
-VjzoOBrRioLQDLokZRfSJGyWrFfc4Rakb4B67MdpWz13weUakIQFKMu4EdNG7Y5z
-3/NQuMiD/hkerGlc4krSVGH6tuhV7a/MSuxJXwmhrORfhFMX6OnxLkmJpQIDAQAB
-o4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQpA3QrdMrIvN1TveSfGOup
-Cj8X0jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcB
-AQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEF
-BQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
-dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2Vl
-Y3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMB
-BAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAXghVtb29kbGU0Lmxh
-ZmF5ZXR0ZS5lZHUwDQYJKoZIhvcNAQEFBQADggEBAG1kPM4Y3fSfdznUDz8XWGBm
-qSXHZPD1qm7khoC1mJFps9Z7FennvM/Gy3ikK3vhxXcnLSZvF1LXApI2ZGWm5Fxs
-QLWwwS342OA0h3dfqXwx0+WfTTcR+Df3uRPtpbcvGJ0ixeLWVRN/lA7AyoTa/RZz
-jY1gJXwbunU0StkBzuwlZFVKDfnaGzNiGN57chag1ZLZHmLCs4r6KHViSj60ujJm
-LC46+F4B9ODFs9ygK0hc3SKcuOcXD9Nq5WOn8ekbPQvlvdU45t86vuTYmRFZ2f9W
-KQCCpYEZe2OtVXYepnN6SVdmM5YDsYx62zEDNJYgOeEGRPJzhnwPBrxdDHJBK4g=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://moodle4.lafayette.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Lafayette College</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Lafayette College</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.lafayette.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bob Bailey</GivenName>
-    <EmailAddress>baileyb@lafayette.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://spaces.lafayette.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>spaces.lafayette.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 443, expires on Sat Oct  2 18:10:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAbswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAwMTE4MTA1MloXDTEwMTAw
-MjE4MTA1MlowHzEdMBsGA1UEAxMUc3BhY2VzLmxhZmF5ZXR0ZS5lZHUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCig9/ih5IqjULxB1DFX1YzVwRQM5GC
-2b7P99FA6MOMvLIu0/45HuEIuGu+61wyTqMBhF/Z3bnR3cacBnFfx0A8BFj0vZOa
-TCO5+T6moxKAyXwvC0kF6NemR5wi5GlwL2gTd1+ABZL6/oK7qFB0Y3YDY3RSOzOk
-I0noblEuL+WqQMk3p0CmTbuUPmjs3eG9O60NRmVXqkaYkbN3tw8arPeKHOYqFQ/v
-2ncWwM7uTlPyP2L0kYYew1/bOis0dzvIsRd9syIXl+OcnteKlumSW/Abh327nZKX
-0qANRP9pcKd9AsyO6A2svGtZ4PknEZrywcsWtPrJvTCFm4iSNRdcK5P1AgMBAAGj
-ggKmMIICojAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU
-BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFGuyJmofODvM7OyyJaOtVQ56
-yRfNMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYD
-VQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMg
-SW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEB
-BIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUF
-BzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9i
-cmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0
-dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVj
-cmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEE
-AQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB8GA1UdEQQYMBaCFHNwYWNlcy5sYWZh
-eWV0dGUuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAhRfov9XSQ+IFGzAk0deaBntpE
-tl5pTJTpteS33XHNyTlkRbnwgoCaqbU9MePBVzSYkzzSThIq7omz5Qr6wSwXz8c7
-6wSEG+6oplcGzrXTyLBypmVZc/CDeWqm9POYUzf4bTOs+kDRnZ2XYl04FbK9fhfw
-Ru8790RKt4AzRc2QO79+lhRg9ZusUn6L+qxKUNW9nbkCMO2rYuYAlI7LRagjeQ4K
-gm32bBoS0gbvjvtwv9QIFKkYHubD8QMf5HxnUaCWx+JgJGzqBeEm5Xg64GsuAOGZ
-upfGH4Ie65vICdRJSuG8DmEU6ohxu11MFF2G/HUu8IyLvhzXirgu5Z8PxapB
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://spaces.lafayette.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Lafayette College</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Lafayette College</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.lafayette.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>John O'Keefe</GivenName>
-    <EmailAddress>okeefej@lafayette.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Bob Bailey</GivenName>
-    <EmailAddress>baileyb@lafayette.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Symplicity Corporation -->
-<EntityDescriptor entityID="https://shibboleth-carleton.symplicity.com/sso/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth-carleton.symplicity.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 342, expires on Sat Jun  5 18:43:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFOTCCBCGgAwIBAgICAVYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwNDE4NDM1MloXDTEwMDYw
-NTE4NDM1MlowLTErMCkGA1UEAxMic2hpYmJvbGV0aC1jYXJsZXRvbi5zeW1wbGlj
-aXR5LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1/kbBtMy7SuEPTnr
-frfGstwWmWAaa0aXyvhdtBviqBa2NlcwZwFhWpdJXYfGbgEo1XYbtC5UxQn81vfc
-IEoIe/9b6WkCr6jw5p0LkgNHFYdMuoXVwkRg8imynuoK5ccNzfOHm0AfTePsKbwz
-m41QSge1FZ1vkpbJugfD+0svfocCAwEAAaOCArwwggK4MA4GA1UdDwEB/wQEAwIF
-oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAd
-BgNVHQ4EFgQUKEq2CwEOEmWcxt31E+LMdeD5q3EwfgYDVR0jBHcwdYAUky3IYRit
-Y+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNv
-bW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGa
-aHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdl
-L2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2lu
-Y29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUH
-AgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJh
-Y3RpY2VzLnBkZjAtBgNVHREEJjAkgiJzaGliYm9sZXRoLWNhcmxldG9uLnN5bXBs
-aWNpdHkuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQC1bvf4rEhO2jQ8aDc+dGofLAFI
-QTDDR7lVvcGSc9ZHhccjrF/h+kzBtROvbbeIV6kMPKYJ3dBZj8LG/LOsXyooNIZT
-LKK5rDkmHxtQVKFiNDk2jlQnslTG+TqtpJDgYKzrLu2Qg4zoHV7ooYS6CLeVydFT
-JhWjGXtWIF72kUk3EfB0SUM8EePr9e/xh1W5RrLerAQcuk6XCUNQqy8zATDe+phD
-V+Wd0bcajrxKyRKqoCm2BAsegryqooPhT9HjPxS0KmV063U3ha7wCdVez9/oj08m
-JbBEt5aZvzCb2ycaiSnk8MiZaGvtmtRyGqu6HXw5AVdd1enrACTfiirLi7Kl
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth-carleton.symplicity.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Symplicity Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Symplicity Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.symplicity.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Symplicity NOC</GivenName>
-    <EmailAddress>shib@symplicity.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth-nw.symplicity.com/sso">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth-nw.symplicity.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 403, expires on Sun Aug  8 18:47:03 2010 GMT -->
-          <ds:X509Certificate>
-MIIFqTCCBJGgAwIBAgICAZMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgwNzE4NDcwM1oXDTEwMDgw
-ODE4NDcwM1owJzElMCMGA1UEAxMcc2hpYmJvbGV0aC1udy5zeW1wbGljaXR5LmNv
-bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKYa06n0gzpmzBltjfaa
-IIUzdmd4Xu3XLqW05KHmtOF2bKz991UteuYl65ftmNfqoh9bHkiZBF9vsnbJoR8K
-oK5c8UXh8cHN7sPiAtioD83jIg6W5WdMWMp6SrwVoaorJbtdR/0uTnhjd7mkzpp1
-OFjFPy/UKv3YHUeHNOL34LqEWF/xHfn6oJNrrZsl4sFrAKXrHMHzkUkdVxquM5yg
-dtObe76Nn1hFbEjJNMiAfLXWNXTQuk+5rakOkn88qesYdKBLZsmy1dHO10F7GPUf
-z+VZo8aa7VsSKdfl792+qX8iygM6mF/G1wXtU+m4Z5E3rz4lu+ncxkkiKkmcp+lH
-HfUCAwEAAaOCAq4wggKqMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUuTkCA9gQFwPd
-LlWgBDipAraouGkwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJwYDVR0RBCAwHoIcc2hp
-YmJvbGV0aC1udy5zeW1wbGljaXR5LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAHcNY
-daGswiTU0q9GzVW6Q7hqTy2YDHKc9R3V6b+U2WUwJVKmf7IpBIq7hKgsktuiGNYN
-FX9fTKMNpEtEFDeM6UadGf6iVMbEDYCpbETbjX1rs1gEW9ctZiU7h7+EihgkkKL9
-01TivPLwBbuf4enrKw4NRVMfMro3NpeshgLkyORkyMauP4fMRuDjwLwm8W8QWG2r
-fIIBKR8iEu0m40f+2aEQWvRA8CGm6RJwmkpH2hwl7wszuqneLhyxn7FwvlX+2pI+
-pk+/mf0UhW87L6+rk1TERGHD/G/Fg5FAsECqgFdqPJYFIBE68NqIzVQxk7OO3sfr
-KCFMRbMWTBAQwI962Q==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth-nw.symplicity.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Symplicity Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Symplicity Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.symplicity.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Symplicity NOC</GivenName>
-    <EmailAddress>shib@symplicity.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth-nyu.symplicity.com/sso">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth-nyu.symplicity.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 419, expires on Sat Aug 28 18:24:18 2010 GMT -->
-          <ds:X509Certificate>
-MIIFqzCCBJOgAwIBAgICAaMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyNzE4MjQxOFoXDTEwMDgy
-ODE4MjQxOFowKDEmMCQGA1UEAxMdc2hpYmJvbGV0aC1ueXUuc3ltcGxpY2l0eS5j
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmGtOp9IM6ZswZbY32
-miCFM3ZneF7t1y6ltOSh5rThdmys/fdVLXrmJeuX7ZjX6qIfWx5ImQRfb7J2yaEf
-CqCuXPFF4fHBze7D4gLYqA/N4yIOluVnTFjKekq8FaGqKyW7XUf9Lk54Y3e5pM6a
-dThYxT8v1Cr92B1HhzTi9+C6hFhf8R35+qCTa62bJeLBawCl6xzB85FJHVcarjOc
-oHbTm3u+jZ9YRWxIyTTIgHy11jV00LpPua2pDpJ/PKnrGHSgS2bJstXRztdBexj1
-H8/lWaPGmu1bEinX5e/dvql/IsoDOphfxtcF7VPpuGeRN68+Jbvp3MZJIipJnKfp
-Rx31AgMBAAGjggKvMIICqzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFLk5AgPYEBcD
-3S5VoAQ4qQK2qLhpMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCgGA1UdEQQhMB+CHXNo
-aWJib2xldGgtbnl1LnN5bXBsaWNpdHkuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQAp
-CSWTfZ7OlkVtwmUIcP4ufLXr+wQukm8fyRnPzz9lCK2MW8g4DZaDFa6zqUvjQRnL
-tEI5goaVOG157nC0D8SgYrAwMwbuxhHio//zZqLT4MjeYZqAKxuCfx4vYS8n6uj/
-FgioUgMApymoQOydUrvGHlZ3qbC4U+G5wb9AwWZp/JpSgk+waffQzBtZRnrIIfsw
-VOvveyQ9JLgGx+WaZHjqObzwOexCAlch2oT4BKa9lVcn+5i9hggphjrhCaNpXJ17
-tfrMqQ/hRYgSJWQahOspgWpO7MQDrs7Bwg75764JQ1IiVQujtsm2PMAAmoIqZJpK
-6PT0ZDweMiPkMQ/H/1QO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth-nyu.symplicity.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Symplicity Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Symplicity Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.symplicity.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Symplicity NOC</GivenName>
-    <EmailAddress>noc@symplicity.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth-richmond.symplicity.com/sso/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth-richmond.symplicity.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 418, expires on Mon Aug 23 12:03:16 2010 GMT -->
-          <ds:X509Certificate>
-MIIFtTCCBJ2gAwIBAgICAaIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyMjEyMDMxNloXDTEwMDgy
-MzEyMDMxNlowLTErMCkGA1UEAxMic2hpYmJvbGV0aC1yaWNobW9uZC5zeW1wbGlj
-aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKYa06n0gzpm
-zBltjfaaIIUzdmd4Xu3XLqW05KHmtOF2bKz991UteuYl65ftmNfqoh9bHkiZBF9v
-snbJoR8KoK5c8UXh8cHN7sPiAtioD83jIg6W5WdMWMp6SrwVoaorJbtdR/0uTnhj
-d7mkzpp1OFjFPy/UKv3YHUeHNOL34LqEWF/xHfn6oJNrrZsl4sFrAKXrHMHzkUkd
-VxquM5ygdtObe76Nn1hFbEjJNMiAfLXWNXTQuk+5rakOkn88qesYdKBLZsmy1dHO
-10F7GPUfz+VZo8aa7VsSKdfl792+qX8iygM6mF/G1wXtU+m4Z5E3rz4lu+ncxkki
-Kkmcp+lHHfUCAwEAAaOCArQwggKwMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUuTkC
-A9gQFwPdLlWgBDipAraouGkwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwLQYDVR0RBCYw
-JIIic2hpYmJvbGV0aC1yaWNobW9uZC5zeW1wbGljaXR5LmNvbTANBgkqhkiG9w0B
-AQUFAAOCAQEAlpnl3eNc62nABzLh2Cl1CpvzyL9MFzUBvhKnnyp13vwef+PdINla
-rMjc5MlBc9dzljakNjn5Rr5AQWzGB/wJrO1HcU+gFylBqw/e0TX8hlJ0LQddF0X0
-9rCcCP1eTAR8nKslw01erSvEci1n6MjOqLX43tDpazKReD4ohwUaohi4BsjhAnyY
-eMnF+4NpwbBkb5xkMoKKRofz1hti+0DnDu5ZHmy3k1eXj8BY2BR8EPu3xvm+xLSg
-+1xnbwNzi8PV2JBG7/Hab2U+KjoohJr5NvcdYIGthfE4lHpnCq2pMM+ilv12EW8R
-k4UgGWa1UlP8TjGpYbYnjs5Z7oD/NSgq+A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth-richmond.symplicity.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Symplicity Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Symplicity Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.symplicity.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Symplicity NOC</GivenName>
-    <EmailAddress>noc@symplicity.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth.symplicity.com/sso">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.symplicity.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 316, expires on Mon May 10 20:10:21 2010 GMT -->
-          <ds:X509Certificate>
-MIIFqzCCBJOgAwIBAgICATwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUwOTIwMTAyMVoXDTEwMDUx
-MDIwMTAyMVowJDEiMCAGA1UEAxMZc2hpYmJvbGV0aC5zeW1wbGljaXR5LmNvbTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKYa06n0gzpmzBltjfaaIIUz
-dmd4Xu3XLqW05KHmtOF2bKz991UteuYl65ftmNfqoh9bHkiZBF9vsnbJoR8KoK5c
-8UXh8cHN7sPiAtioD83jIg6W5WdMWMp6SrwVoaorJbtdR/0uTnhjd7mkzpp1OFjF
-Py/UKv3YHUeHNOL34LqEWF/xHfn6oJNrrZsl4sFrAKXrHMHzkUkdVxquM5ygdtOb
-e76Nn1hFbEjJNMiAfLXWNXTQuk+5rakOkn88qesYdKBLZsmy1dHO10F7GPUfz+VZ
-o8aa7VsSKdfl792+qX8iygM6mF/G1wXtU+m4Z5E3rz4lu+ncxkkiKkmcp+lHHfUC
-AwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUuTkCA9gQFwPdLlWg
-BDipAraouGkwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJ
-CUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAkBgNVHREEHTAb
-ghlzaGliYm9sZXRoLnN5bXBsaWNpdHkuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQAL
-9h1LC/z9bc0o8IN9Qhf3EkXHzHD2IBWrqgDucx+qWYMh5/OuNpZSdRzIy8K4Vy5R
-wf4NYDPTNeNHM9k5LxvqWMji7XQ9FepY/26BnIOYNIJb6ZBgJOOGCRcsPgS6Ma8u
-lNa8qgw2tpPoeRVeUrvfgh85m7yBfItidcsPUG+WmKsvjYu+Tqj4XdQXYGzupKRE
-XMD584Ka2fhpoJ5WUaX17zSP4TLT3L5HMR2nZRCqtDAkf05u3S0D9SaZsQ9ZCGYu
-FApiU1SweMjUVHtCoOmGR5xLEZJ3DGG2+axrqVLtnDICxpPt+JbU5hkSP21pFKA1
-B4pKqqaY9EEZmfruRmFJ
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.symplicity.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Symplicity Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Symplicity Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.symplicity.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Symplicity NOC</GivenName>
-    <EmailAddress>noc@symplicity.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth-uchicago.symplicity.com/sso/">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth-uchicago.symplicity.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 302, expires on Mon Apr 19 19:51:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFvTCCBKWgAwIBAgICAS4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQxODE5NTE0M1oXDTEwMDQx
-OTE5NTE0M1owLTErMCkGA1UEAxMic2hpYmJvbGV0aC11Y2hpY2Fnby5zeW1wbGlj
-aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKYa06n0gzpm
-zBltjfaaIIUzdmd4Xu3XLqW05KHmtOF2bKz991UteuYl65ftmNfqoh9bHkiZBF9v
-snbJoR8KoK5c8UXh8cHN7sPiAtioD83jIg6W5WdMWMp6SrwVoaorJbtdR/0uTnhj
-d7mkzpp1OFjFPy/UKv3YHUeHNOL34LqEWF/xHfn6oJNrrZsl4sFrAKXrHMHzkUkd
-VxquM5ygdtObe76Nn1hFbEjJNMiAfLXWNXTQuk+5rakOkn88qesYdKBLZsmy1dHO
-10F7GPUfz+VZo8aa7VsSKdfl792+qX8iygM6mF/G1wXtU+m4Z5E3rz4lu+ncxkki
-Kkmcp+lHHfUCAwEAAaOCArwwggK4MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUuTkC
-A9gQFwPdLlWgBDipAraouGkwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAt
-BgNVHREEJjAkgiJzaGliYm9sZXRoLXVjaGljYWdvLnN5bXBsaWNpdHkuY29tMA0G
-CSqGSIb3DQEBBQUAA4IBAQAF5elobDNbzxu7QimUJjDdYSDjV9hVZWufF8tTG8IX
-7cywclKp0yC+N/rMiI313vi8IGdVSQO2IuI5XOnAUKNs365ukm4fIcxgVRepyiAa
-hbz+uchGwObRp0PUBoU51xNSOp+HL9TCPRI4Oqt0EG/X8leWVu14OMSb2UBRznKQ
-I0kYpeZny3gmKkeg+7uC5uti1UJi7bEWmNKjEaTZz2CCIDfVdqr9t5IhmymHkoqt
-weoQ7WDfDHooIgZXgMKxYzGtFZfaZWGLpV9UymYR0Ez3xaFQgGB+JlgNhcw40opN
-nEIr8TBpqpDuNWzSKioVEi+eQ9vKbnfmsm+v0hfqdwRJ
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth-uchicago.symplicity.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Symplicity Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Symplicity Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.symplicity.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Symplicity NOC</GivenName>
-    <EmailAddress>noc@symplicity.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth-umbc.symplicity.com/sso">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth-umbc.symplicity.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 299, expires on Fri Apr 16 18:56:54 2010 GMT -->
-          <ds:X509Certificate>
-MIIFtTCCBJ2gAwIBAgICASswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQxNTE4NTY1NFoXDTEwMDQx
-NjE4NTY1NFowKTEnMCUGA1UEAxMec2hpYmJvbGV0aC11bWJjLnN5bXBsaWNpdHku
-Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphrTqfSDOmbMGW2N
-9poghTN2Z3he7dcupbTkoea04XZsrP33VS165iXrl+2Y1+qiH1seSJkEX2+ydsmh
-HwqgrlzxReHxwc3uw+IC2KgPzeMiDpblZ0xYynpKvBWhqislu11H/S5OeGN3uaTO
-mnU4WMU/L9Qq/dgdR4c04vfguoRYX/Ed+fqgk2utmyXiwWsApescwfORSR1XGq4z
-nKB205t7vo2fWEVsSMk0yIB8tdY1dNC6T7mtqQ6Sfzyp6xh0oEtmybLV0c7XQXsY
-9R/P5VmjxprtWxIp1+Xv3b6pfyLKAzqYX8bXBe1T6bhnkTevPiW76dzGSSIqSZyn
-6Ucd9QIDAQABo4ICuDCCArQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBS5OQID2BAX
-A90uVaAEOKkCtqi4aTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCkGA1Ud
-EQQiMCCCHnNoaWJib2xldGgtdW1iYy5zeW1wbGljaXR5LmNvbTANBgkqhkiG9w0B
-AQUFAAOCAQEAg2O2lSE7vSUli3Ww2uVeknN4wa57o9izqjZ7OtQ/aM6RbULFDYDP
-UYFeMC2A8MglbRoKiwsjeFjuv3JRUm0k8RDsUJ3E2DVmmsr5Fafid973BTl0wMU+
-j3GmhqRFmT6+aq5T5Xsndq36Hbox+Rm4ukoSm+DHMOU2R7um6nBtP+DFGnJ9PEin
-mC9FC9t0woT9/ALLDibL5Vi+/IKLscx60HlfChC/qpSlab710sV5yLavhz4ZKFLX
-YptShAepB0+rWLwIyEFg7i7dgKRjWN1AjXgXBxtkucv9yG6s0foBsjQ6OARCxMWP
-wmBEwkWvWgOSzlSr3nWqAy8SJKqzXmnZwQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth-umbc.symplicity.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Symplicity Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Symplicity Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.symplicity.com</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Symplicity NOC</GivenName>
-    <EmailAddress>noc@symplicity.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Richmond -->
-<EntityDescriptor entityID="urn:mace:incommon:richmond.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">richmond.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wwws.richmond.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 369, expires on Fri Jul  2 17:15:51 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAXEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTU1MVoXDTEwMDcw
-MjE3MTU1MVowHDEaMBgGA1UEAxMRd3d3cy5yaWNobW9uZC5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAJoUI6tzeNe1v/Z02hxlrucEgkpd2miRhNsefj0o
-rFU6F314FZ6CE7JHHvA+iciDyOZwC1gBGjiqXn/4azVCRkysDxoRHcH2DfWD7vBB
-1kIb/obXfGDQRUCQb6Cxheods0I9vYWg1qz8XInN1m9R6a2kCUdvImZFMa7eKacb
-imovAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFkrRnHYcJBy
-RqAR3ljF8hWkQy/0MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXd3
-d3MucmljaG1vbmQuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCCIHYpOqVIfUCqEwKJ
-BL99Jun8F4QjHtvORw1cHj+u5u4u6WitllYmdgiMQO6XLFQuGAwJK82ldpI4AlQK
-5BSvGp7lYIwIlalvIaM6qyFQLiczhRv7ZpkdphIp6hUAzlXXlyKVBSYVl8vgXpHF
-KseSBeTagQ1v82ViY+9p0OVOLgGvKWBWNRgiW9WcF7YkU+8OE0HDZAreENt3n/IZ
-EMVj9oW8498POQC4y1D9I0SMB2VgIlKW+QjmH7PiKdRlXN6yUkpI+VSfnA29Lvt0
-mVClkrXyQ4IIgUvcDrZhkFwyRL0i7tSLsRDLY/NGfxzDG87vVWNt99wciReEmEmH
-W7Pl
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://wwws.richmond.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">richmond.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wwws.richmond.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 369, expires on Fri Jul  2 17:15:51 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAXEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTU1MVoXDTEwMDcw
-MjE3MTU1MVowHDEaMBgGA1UEAxMRd3d3cy5yaWNobW9uZC5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAJoUI6tzeNe1v/Z02hxlrucEgkpd2miRhNsefj0o
-rFU6F314FZ6CE7JHHvA+iciDyOZwC1gBGjiqXn/4azVCRkysDxoRHcH2DfWD7vBB
-1kIb/obXfGDQRUCQb6Cxheods0I9vYWg1qz8XInN1m9R6a2kCUdvImZFMa7eKacb
-imovAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFkrRnHYcJBy
-RqAR3ljF8hWkQy/0MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXd3
-d3MucmljaG1vbmQuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCCIHYpOqVIfUCqEwKJ
-BL99Jun8F4QjHtvORw1cHj+u5u4u6WitllYmdgiMQO6XLFQuGAwJK82ldpI4AlQK
-5BSvGp7lYIwIlalvIaM6qyFQLiczhRv7ZpkdphIp6hUAzlXXlyKVBSYVl8vgXpHF
-KseSBeTagQ1v82ViY+9p0OVOLgGvKWBWNRgiW9WcF7YkU+8OE0HDZAreENt3n/IZ
-EMVj9oW8498POQC4y1D9I0SMB2VgIlKW+QjmH7PiKdRlXN6yUkpI+VSfnA29Lvt0
-mVClkrXyQ4IIgUvcDrZhkFwyRL0i7tSLsRDLY/NGfxzDG87vVWNt99wciReEmEmH
-W7Pl
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://wwws.richmond.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Richmond</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Richmond</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.richmond.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Greg Miller</GivenName>
-    <EmailAddress>gmiller@richmond.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Steve Zinski</GivenName>
-    <EmailAddress>szinski@richmond.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Medical University of South Carolina -->
-<EntityDescriptor entityID="urn:mace:incommon:musc.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">musc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.musc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 243, expires on Thu Jan  7 22:13:30 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAPMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEwNzIyMTMzMFoXDTEwMDEw
-NzIyMTMzMFowHjEcMBoGA1UEAxMTc2hpYmJvbGV0aC5tdXNjLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAwR6gd7Rpw/JhnIGzzhNgQVK4n4w+P9jrf5Jz
-8uPM4lPE9mB35NnHcdskiqJwQWsHWz/WoseowuIuttgWeYG0uPwxCea6rfkhC//j
-NjYV20HKPWs7pv071s/NXXdYFbXy/oYR70T2m889f+9vCUdzmORAy/W5Zw9Dz77E
-Gu8mMVMCAwEAAaOCAq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUtkz9s2xJ
-4IQnKx9KM71Qyodp1vcwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-ugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNV
-HREEFzAVghNzaGliYm9sZXRoLm11c2MuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAJ
-2waGoRT3j1uscdAA5RZYv/CXJTcBIvwDm6oiP4AsUvj6uHHqfvJxbO0Upl3XTHhv
-lxwGwnuZEkXZhsguqxcZupwae0Jp+gSPRzBOgutx4+NoOXM+C/UfWIao63AQhWsq
-EiaUAWTuTdWCCgAYdXrxJJcZdVmCX71D+68CMj7hIreSPUwQuruNml09tHdvvrTt
-PoDx3II1XkmHtH6sd4C0t87JQZhtvygCphAmneOmhWHUsEh/oDTkCqZNQXz4uA53
-Aw5kpWiAOuWuMqH7nK/VMYdxoQDkmXmOL9Jd7LVv62wf9g6GY1vvuwltTGWRyIMC
-UmG1G20eV87I65L9YVpx
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.musc.edu/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.musc.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">musc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.musc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 243, expires on Thu Jan  7 22:13:30 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGzCCBAOgAwIBAgICAPMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEwNzIyMTMzMFoXDTEwMDEw
-NzIyMTMzMFowHjEcMBoGA1UEAxMTc2hpYmJvbGV0aC5tdXNjLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAwR6gd7Rpw/JhnIGzzhNgQVK4n4w+P9jrf5Jz
-8uPM4lPE9mB35NnHcdskiqJwQWsHWz/WoseowuIuttgWeYG0uPwxCea6rfkhC//j
-NjYV20HKPWs7pv071s/NXXdYFbXy/oYR70T2m889f+9vCUdzmORAy/W5Zw9Dz77E
-Gu8mMVMCAwEAAaOCAq0wggKpMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUtkz9s2xJ
-4IQnKx9KM71Qyodp1vcwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-ugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAeBgNV
-HREEFzAVghNzaGliYm9sZXRoLm11c2MuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAJ
-2waGoRT3j1uscdAA5RZYv/CXJTcBIvwDm6oiP4AsUvj6uHHqfvJxbO0Upl3XTHhv
-lxwGwnuZEkXZhsguqxcZupwae0Jp+gSPRzBOgutx4+NoOXM+C/UfWIao63AQhWsq
-EiaUAWTuTdWCCgAYdXrxJJcZdVmCX71D+68CMj7hIreSPUwQuruNml09tHdvvrTt
-PoDx3II1XkmHtH6sd4C0t87JQZhtvygCphAmneOmhWHUsEh/oDTkCqZNQXz4uA53
-Aw5kpWiAOuWuMqH7nK/VMYdxoQDkmXmOL9Jd7LVv62wf9g6GY1vvuwltTGWRyIMC
-UmG1G20eV87I65L9YVpx
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.musc.edu:7443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Medical University of South Carolina</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Medical University of South Carolina</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.musc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Gregg</GivenName>
-    <EmailAddress>greggmc@musc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ezproxy.musc.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>ezproxy.musc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 337, expires on Thu Jun  3 18:15:24 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICAVEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwMjE4MTUyNFoXDTEwMDYw
-MzE4MTUyNFowGzEZMBcGA1UEAxMQZXpwcm94eS5tdXNjLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA2jpJ+zxREhO1xIxDBVTKxp+F7ZfTj5kRNO1/+Ma5
-Sys1rOgAmBmyolORhjJf6rNj915NkEWymZxmoMrp/Wm8lOabFWveorSvBwCdTIHA
-/+2RvmXrJ1CuGAzjP4JiTyCWWLU+ltqCkHXXUv1lZipnxmSPjEAtAxkb2d8YA07y
-6zkCAwEAAaOCAqowggKmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUyPcQx9L4lmOd
-K8WbZtBXA2njeWowfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYI
-KwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0f
-BIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
-bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAE
-VzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1v
-bmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAbBgNVHREE
-FDASghBlenByb3h5Lm11c2MuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAQIicxMSdb
-LAy86bYhSaEzdYnahqT0F0vdVt5cWKEI8EDosWNsjOV6cf+kZoxTB23ZTVw6jntE
-ENd6dMq3r3qUfaK6hVdhZWL2gqCnSWqzZVa/YNkf0rVHexydvUCCs45oiuMIZtT1
-DFWzTs1sGYte6UwN7+hejU/pRfwgLE1DJPJsA/7Yqcrrow+Gi5gDMza9B1Fm7Xjj
-7IpW9Vjlv9pYlfv4eHqjrqVElx3l/0WUBN7Vnu+KnWKcQ0SD8wsLJshYVbHhjw6f
-PL00nCi5mYaZlbW/KlMetKZDrDh7p8DPavNFQCbceTrwFDU2Hl6K4QjIqu0BQRb5
-cXMadKDAn3dH
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ezproxy.musc.edu/Shibboleth.shire" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://ezproxy.musc.edu/Shibboleth.shire" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Medical University of South Carolina</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Medical University of South Carolina</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.musc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Gregg</GivenName>
-    <EmailAddress>webmaster@musc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Wisconsin-Madison -->
-<EntityDescriptor entityID="urn:mace:incommon:wisc.edu">
-  <IDPSSODescriptor errorURL="https://idp.login.wisc.edu/support.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">wisc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.login.wisc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 277, expires on Mon Mar  8 21:26:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnTCCBIWgAwIBAgICARUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMwNzIxMjY1MloXDTEwMDMw
-ODIxMjY1MlowHTEbMBkGA1UEAxMSaWRwLmxvZ2luLndpc2MuZWR1MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0t3teLrTZBz91MJ6nQizUeSp1W92ijOT
-F+1jk+tTSKSerEneVsaMftouSiGsu8p5r1cKvNe6hR5ujoN8TtMbIp8/JAVIO1Il
-JBCDUhVIUgMMmlSAkp3bvk7flri1QBC2AgLSbsWOizn6S1zh69gX+gflcs8Hx6Ig
-6zPU8LOvgtPWZI3QtOEY8qXkdtmIeAX2SWDXBsRj8ss720omZGuTArXZiX+CvK3l
-Pw8k+hl8+0dHh1m1xhWc8yq8ty+H5tEg8u+ZzZ3hX7SAkuVuoo8JdJhzFfWsY7aq
-DIJ4a8VaL3Fd+khy3maNLPXyNsnOZ486TQrSaWrz1wYh/IA2ZyH+pQIDAQABo4IC
-rDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSSuIqaG0sB7+IlCBJ1BJAWbJMq
-SjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSB
-rTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNz
-dWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1UdEQQWMBSCEmlkcC5s
-b2dpbi53aXNjLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAxnSAGcnqeaIZiWpvhsq3
-6PJ/38scUyqoIuqDs1YHU6U2/fe1477BXMO5Ly0WtnYno4mmYGp+7njNg1UxJwV7
-VV0IEdDdBeRx7sUlfIgDAWTJwgY3BOSBmMwAXksiEulUB/iKyQJOoOHnfOBWWQz1
-SRwoW0O3H2AjxJ4SJvR0LRZN5Ijym4wZ9iwdiBFv76U/nZGJA9kLQG4RoYpchME7
-5D3xLqq5Qpr4TaFKl1eXZSvYXJMgEN5D+8+sGA70I1fznakhxs0ToReTE0fU06AD
-qSsXej8DgGfM7Kajx2IuSQl8YDwmMUl+DVhh1HPtQxJGypPlm9FikTCqoZl01Rgt
-RA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.login.wisc.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">wisc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aa.login.wisc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 189, expires on Thu Jul 24 15:08:03 2008 GMT -->
-          <ds:X509Certificate>
-MIIF0jCCBLqgAwIBAgICAL0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDcyNTE1MDgwM1oXDTA4MDcy
-NDE1MDgwM1owUzELMAkGA1UEBhMCVVMxKDAmBgNVBAoTH1VuaXZlcnNpdHkgb2Yg
-V2lzY29uc2luLU1hZGlzb24xGjAYBgNVBAMTEWFhLmxvZ2luLndpc2MuZWR1MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z3qZGtDKhkrPcvUSFbf7ImW
-/wbkbQR3NQG8g3U/JC1pciwBLI8vE+IKzinw2/1m9YEJIWJqPfiRb+Ew+hheXcLF
-dXPgXw3cIv8KUhuyGQSOovmhMkn3ZqceCfNfclE4GFqbXy9UZPG4PRbBGhNWd8Tn
-a+nkQ2+lJygHFQdVOGztGjtTl0HvEFedAsqKYz3gMcU54oyxtEK5n/lGpCzeE/Nr
-MjckAzFHtf6/RNzM7yDy2DvcLUm2JjybLe3OWLlf4kZe3zaS01oEfeR6CheDgTUk
-tltqabDBYXPvqAUTZHXoTznmD5S/zExYbaJwXuqW6w2qW+LFtOSjc8r3UNtUIwID
-AQABo4ICqzCCAqcwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSXS/zT1t+YVI2ztO20
-xHrSYZHZADB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEF
-BQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJ
-Q0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUw
-gYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUw
-UwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2Eu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOC
-EWFhLmxvZ2luLndpc2MuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAQPHYqdm/giHdp
-Asr17msfJN6TOQKhfcmwXf9sfN7NP3DPXPyprJRrG9JhOYUTLcOyBfh/wrpBsygs
-Pd0otc5FjWmWxa4o8kP88kH6uMfjyhmGn6iJ4mG9607oGJT50Zid+RGYHBC2rjyF
-El2lBUNcFw1sVlv2VztnROTmcMvRJgKWQXVmQrEDsxOcz9iyZ+doGTdXzry+HVc4
-Jt9BEo9GUYkneJIqVnacQq7W7jmjj5BrrZYaYKWjCG0byRhroY8pKlU2Ofoh0DMN
-snzFfdr9JEcVESxgDxhoVXyJ7ssPz1zNrSKY4Hu8TJLJmcHmcYy4dKj0B9cljIN3
-AOXk/SKr
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aa.login.wisc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 376, expires on Fri Jul 16 14:57:31 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkzCCBHugAwIBAgICAXgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNTE0NTczMVoXDTEwMDcx
-NjE0NTczMVowHDEaMBgGA1UEAxMRYWEubG9naW4ud2lzYy5lZHUwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVnepka0MqGSs9y9RIVt/siZb/BuRtBHc1
-AbyDdT8kLWlyLAEsjy8T4grOKfDb/Wb1gQkhYmo9+JFv4TD6GF5dwsV1c+BfDdwi
-/wpSG7IZBI6i+aEySfdmpx4J819yUTgYWptfL1Rk8bg9FsEaE1Z3xOdr6eRDb6Un
-KAcVB1U4bO0aO1OXQe8QV50CyopjPeAxxTnijLG0Qrmf+UakLN4T82syNyQDMUe1
-/r9E3MzvIPLYO9wtSbYmPJst7c5YuV/iRl7fNpLTWgR95HoKF4OBNSS2W2ppsMFh
-c++oBRNkdehPOeYPlL/MTFhtonBe6pbrDapb4sW05KNzyvdQ21QjAgMBAAGjggKj
-MIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJdL/NPW35hUjbO07bTEetJhkdkA
-MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQG
-EwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5D
-b21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGl
-MIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAC
-hkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEWFhLmxvZ2luLndpc2Mu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQA7DDZm8KLCPA3BfniYLOPl78t6Ke+y7u+h
-Nk4XBLY3nGsnBeKpRdWo2cvn9KjGZ5aw3UfsKyUdnqI8C7jT+sHHbQs4AwBBwDIi
-FDZVKIGkJ4b2PdRNCMVmVXQDXnwhIvI2uyyebUKygMzePWD2gQkGCdDjuEtaUE0Y
-ZiCcTRYmrOsmKvqS0MjmMzT+uC0OTQVH6YNUIMWQIkCwB8FZPo6R1wq/Xc69O4GE
-kbvxEX9W47Oy6vdGEXUUm8EXpLTjw69/ksZh4CSSstRau65TPLJoXluWNLgrV/6M
-sf57E0k4jusIiqiztntiHaU8HVseFXYNiEEezXHB4JAT74NEYA3P
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.login.wisc.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Wisconsin-Madison</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Wisconsin-Madison</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.wisc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Mike Roszkowski</GivenName>
-    <EmailAddress>roszkowski@wisc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Chris Holsman</GivenName>
-    <EmailAddress>cholsman@doit.wisc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Keith Hazelton</GivenName>
-    <EmailAddress>hazelton@wisc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- National Institutes of Health -->
-<EntityDescriptor entityID="urn:mace:incommon:nih.gov">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nih.gov</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>federation.nih.gov</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 436, expires on Sun Sep 26 18:30:39 2010 GMT -->
-          <ds:X509Certificate>
-MIIFlTCCBH2gAwIBAgICAbQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkyNTE4MzAzOVoXDTEwMDky
-NjE4MzAzOVowHTEbMBkGA1UEAxMSZmVkZXJhdGlvbi5uaWguZ292MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVVg9HrulkVEaYVsCodWCbEc1xYXio7Z
-35slZQtC/ngFcVGM/ZcshjFHtlxh680dwsha9WPpZwPG7mYfQrqtnS7nzhJ/d2+P
-cd8COZNHgiEnP5nniIJgkLZqUjaCuwjv5Ypko5ey55Ba2jbfsYDEENZtXwFKonkK
-iNFUi7EPXfR732QJUx2hpBv7VsZ/YEO9EKz6Q8Lctu/3ROlhw962Zj37ohwDdJqC
-Nkhc7ORmeXWQWvXAN2WThhVrU2nQKHtG0o8zE3qTknMPoDZ80o8WLAbvd2d0J8Tx
-6GpZBwIhUMWCJLRZTNzcn9S0pLCe6qh/VYoFiRGmVs5IWr7JtVeIJwIDAQABo4IC
-pDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQieEoa/bbq8NKpZKmHzVIe4Wy3
-6jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSB
-pTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcw
-AoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJp
-ZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRw
-Oi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Js
-cy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEB
-MEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJmZWRlcmF0aW9uLm5p
-aC5nb3YwDQYJKoZIhvcNAQEFBQADggEBACi0JhHn6pcQ66cxJTjqywct5h9wo6NK
-/1By3IT2eCHsRa1gDcdLMwub5CwZDQwVYYhEdyW2X2SEgre8FjI/hOTvbTfQe3NZ
-gBjBD9XFqoRC1Ow9CQwkVg1wEQCX1r00ET6qKVLOzLqQwIopeqno7Jwy8CuU81hz
-wlUbjZteP4uftuMOF8N18SVaLQ2j8toaklcq4092MmVSecfKSaayEU8bGlmSRUL8
-382dY7FdAMuLY9cJ9TpUrzjWEb4MucDDNOPqMLbEevasYGQ009Wi070LpAZZytQI
-4yPdDyqAZpCon9lLLxQGSluwfWI1DEbAjM/HZeK6pMtMJl24pRdW4oY=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://citdecadssolog.nih.gov/NIHSSO/sso.asp"></SingleSignOnService>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://nihlogin.nih.gov/NIHSSO/sso.asp "></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nih.gov</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>federation.nih.gov</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 436, expires on Sun Sep 26 18:30:39 2010 GMT -->
-          <ds:X509Certificate>
-MIIFlTCCBH2gAwIBAgICAbQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkyNTE4MzAzOVoXDTEwMDky
-NjE4MzAzOVowHTEbMBkGA1UEAxMSZmVkZXJhdGlvbi5uaWguZ292MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVVg9HrulkVEaYVsCodWCbEc1xYXio7Z
-35slZQtC/ngFcVGM/ZcshjFHtlxh680dwsha9WPpZwPG7mYfQrqtnS7nzhJ/d2+P
-cd8COZNHgiEnP5nniIJgkLZqUjaCuwjv5Ypko5ey55Ba2jbfsYDEENZtXwFKonkK
-iNFUi7EPXfR732QJUx2hpBv7VsZ/YEO9EKz6Q8Lctu/3ROlhw962Zj37ohwDdJqC
-Nkhc7ORmeXWQWvXAN2WThhVrU2nQKHtG0o8zE3qTknMPoDZ80o8WLAbvd2d0J8Tx
-6GpZBwIhUMWCJLRZTNzcn9S0pLCe6qh/VYoFiRGmVs5IWr7JtVeIJwIDAQABo4IC
-pDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQieEoa/bbq8NKpZKmHzVIe4Wy3
-6jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSB
-pTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcw
-AoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJp
-ZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRw
-Oi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Js
-cy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEB
-MEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJmZWRlcmF0aW9uLm5p
-aC5nb3YwDQYJKoZIhvcNAQEFBQADggEBACi0JhHn6pcQ66cxJTjqywct5h9wo6NK
-/1By3IT2eCHsRa1gDcdLMwub5CwZDQwVYYhEdyW2X2SEgre8FjI/hOTvbTfQe3NZ
-gBjBD9XFqoRC1Ow9CQwkVg1wEQCX1r00ET6qKVLOzLqQwIopeqno7Jwy8CuU81hz
-wlUbjZteP4uftuMOF8N18SVaLQ2j8toaklcq4092MmVSecfKSaayEU8bGlmSRUL8
-382dY7FdAMuLY9cJ9TpUrzjWEb4MucDDNOPqMLbEevasYGQ009Wi070LpAZZytQI
-4yPdDyqAZpCon9lLLxQGSluwfWI1DEbAjM/HZeK6pMtMJl24pRdW4oY=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://nihlogin.nih.gov/notsupported/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">National Institutes of Health</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">National Institutes of Health</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.nih.gov/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Debbie Bucci</GivenName>
-    <EmailAddress>bucci@mail.nih.gov</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Debbie Bucci</GivenName>
-    <EmailAddress>bucci@mail.nih.gov</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>NIH ISC Support</GivenName>
-    <EmailAddress>NIHISCSupport@mail.nih.gov</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://federation.nih.gov/FederationGateway">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>federation.nih.gov</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 341, expires on Sat Jun  5 18:43:47 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAVUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwNDE4NDM0N1oXDTEwMDYw
-NTE4NDM0N1owHTEbMBkGA1UEAxMSZmVkZXJhdGlvbi5uaWguZ292MIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQD2O3B7DF8dTD6xXfOrZCfQ2cxDkweZ9UzCvQ+b
-pg1uPxHw4YUEuGIRpoXYwinJDRvQLZq4tPxFGxFgiasfex+0LTtmvVRTjoIBzv28
-dLxwIj38+moQdK50NeaAZuWUvFNsEDiBNAwuhpA/DYbNqWpgUwfVh8Xjgk1eQ6Os
-i00RAwIDAQABo4ICrDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTjTcBG/Xyv
-Qr7/OggF/RyCRZJsdDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1Ud
-EQQWMBSCEmZlZGVyYXRpb24ubmloLmdvdjANBgkqhkiG9w0BAQUFAAOCAQEALiW1
-cC4Xoo0Cu9VBwArBBEqiu8eUBU7EEMg9mDy9KWglxonPTJN87PC2NebXLl11fDvr
-wRqvXKTB5KuesJzkFyxzxeACl5px9IUtvz02JRrbyfhcatFzdLto1Wo31FnxNSco
-552tddmPsG4BjHP5iHBXSnLmmXWltIzCouPbed4SUsJqQkK4sU5BS9pJSDw8MJ7P
-imVDK3H8NjJqdN7pOMS7obM32pgQzP797LUwAPtd+RnMqY83rCvBYKU7dpW/qjKN
-6KzAj3xP/toQVIiBYBOLCRi9XM5s1cLdxYn1XLLGnn/drhBDGPOMcTQTKjLaX/V7
-Lwwq0tbtOuItSvLF+A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://nihlogin.nih.gov/affwebservices/public/samlcc " index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">National Institutes of Health</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">National Institutes of Health</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.nih.gov/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Debbie Bucci</GivenName>
-    <EmailAddress>bucci@mail.nih.gov</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Debbie Bucci@mail.nih.gov</GivenName>
-    <EmailAddress>bucci@mail.nih.gov</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>NIH ISC Support</GivenName>
-    <EmailAddress>NIHISCSupport@mail.nih.gov</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://soadev.nih.gov/FederationGateway">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>citdecadsso.cit.nih.gov</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 260, expires on Mon Feb  8 21:22:24 2010 GMT -->
-          <ds:X509Certificate>
-MIIFIzCCBAugAwIBAgICAQQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIwODIxMjIyNFoXDTEwMDIw
-ODIxMjIyNFowIjEgMB4GA1UEAxMXY2l0ZGVjYWRzc28uY2l0Lm5paC5nb3YwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALOT7AB2wQ3XdDZEC7P3+PJy9dyfuBYO
-U1jZrbnxTE2bM4ZDS+yXAoCwr1UfqoJ6w7T5YQUkxvZiyFlwiTIxZ6YHwIm1MO4R
-7MRgvkgvO/MgqtOfsBagrdbO5LUWe69i/yWbPT1iABfdYdhh5ADsyk+Xp5mLI7qN
-oXJ7Y4RVB3oJAgMBAAGjggKxMIICrTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFOm2
-WcClZANEI7KgMO7WNJ6FfGTvMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-gY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-XgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8v
-aW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYw
-IgYDVR0RBBswGYIXY2l0ZGVjYWRzc28uY2l0Lm5paC5nb3YwDQYJKoZIhvcNAQEF
-BQADggEBAEdsiQk++aQwn8YnWuJp56UqZH1F8PhjmcgSDS+PWezAb+I7dr0p8oIG
-bSHeU2cieRbWLZmNzDZQJeYUxVurpI7KFcmi21GE9A8k5RMxCeVoFQzS1r/P/SlK
-NA5+wzWcUxuW+yoYCMRNmOlTgXs7m0bRRoBnRZkTsBQpAaOv2wxzhuGzFfX/VnOX
-Q5WxYNcoO7nduaxAiPVhaxt/FBek/bLkKl3oCshIRRFLLFOJgtACE8NFdE37g2Zk
-kBf0TDI4xC+lNoAPuCUQmW1uxlxrEHGR3HNTtbC1jMEgYFgiBLFo1ei6J9y4Ko22
-R3xegfMxyST9Zug+9l4MOeKPu0C8W88=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://citdecadssolog.nih.gov/affwebservices/public/samlcc " index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">National Institutes of Health</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">National Institutes of Health</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.nih.gov/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Debbie Bucci</GivenName>
-    <EmailAddress>bucci@mail.nih.gov</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- 9Star Research Inc. -->
-<EntityDescriptor entityID="urn:mace:incommon:idp.protectnetwork.org">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">idp.protectnetwork.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>incommon-aa.protectnetwork.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 377, expires on Fri Jul 16 14:58:05 2010 GMT -->
-          <ds:X509Certificate>
-MIIFKTCCBBGgAwIBAgICAXkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNTE0NTgwNVoXDTEwMDcx
-NjE0NTgwNVowKTEnMCUGA1UEAxMeaW5jb21tb24tYWEucHJvdGVjdG5ldHdvcmsu
-b3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Ymh3z58gH2IR7na6dVdj
-oJnuMoB1OreRl6Sv9OZTHQv5PMV30mZrlFMU4feiF4UINhBkgaBrLGXC0hDNNodI
-91hhY9gpiJZPjLlxvCT9zUCBAVvoKzJujev098kBgm8l44LLpFKRB+8DGeGV2n9Q
-o6qERUXLlQ8oR82ZgEqQJQIDAQABo4ICsDCCAqwwDgYDVR0PAQH/BAQDAgWgMAwG
-A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
-DgQWBBQb9vrc/mK8Cux5u9KLvGjqjBywPjB+BgNVHSMEdzB1gBSTLchhGK1j45tl
-s53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9u
-IEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDov
-L2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRz
-L2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAp
-BgNVHREEIjAggh5pbmNvbW1vbi1hYS5wcm90ZWN0bmV0d29yay5vcmcwDQYJKoZI
-hvcNAQEFBQADggEBAFQCRL5jJpjF7ygte2umrmumCMHXh2KTKmQveucj6Vbkyv6X
-hj/3ormC1RTgPTTaN7rfTCt5Yxa/JJ/La9BVLryNuMU4L6RdQREZKPLuVPq55ELg
-cC1Br9juDk7p57cSuoNxCYce2q9eu7lO/mNyutwcg6n0PCSQGOQYxfnL7gQczUdm
-CBsV96+ymXh6CF5uaKbc+elQAugKcmxkFvtH7fOG7zZYmlGbZ08V+vGoWWqVAN82
-0Aj/gT0dpO4eF03FBl/VkRWGpnXCEZcIP6kXYxfYFP7kDEDg7DzX39G2YyjWBLip
-57x1+qQ10dWSVo0rl0Ep2leRhwhcWf1lzadqD0k=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://incommon-aa.protectnetwork.org:8443/protectnetwork-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.protectnetwork.org/protectnetwork-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">idp.protectnetwork.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>incommon-aa.protectnetwork.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 377, expires on Fri Jul 16 14:58:05 2010 GMT -->
-          <ds:X509Certificate>
-MIIFKTCCBBGgAwIBAgICAXkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNTE0NTgwNVoXDTEwMDcx
-NjE0NTgwNVowKTEnMCUGA1UEAxMeaW5jb21tb24tYWEucHJvdGVjdG5ldHdvcmsu
-b3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Ymh3z58gH2IR7na6dVdj
-oJnuMoB1OreRl6Sv9OZTHQv5PMV30mZrlFMU4feiF4UINhBkgaBrLGXC0hDNNodI
-91hhY9gpiJZPjLlxvCT9zUCBAVvoKzJujev098kBgm8l44LLpFKRB+8DGeGV2n9Q
-o6qERUXLlQ8oR82ZgEqQJQIDAQABo4ICsDCCAqwwDgYDVR0PAQH/BAQDAgWgMAwG
-A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
-DgQWBBQb9vrc/mK8Cux5u9KLvGjqjBywPjB+BgNVHSMEdzB1gBSTLchhGK1j45tl
-s53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9u
-IEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDov
-L2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRz
-L2NhLWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAp
-BgNVHREEIjAggh5pbmNvbW1vbi1hYS5wcm90ZWN0bmV0d29yay5vcmcwDQYJKoZI
-hvcNAQEFBQADggEBAFQCRL5jJpjF7ygte2umrmumCMHXh2KTKmQveucj6Vbkyv6X
-hj/3ormC1RTgPTTaN7rfTCt5Yxa/JJ/La9BVLryNuMU4L6RdQREZKPLuVPq55ELg
-cC1Br9juDk7p57cSuoNxCYce2q9eu7lO/mNyutwcg6n0PCSQGOQYxfnL7gQczUdm
-CBsV96+ymXh6CF5uaKbc+elQAugKcmxkFvtH7fOG7zZYmlGbZ08V+vGoWWqVAN82
-0Aj/gT0dpO4eF03FBl/VkRWGpnXCEZcIP6kXYxfYFP7kDEDg7DzX39G2YyjWBLip
-57x1+qQ10dWSVo0rl0Ep2leRhwhcWf1lzadqD0k=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://incommon-aa.protectnetwork.org:8443/protectnetwork-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">9Star Research Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">ProtectNetwork</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.protectnetwork.org</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Tech Support</GivenName>
-    <EmailAddress>incommon@protectnetwork.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Kaustav Ghoshal</GivenName>
-    <EmailAddress>kaustav@9starresearch.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Apple Computer, Inc. -->
-<EntityDescriptor entityID="urn:mace:incommon:apple.com">
-  <IDPSSODescriptor errorURL="http://discussions.apple.com/category.jspa?categoryID=211" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">apple.com</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>pbs.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 295, expires on Mon Apr  5 15:09:19 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAScwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwNDE1MDkxOVoXDTEwMDQw
-NTE1MDkxOVowGDEWMBQGA1UEAxMNcGJzLmFwcGxlLmNvbTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAsiN9v7BgwFjpwCTaX8RuTIySKU4W6/u2cXlQhrDDJxyh
-ijiq5k05UV9feE4vuQtX3ay2FZRfIo1JwcmhuL5Kq+DKKfDPrIxvdlOzCb34eo66
-H4IJ56ljPJComx/ursgB+7l29/69B3rlJJDCLAjjhiLcW7ty+VIPSk1rxaw8iRsC
-AwEAAaOCAqcwggKjMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUyNYlBFkqeZ8XdxPU
-WANUiutUPv8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJ
-CUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAYBgNVHREEETAP
-gg1wYnMuYXBwbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCgYh/5mVYynrX+sdke
-iocb10d761/9gmiPYJRMJ+ggyuM4DLWFayQZ4MPmnadBqcZk3GT5BxGYZndTRDCq
-nfK+xEec8yLb0jxt4IkNIPUJpDa7OYUOBBVySV9tan4AtuvqVF12iBfTWK4+LeOU
-SNhRQgsImmoLc3dfaek9kkQy2Y3ziD1Eg1ZfGcg7Ak26OwNbsv3DjV0MI3iCdvN0
-w/IeK8r3VXIubB2ipQsJYswVk+rnzMO7VzUb36kGB998C0BPPqLaY/woavM/v5La
-w7rbBSSI+xrcsReVOZGS0SwLBBT/vm1iRDeEX0L8hlZEkL4LtrRwEs0GlaHaaHAS
-7Tv6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://pbs.apple.com/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">apple.com</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>pbs.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 295, expires on Mon Apr  5 15:09:19 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAScwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwNDE1MDkxOVoXDTEwMDQw
-NTE1MDkxOVowGDEWMBQGA1UEAxMNcGJzLmFwcGxlLmNvbTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAsiN9v7BgwFjpwCTaX8RuTIySKU4W6/u2cXlQhrDDJxyh
-ijiq5k05UV9feE4vuQtX3ay2FZRfIo1JwcmhuL5Kq+DKKfDPrIxvdlOzCb34eo66
-H4IJ56ljPJComx/ursgB+7l29/69B3rlJJDCLAjjhiLcW7ty+VIPSk1rxaw8iRsC
-AwEAAaOCAqcwggKjMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUyNYlBFkqeZ8XdxPU
-WANUiutUPv8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJ
-CUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAYBgNVHREEETAP
-gg1wYnMuYXBwbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCgYh/5mVYynrX+sdke
-iocb10d761/9gmiPYJRMJ+ggyuM4DLWFayQZ4MPmnadBqcZk3GT5BxGYZndTRDCq
-nfK+xEec8yLb0jxt4IkNIPUJpDa7OYUOBBVySV9tan4AtuvqVF12iBfTWK4+LeOU
-SNhRQgsImmoLc3dfaek9kkQy2Y3ziD1Eg1ZfGcg7Ak26OwNbsv3DjV0MI3iCdvN0
-w/IeK8r3VXIubB2ipQsJYswVk+rnzMO7VzUb36kGB998C0BPPqLaY/woavM/v5La
-w7rbBSSI+xrcsReVOZGS0SwLBBT/vm1iRDeEX0L8hlZEkL4LtrRwEs0GlaHaaHAS
-7Tv6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://pbs.apple.com/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Apple Computer, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Apple Computer, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.apple.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Yuemin Yu</GivenName>
-    <EmailAddress>itunesu-shib@group.apple.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://aquamarine.apple.com/incommon">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aquamarine.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 247, expires on Thu Jan 14 20:38:59 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAPcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDExNDIwMzg1OVoXDTEwMDEx
-NDIwMzg1OVowHzEdMBsGA1UEAxMUYXF1YW1hcmluZS5hcHBsZS5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAPAeluCampn3eVyCb34O7Ga0kWek95rM+1s1
-5LiisKuEB9l4oFNeiMXJzZHSX5AMch7ATbvKdInC+tPl4PM4GxcVS/16PvYQlu1w
-K2tsMAcAK8IPAYSXJ0nj8iQPx8mrxsEVpUFSYQUqcVTeFuY0e2FiTsjD5Z6MKaa9
-3wFc5kHhAgMBAAGjggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFKcbgfnW
-PxbllhcywqEmpXxzb232MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYD
-VR0RBBgwFoIUYXF1YW1hcmluZS5hcHBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEB
-AFm5bwSbinhb2CXghMT79IFUDMsS9tagtvWgl22x2TY85T6k2QzZSCqwM3nPgw/x
-C2UTIow7/HVmKMaIIrd88ZJST22LnI6c6FKIFdsAwslS8SH2CN/yKmgIPenuhj2Y
-h6q+qvCafpp4SmhI1RZQyoyzPJ94X5JXjtvspBU1T1dhqcbkRkMtrDlVwjaFgAy3
-z0CAjMBv32kXO2Hytht70yJX0LHikO/IV7ahq5n0ICjweZSHC0Vo0I7Q7BokVQsO
-RRFfO5T6x3t1ytqOaL+wi9fK7AYe4GSLybsc0r/TVexuHRUes6ijY9AXf503WqvY
-9iFSsTg34geJoKlmL5GHYB8=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aquamarine.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 397, expires on Thu Aug  5 18:39:05 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFTCCA/2gAwIBAgICAY0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgwNDE4MzkwNVoXDTEwMDgw
-NTE4MzkwNVowHzEdMBsGA1UEAxMUYXF1YW1hcmluZS5hcHBsZS5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALlUIn8pF7ba4HLFPSMdL5UCHuZzt+TdhTUe
-3Igqco/lRRrNTBFJ1+XY0lvsHRgYNK1fB0aktO0g4PK9oIzpjbOrcGN2DIlXIMIL
-YKGtPPTcMlCE+6GEMqVKReZ2EWgUDwyf4U32/MyLgu2tIgg9wzXY2VITtMEYdf9L
-KKx6ZqOjAgMBAAGjggKmMIICojAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFOMx3v6E
-6TT0M9KSK09Cf9/WM11ZMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUw
-gYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUw
-UwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2Eu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB8GA1UdEQQYMBaC
-FGFxdWFtYXJpbmUuYXBwbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCFQ24F2+kD
-RJtRTv5P/iyJFUlHjUUBixdmEYKnYKz/qaTdjXFwOQWuuUrecHsWkAIF07ATsGzh
-XXzBXHYUgtKpFjNU5WPUjjGy9/1tgvUjtuAloyOBaxYQw4fsVuU3HHvDN+Rl7a9z
-qrMwhT07bNWQXsbRwfQfOu4JVXq2/FjyqEjdYr8Sb9QmfpmpndQuSSJZurGARO+H
-GuwQD5kwpbEq2EfaR+eBKSs4ngkkd+EweYWQx/KiaoWyLhPCnpySIcZhnZTP8nMa
-La22y/IT5qD2gYrK1rvfiycqbRAE4IyJD6iYIfVTnv/upzOJHrH7+Ybrk6SFGuze
-2pmDYqPDqa8+
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://aquamarine.apple.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://aquamarine.apple.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Apple Computer, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Apple Computer, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.apple.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Yuemin Yu</GivenName>
-    <EmailAddress>itunesu-shib@group.apple.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://deimos.apple.com/incommon">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>deimos.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 201, expires on Fri Aug 15 13:35:11 2008 GMT -->
-          <ds:X509Certificate>
-MIIFMjCCBBqgAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgxNjEzMzUxMVoXDTA4MDgx
-NTEzMzUxMVowODELMAkGA1UEBhMCVVMxDjAMBgNVBAoTBUFwcGxlMRkwFwYDVQQD
-ExBkZWltb3MuYXBwbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu
-lSa4gMZnGjVoZRqks6rUicoQrdsmJz4XwGsCUmEXbIFRDWF7RWCVHY5vtX2yWuND
-vgfNkLcQjDbQVWKBBUhyxlv2R5vRZq0BAnaZP54Bv1IsAVf7947DR+LLNE4PG8xT
-noALyIHfyetrKpBQJZeIDvrbUQBT1DrErLbURMBQlwIDAQABo4ICqjCCAqYwDgYD
-VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
-CCsGAQUFBwMCMB0GA1UdDgQWBBT+oc6ztht5KHZDKq3KG4crL7NZsjB+BgNVHSME
-dzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAa
-BgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYI
-KwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVS
-STpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMBsGA1UdEQQUMBKCEGRlaW1vcy5hcHBsZS5j
-b20wDQYJKoZIhvcNAQEFBQADggEBADwaWshSoan8QcAiHuaCGfK5BY44z9BW003S
-GNMS+XHxmu1woMDwCw7uXXyaM39QlVDVDLSILERoaXcKky/6P4cs6E7X23PvDHM2
-HHR5hm+iDQNQgtA2Fx+EP4Oqm3Mub3rmqC2j7Ei8qDT3NEXfS97i3ZmElAws48cx
-6BWLUD118SyO2NxCtIY+gR0Tnf930QHIdabdcj9o+CNWaVMBzYHtDG30l+y2mcko
-bvKXHg7Xx1PM3KXkKIn4ZUKnz7/v1HNHNeE9n+//Mb8etUxcePiBwj46A9+6PAUp
-9wMNcdY6kssR6ZPPyiiq8jGwm0qBgTtjGVYuMrKpCRgy5LZdP0k=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>deimos.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 398, expires on Thu Aug  5 18:40:42 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICAY4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgwNDE4NDA0MloXDTEwMDgw
-NTE4NDA0MlowGzEZMBcGA1UEAxMQZGVpbW9zLmFwcGxlLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA7oxJrzZBRpo74TG0IQvnloS+qRpQIW2mCJDjIl2B
-el2GLjBZdjNvcTH66T5U+LRGWBuzgSxpT6DSEb9HUkJTfFJVGeSTCxizhT8nxbJC
-mpPQVeZ9+kiaJzHQFEmLz1nYXT8yIuawFrJsERvAZFuTVKKtFlUhT3PWzJOZQa0e
-ZN0CAwEAAaOCAqIwggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUIcoR2Cu35Xfs
-8XQ6ks7gDd5+MAIwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQZGVp
-bW9zLmFwcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEArUfaqE4KRt/0dWlE2FM0
-JXR6XsxqiI/fbZWcZBnc/7Gay0+RhXz99YSwGr6JgEP7kgEOXlbWIKNYhOoGzpc0
-YTDsGDU1RdUxgbq2W1HiQxIDH8joSd1zeeYTzcj/oYgDpSWOKdUcZge7ramnqDZC
-tkL7ggnwjNpIShBnErfYOfdWw6ekJqWPnMy37b3XcsI7Cykzpzn0ivE4i6dRVTaX
-pXBwj2REdPX6eSO14UVzAebBLgJs61lHBFAGRmoQHBxYgN0JtRUgK8ZI2d98z38r
-v3KLnSOjP1HZxQgVwcKoZdlXvFBgJ2tKuBtL9iBhvkyXYWAaQ49iFzLMv5oq2Y2i
-7A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://deimos.apple.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://deimos.apple.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Apple Computer, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Apple Computer, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.apple.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Yuemin Yu</GivenName>
-    <EmailAddress>itunesu-shib@group.apple.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://indigo01.apple.com/incommon">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>indigo01.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 203, expires on Fri Aug 15 13:35:22 2008 GMT -->
-          <ds:X509Certificate>
-MIIFNjCCBB6gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDgxNjEzMzUyMloXDTA4MDgx
-NTEzMzUyMlowOjELMAkGA1UEBhMCVVMxDjAMBgNVBAoTBUFwcGxlMRswGQYDVQQD
-ExJpbmRpZ28wMS5hcHBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMJfscvoDN1vzSZ7rFuJfGuq/Demep+mPocj9TPlLiV+ciZETwmoq0CYsUWpJk/0
-RLFKYkSRJ3FuWYvOY7S8HLDu8XVdaNHIAvaGomBHi/KpHRPda9FI312i9+cgaoQd
-b4mXRq1lTeuX4ySYu6ZD37/Kp5KQBmX0JbE3rTIWqqwnAgMBAAGjggKsMIICqDAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFDHNMAoOyEca9Ia4YBV2PoAG42rVMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGn
-BggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0g
-VVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHQYDVR0RBBYwFIISaW5kaWdvMDEuYXBw
-bGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCFNwH/pPsUw8ES9j/IpzNiefDpmAqr
-f/CyAbiO2ejcO7wQW2q95q9xmESNp0QjAuljNZ03w0lna2elgf6IFyWMf0LgT3ZE
-YyJWhuVAeoI/UlcDMvfwRhvlouNE/kZlvq6AznI/ljuJv9pXCu5rURwr1evrrORj
-Ce5VkYy3OJpxrxzdUODXXGFscTQ2+5mHaQQWIpxFEahk/lyM2TzGCGtSGD1+cIm8
-9Z47Si9HgtVzLkzkacfWuOLykWIZZVzdiBVfTKqT7JCHFRxd1piUqcHcJP1AbohW
-5zLK5nF8GTA8+wg+wpIxAVttORCHYR2sCs3iZOWS0M7xsRpTAtGs8v/E
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>indigo01.apple.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 399, expires on Thu Aug  5 18:40:48 2010 GMT -->
-          <ds:X509Certificate>
-MIIFETCCA/mgAwIBAgICAY8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgwNDE4NDA0OFoXDTEwMDgw
-NTE4NDA0OFowHTEbMBkGA1UEAxMSaW5kaWdvMDEuYXBwbGUuY29tMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDNIcS3LXh0dh6OhjQh9cmO4CPcTwhQ+gD0VrsI
-uMrDye0xwc83gSAa/nUPvhJGCNzlxHoXgizfTYp2IOI4l/YUAldTSAvwV+hiafyn
-VGdPsn/AicdV2d+2/Xn8yq38uo5XQAx53sIIiWsfvZmZQheGig6HOxIHYyXgRLmU
-dagjdwIDAQABo4ICpDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBS09NZ/HVsP
-JO1He+ztV6nbJY3evDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGy
-BggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2Ex
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGC
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMG
-CysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJp
-bmRpZ28wMS5hcHBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEBADzZkLR1hVHvfobQ
-K+8EjUoUfkvPB6fvcppxioV6e5E0fh3Lh3LCfIVhpK75xGsswPtZGhwFCjkpqyif
-2meOtfBiUaPEP9B3ur7HJ+OyfJkOIc7BBlBjLHzdotkn7xIX4SfsMWWRukq1aife
-bvEBpg8k7R2tjn/t2OZyyqcIxW7TmXba/x+1uScCdTf5M4FFMaJMgP3tc66JXqV4
-DrixcfSMPo2A831o3RpGA8Ovcqs8foYhxYdQrk5De2wr71gA/mZdOymoCYZFFxAk
-WGTwIjIdbIp1Vh3gNxkDvDbwWJFWgNXHFBxAgU+wHDbXF6IR/Rsc+HsKpjGKxetJ
-l9cwoQA= 
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://indigo01.apple.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://indigo01.apple.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Apple Computer, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Apple Computer, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.apple.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Yuemin Yu</GivenName>
-    <EmailAddress>itunesu-shib@group.apple.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Students Only Inc. -->
-<EntityDescriptor entityID="https://shib.studentsonly.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.studentsonly.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 290, expires on Mon Mar 29 20:22:31 2010 GMT -->
-          <ds:X509Certificate>
-MIIFozCCBIugAwIBAgICASIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMyODIwMjIzMVoXDTEwMDMy
-OTIwMjIzMVowIDEeMBwGA1UEAxMVc2hpYi5zdHVkZW50c29ubHkuY29tMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9M8bA2E+JURcPRpPAUQcSCtWC/jE
-X7sHEnGpIVJ2qKeO5H2VDfuQvY4TGNSi+1pSgmzSjl49hH69YjXzMszL4aVrYnsj
-9oxybXercaGnNX6/IGjS8dlr6zN0XrJKYPwlxQ3XBR1vmXP36HhhVPAr5zjMdCaC
-keIqRAqxvJtPaAr2Ufi6xau+PHH3N5qiT7RMfFmWpAukT67kGQRPS4U0inUH5Mvr
-9GvVdFXi15cZyVmM2FygeI0dFinFDfZOEHokS9uLS7OwRAU2ITiJvo7JNs0Nd93i
-slnnIpW6oGwg5pXWsHF6x5WdMxnz7Y31ABHWGSB2PcS0+PSZB5onAo9tnwIDAQAB
-o4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSqkGunhBSe3fItezny+Orm
-pulCtTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcB
-AQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0Eg
-SXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAGA1UdEQQZMBeCFXNo
-aWIuc3R1ZGVudHNvbmx5LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAI9MckIesS2/a
-H/cwcnLBZAmOdLdaMh5048PtisBxXuQw2R+gfnHJfUGZOKw8xisMhIuVy5VJWsmC
-4Ox6GzYQMzSb1Ihce7PldIADAJ22qZ7pokL9v+lxk+hEt5qwXH7CZGlkEfEgHsmq
-cx9kYEeNXqDrbwt3BYyOncy2sISY3bVbyZAknmKIPUaZjJKgPqlSln8kIWQ9lJ0H
-Elya5/6jZIt89yoacaMKxGptp13EKWATHaWJQ3o9U+KgSXq7K22jGs/9sShv0SBf
-oZ1kOme78YmtJwxvxSc3Do43GEWEfrOJhcdVrOHHvci1QK0wuKsDaVLjoKx3m/LA
-3TLSxm0lmg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.studentsonly.com:9443/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://shib.studentsonly.com:9443/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Students Only Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Students Only Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://studentsonly.com/web/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Incommon Admin</GivenName>
-    <EmailAddress>Incommon.Admin@studentsonly.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Incommon Admin</GivenName>
-    <EmailAddress>Incommon.Admin@studentsonly.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Incommon Admin</GivenName>
-    <EmailAddress>Incommon.Admin@studentsonly.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Columbia University -->
-<EntityDescriptor entityID="urn:mace:incommon:columbia.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">columbia.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.columbia.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 471, expires on Sun Dec  5 20:08:56 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAdcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIwNDIwMDg1NloXDTEwMTIw
-NTIwMDg1NlowIjEgMB4GA1UEAxMXc2hpYmJvbGV0aC5jb2x1bWJpYS5lZHUwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6CDgdxIKO5czgY43NYwy3wJhf
-DqZZKWZ0u9nHkuonZbB6n6MY3ys9TJP3FIr23l82m6thrPK0YCtoUFW9PVmQ2zX9
-6T2MQ2y30P/a9d62hJIhcjZ4FTEkNJsN+XMfFYW7VYUIK41vj2fd0GGmZtbJKjvV
-9l8SU6PVKh7gr7lDbEbuRMNlfUTdlWx9KkDeyYQ5fXvMJuIEiZtHY91cgreeVce8
-ZDPahqjWGcqbtxm5OywaaXnPIOovyJjHNTOFan0ZYNBf8xypCd/rWdu3gHELCBrT
-Zp1jeYZQa4c4YYyCUyUQzqbl4GDudZYlJimHMkbRJZRkz5i6OZ7mB+vI3cwVAgMB
-AAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFG3D3H4vNbf3KaFDl45z
-zwK2bLKwMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUF
-BwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsG
-AQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQbMBmCF3NoaWJib2xl
-dGguY29sdW1iaWEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAYwZiO5sVJpxE2T5TD
-J8eMY1vtaf3vjQQHfthy1J6FN1L4NC1ifGuH1n+RnSoP2QkOFOKi5YY+nFl/dZaA
-4lwZk/azjmb1IsX1iYJIwRbz2ovGNidc8agWC5WVFoVjgC1DSt/lF9qkqsxwfr7K
-+r+rWorHcWZ/GNKo/u9AUnoARt7eWzax1zffW5GI5AZ7tfC6yZkMKqnrtFWlxmOy
-GcH+l8/Io2KIp4MKCZKLUK2rerwtHjORHSwQMh5IH00KoPxC7kZn8wcvwxsIW0YD
-bRV9TrbQ6U4LaVddyijduVNbmveX2UtlxSga4YMPXVAHuROveNunureeR9LYr602
-YVcA
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.columbia.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.columbia.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">columbia.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.columbia.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 471, expires on Sun Dec  5 20:08:56 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAdcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIwNDIwMDg1NloXDTEwMTIw
-NTIwMDg1NlowIjEgMB4GA1UEAxMXc2hpYmJvbGV0aC5jb2x1bWJpYS5lZHUwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6CDgdxIKO5czgY43NYwy3wJhf
-DqZZKWZ0u9nHkuonZbB6n6MY3ys9TJP3FIr23l82m6thrPK0YCtoUFW9PVmQ2zX9
-6T2MQ2y30P/a9d62hJIhcjZ4FTEkNJsN+XMfFYW7VYUIK41vj2fd0GGmZtbJKjvV
-9l8SU6PVKh7gr7lDbEbuRMNlfUTdlWx9KkDeyYQ5fXvMJuIEiZtHY91cgreeVce8
-ZDPahqjWGcqbtxm5OywaaXnPIOovyJjHNTOFan0ZYNBf8xypCd/rWdu3gHELCBrT
-Zp1jeYZQa4c4YYyCUyUQzqbl4GDudZYlJimHMkbRJZRkz5i6OZ7mB+vI3cwVAgMB
-AAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFG3D3H4vNbf3KaFDl45z
-zwK2bLKwMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUF
-BwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsG
-AQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQbMBmCF3NoaWJib2xl
-dGguY29sdW1iaWEuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAYwZiO5sVJpxE2T5TD
-J8eMY1vtaf3vjQQHfthy1J6FN1L4NC1ifGuH1n+RnSoP2QkOFOKi5YY+nFl/dZaA
-4lwZk/azjmb1IsX1iYJIwRbz2ovGNidc8agWC5WVFoVjgC1DSt/lF9qkqsxwfr7K
-+r+rWorHcWZ/GNKo/u9AUnoARt7eWzax1zffW5GI5AZ7tfC6yZkMKqnrtFWlxmOy
-GcH+l8/Io2KIp4MKCZKLUK2rerwtHjORHSwQMh5IH00KoPxC7kZn8wcvwxsIW0YD
-bRV9TrbQ6U4LaVddyijduVNbmveX2UtlxSga4YMPXVAHuROveNunureeR9LYr602
-YVcA
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.columbia.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Columbia University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Columbia University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.columbia.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Andrew Johnston</GivenName>
-    <EmailAddress>andrew@columbia.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Rama Balasubramanian</GivenName>
-    <EmailAddress>rb2684@columbia.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- James Madison University -->
-<EntityDescriptor entityID="urn:mace:incommon:jmu.edu">
-  <IDPSSODescriptor errorURL="https://itfederation.jmu.edu/shiberror.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">jmu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>itfederation.jmu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 228, expires on Wed Nov 19 21:08:22 2008 GMT -->
-          <ds:X509Certificate>
-MIIFTTCCBDWgAwIBAgICAOQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTEyMDIxMDgyMloXDTA4MTEx
-OTIxMDgyMlowTzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGEphbWVzIE1hZGlzb24g
-VW5pdmVyc2l0eTEdMBsGA1UEAxMUaXRmZWRlcmF0aW9uLmptdS5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAMDAPXs3VDRTLbeGLGZFwLTfj+0tbKk7QzGq
-QXoOXtwWeY3PBCiCA0oz3b0CN+Y0A2xZiXJ4DQ9OjMIU5FNEjNftIJK/9M3a0Oeq
-mfEP5yvxzd1xYWdDbkihblyAErTvd9/42rtcXh8iGQsj+jwJQsPFOCDwYLlUyLlH
-HtzUSV+lAgMBAAGjggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFCkSLM9D
-M05+yWXuOPO7BCozEKoJMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYD
-VR0RBBgwFoIUaXRmZWRlcmF0aW9uLmptdS5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AFHZ4yBTXdS0a570ZGv6MKKobiwtKfSf7s2hoqpWNETtm37cyscMb1VPehPOssWb
-fVzKY4JDTZEmr6BF9SC2U9kZhafsQkmuTgTjm9mtDRsVaG0qw2RqiBR+Tf2KbduL
-UrQN9d8wwoeFxZBFZXMqcbp/NyTvKI4gr39XjOdaPurKtNGqFpD8O6elCcxTB7zP
-65dcdQWavdx/QlbwbRyDlFmqeaBGT0ApZ1h27X4/fk6zc7GrbTiyGnzKjg9wiRne
-2dTF1gIz9ejZL8+1sx0orXhJpQwD7+GUXYMIZisCEpYnWs6SGdfIxfFNpjvWDSft
-YxZKxFxlOwz8KlWbQLyZC6Q=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://itfederation.jmu.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">jmu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>itfederation.jmu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 228, expires on Wed Nov 19 21:08:22 2008 GMT -->
-          <ds:X509Certificate>
-MIIFTTCCBDWgAwIBAgICAOQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTEyMDIxMDgyMloXDTA4MTEx
-OTIxMDgyMlowTzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGEphbWVzIE1hZGlzb24g
-VW5pdmVyc2l0eTEdMBsGA1UEAxMUaXRmZWRlcmF0aW9uLmptdS5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAMDAPXs3VDRTLbeGLGZFwLTfj+0tbKk7QzGq
-QXoOXtwWeY3PBCiCA0oz3b0CN+Y0A2xZiXJ4DQ9OjMIU5FNEjNftIJK/9M3a0Oeq
-mfEP5yvxzd1xYWdDbkihblyAErTvd9/42rtcXh8iGQsj+jwJQsPFOCDwYLlUyLlH
-HtzUSV+lAgMBAAGjggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFCkSLM9D
-M05+yWXuOPO7BCozEKoJMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYD
-VR0RBBgwFoIUaXRmZWRlcmF0aW9uLmptdS5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-AFHZ4yBTXdS0a570ZGv6MKKobiwtKfSf7s2hoqpWNETtm37cyscMb1VPehPOssWb
-fVzKY4JDTZEmr6BF9SC2U9kZhafsQkmuTgTjm9mtDRsVaG0qw2RqiBR+Tf2KbduL
-UrQN9d8wwoeFxZBFZXMqcbp/NyTvKI4gr39XjOdaPurKtNGqFpD8O6elCcxTB7zP
-65dcdQWavdx/QlbwbRyDlFmqeaBGT0ApZ1h27X4/fk6zc7GrbTiyGnzKjg9wiRne
-2dTF1gIz9ejZL8+1sx0orXhJpQwD7+GUXYMIZisCEpYnWs6SGdfIxfFNpjvWDSft
-YxZKxFxlOwz8KlWbQLyZC6Q=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://itfederation.jmu.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">James Madison University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">James Madison University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.jmu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Unix/Linux Group</GivenName>
-    <EmailAddress>linux-root-l@jmu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Helpdesk</GivenName>
-    <EmailAddress>helpdesk@jmu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Lawrence Berkeley National Laboratory -->
-<EntityDescriptor entityID="urn:mace:incommon:lbl.gov">
-  <IDPSSODescriptor errorURL="http://login.lbl.gov/incommon/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">lbl.gov</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.lbl.gov</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 266, expires on Fri Feb 26 21:06:59 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAQowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIyNjIxMDY1OVoXDTEwMDIy
-NjIxMDY1OVowGDEWMBQGA1UEAxMNbG9naW4ubGJsLmdvdjCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAv8BTqaDaMakSF3Pz0j0C2SSfKjIQnuPtHKkIulx0TmGe
-lhAx7bajbSMLSwxAoeprNQOmM97hlNQb/VEGtt1Tey9jK5qaA7E7iEiqB50FY5lr
-4snbWN1vgrKj86WBGPd3vwdCL/Rfd77PAa7H0MwvQk/FPbbnRnb7w5UxxeK7FxsC
-AwEAAaOCAqcwggKjMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUL8ePWOyiQ1yTqoni
-lE+3PskSqw4wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJ
-CUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAYBgNVHREEETAP
-gg1sb2dpbi5sYmwuZ292MA0GCSqGSIb3DQEBBQUAA4IBAQA6kww3iR6787BsSf/W
-mnooYfkIIvsf4WVtBpa1gRrJQE/E/yCBlMXbsZNeFR9yZI52UCdHTY88Qlzjo23r
-lBP9y6GiX8RIegiJK1ZEMnJ5uAGbxHRKQoEOgwRFeKSGb+9WyCV4UZyNUaJDid2G
-QjYwpmICNgLdWMQHWt68WEzLU6YLbRZdZaIbNBxkSXL5JsIQ+JqdhkM45O4zauXQ
-9poN+kUXsP/k0OT6lSWywGlP5X4NlC6DOa+a3mQZACq9GsQrIJ6/H58J4vJjXc7Z
-7mLiqP95E3qXd3mp2KoH+qIgPLlh6VYAg8mirld+sgN45HtAAy5C9XywmIqoiSyM
-0srQ
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.lbl.gov:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://login.lbl.gov/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">lbl.gov</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.lbl.gov</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 266, expires on Fri Feb 26 21:06:59 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAQowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIyNjIxMDY1OVoXDTEwMDIy
-NjIxMDY1OVowGDEWMBQGA1UEAxMNbG9naW4ubGJsLmdvdjCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAv8BTqaDaMakSF3Pz0j0C2SSfKjIQnuPtHKkIulx0TmGe
-lhAx7bajbSMLSwxAoeprNQOmM97hlNQb/VEGtt1Tey9jK5qaA7E7iEiqB50FY5lr
-4snbWN1vgrKj86WBGPd3vwdCL/Rfd77PAa7H0MwvQk/FPbbnRnb7w5UxxeK7FxsC
-AwEAAaOCAqcwggKjMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUL8ePWOyiQ1yTqoni
-lE+3PskSqw4wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
-BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJ
-CUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAYBgNVHREEETAP
-gg1sb2dpbi5sYmwuZ292MA0GCSqGSIb3DQEBBQUAA4IBAQA6kww3iR6787BsSf/W
-mnooYfkIIvsf4WVtBpa1gRrJQE/E/yCBlMXbsZNeFR9yZI52UCdHTY88Qlzjo23r
-lBP9y6GiX8RIegiJK1ZEMnJ5uAGbxHRKQoEOgwRFeKSGb+9WyCV4UZyNUaJDid2G
-QjYwpmICNgLdWMQHWt68WEzLU6YLbRZdZaIbNBxkSXL5JsIQ+JqdhkM45O4zauXQ
-9poN+kUXsP/k0OT6lSWywGlP5X4NlC6DOa+a3mQZACq9GsQrIJ6/H58J4vJjXc7Z
-7mLiqP95E3qXd3mp2KoH+qIgPLlh6VYAg8mirld+sgN45HtAAy5C9XywmIqoiSyM
-0srQ
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.lbl.gov:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Lawrence Berkeley National Laboratory</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Lawrence Berkeley National Laboratory</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.lbl.gov/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>James Lee</GivenName>
-    <EmailAddress>jelee@lbl.gov</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Greg Haverkamp</GivenName>
-    <EmailAddress>gahaverkamp@lbl.gov</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>James Lee</GivenName>
-    <EmailAddress>jelee@lbl.gov</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Moss Landing Marine Laboratories -->
-<EntityDescriptor entityID="urn:mace:incommon:mlml.calstate.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">mlml.calstate.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp-mlml.calstate.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 421, expires on Fri Sep  3 18:12:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICAaUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwMjE4MTI0NloXDTEwMDkw
-MzE4MTI0NlowIDEeMBwGA1UEAxMVaWRwLW1sbWwuY2Fsc3RhdGUuZWR1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3+H/xWSJk24Zn3Y+uN6QtEjp1e054Y8eA
-ZaCX8i7IqdD61q4B8AojKYFqzMshq5OyoZh4RXOkluohwRgn8FJD5AUuCiFx4G7w
-TZWx6cYimaw1pUv0625c4a5bn7LMAegevY49K9juDNIUtUVMhBNPW+17f6iMBPa2
-SmM53YcLqQIDAQABo4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQoC+H+
-jQcA9IWSfHw5h2dpweRfsDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAX
-ghVpZHAtbWxtbC5jYWxzdGF0ZS5lZHUwDQYJKoZIhvcNAQEFBQADggEBABobAEBq
-FaLOCsj/mLeLWtGGcoh1V5r16vT3a/abrg5/12w1THq9xJEfNc/GFkGRSeroV5pS
-AuPkWXgLGyCoCcY5CprrthPN+aJq4p9G6Ljsx+wNTLIRWLqCPMXIQHml1JX1SqA/
-nRIRAdQHNOBSK4rOmfl45i3OpFullmOpMj0lZPRL8M4mglG1PaOlx4314jDDEth6
-7P5tMsoElM2QA43ldwT+aCvknU0YLWUvVxdXLJIDzXKWgbtAZYp1TZPlW2s22qAH
-8JuIwo+QqnMjByIC4F++0uubHEDpAgwDCIJiAbEYy7QofDueMYuJNVWm6QGLQqEQ
-d2Vb+76A+Pjiz20=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-mlml.calstate.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp-mlml.calstate.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">mlml.calstate.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp-mlml.calstate.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 421, expires on Fri Sep  3 18:12:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICAaUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwMjE4MTI0NloXDTEwMDkw
-MzE4MTI0NlowIDEeMBwGA1UEAxMVaWRwLW1sbWwuY2Fsc3RhdGUuZWR1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3+H/xWSJk24Zn3Y+uN6QtEjp1e054Y8eA
-ZaCX8i7IqdD61q4B8AojKYFqzMshq5OyoZh4RXOkluohwRgn8FJD5AUuCiFx4G7w
-TZWx6cYimaw1pUv0625c4a5bn7LMAegevY49K9juDNIUtUVMhBNPW+17f6iMBPa2
-SmM53YcLqQIDAQABo4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQoC+H+
-jQcA9IWSfHw5h2dpweRfsDB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAX
-ghVpZHAtbWxtbC5jYWxzdGF0ZS5lZHUwDQYJKoZIhvcNAQEFBQADggEBABobAEBq
-FaLOCsj/mLeLWtGGcoh1V5r16vT3a/abrg5/12w1THq9xJEfNc/GFkGRSeroV5pS
-AuPkWXgLGyCoCcY5CprrthPN+aJq4p9G6Ljsx+wNTLIRWLqCPMXIQHml1JX1SqA/
-nRIRAdQHNOBSK4rOmfl45i3OpFullmOpMj0lZPRL8M4mglG1PaOlx4314jDDEth6
-7P5tMsoElM2QA43ldwT+aCvknU0YLWUvVxdXLJIDzXKWgbtAZYp1TZPlW2s22qAH
-8JuIwo+QqnMjByIC4F++0uubHEDpAgwDCIJiAbEYy7QofDueMYuJNVWm6QGLQqEQ
-d2Vb+76A+Pjiz20=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp-mlml.calstate.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Moss Landing Marine Laboratories</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Moss Landing Marine Laboratories</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.mlml.calstate.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Jeff Arlt</GivenName>
-    <EmailAddress>jarlt@mlml.calstate.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>John Witkowski</GivenName>
-    <EmailAddress>jwitkowski@mlml.calstate.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Marcus M. Mizushima</GivenName>
-    <EmailAddress>mmizushima@calstate.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Gabriel Sroka</GivenName>
-    <EmailAddress>gsroka@calstate.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Virginia Polytechnic Institute and State University -->
-<EntityDescriptor entityID="urn:mace:incommon:vt.edu">
-  <IDPSSODescriptor errorURL="https://shib.vt.edu/idp/error.jsp" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">vt.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.vt.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 375, expires on Sun Jul  4 18:56:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAXcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMzE4NTY1MloXDTEwMDcw
-NDE4NTY1MlowFjEUMBIGA1UEAxMLc2hpYi52dC5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDJ/qQ8s9By85mYL7PVryYIdZewqiFTstkXGo6VAMxl
-W9NnGHbThuZ+WXG4k28fAk2D+rGHKRxEmPGygAqZzZ87o7Z63har0F0X/9M3zOPX
-ADruPLy7APAsYBdQ84R00udHcAYiSBbcNI/BrLxF9QxtLiecTcxzkbAfJcXMXWe1
-GfhDN+8qrmi3lB0pO/rQccY2kd9K9/17xTb7M6Lj2iKLeOz71FqAzm0OYyyL2lkA
-oIws93xzyav8/fr6/ssengsvwIL5mDBU5b5Vs6fg1NyFQP9oujnTDIASHL9FXJkj
-P0SB7JypYuz1Bq5W48hiKEruV/MmPDkUkkMBJasqokdbAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFKD8T0srMuYemAhXFdLq7vbt7XLeMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC3NoaWIudnQuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQBVEIAmHl3QeX60Qz3PcNxuO5FMU9lV2PvIJ/75ISP4jcjqHss9
-9AuHHmz+HfZX//T/i37KDhB5Fnfu/aeLZIDyBB2kJigboOBQA70M/KQmkIdheSWv
-S3YQ6PuO3hqe+/Bqfhjw4M7fnD+9rfoNdFUYbHS1zDoxLyL4U6Q+2WeodD/y+YXz
-yrNuDucpRROpjU9RAW2UZ0P7iV4hSllVo85k6gY/VvncGSA8aqeTY4SzNmbH5EIA
-OBy202gvsP4u6pouKjPK0nsQrhFyPmq9d+0JlZGUd44H6s2wCbjDM32GWfbcacF+
-gWAYlDzBb2SsR3PRwT6aJEWink9YHZFGlplY
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.vt.edu/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.vt.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">vt.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.vt.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 375, expires on Sun Jul  4 18:56:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAXcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMzE4NTY1MloXDTEwMDcw
-NDE4NTY1MlowFjEUMBIGA1UEAxMLc2hpYi52dC5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDJ/qQ8s9By85mYL7PVryYIdZewqiFTstkXGo6VAMxl
-W9NnGHbThuZ+WXG4k28fAk2D+rGHKRxEmPGygAqZzZ87o7Z63har0F0X/9M3zOPX
-ADruPLy7APAsYBdQ84R00udHcAYiSBbcNI/BrLxF9QxtLiecTcxzkbAfJcXMXWe1
-GfhDN+8qrmi3lB0pO/rQccY2kd9K9/17xTb7M6Lj2iKLeOz71FqAzm0OYyyL2lkA
-oIws93xzyav8/fr6/ssengsvwIL5mDBU5b5Vs6fg1NyFQP9oujnTDIASHL9FXJkj
-P0SB7JypYuz1Bq5W48hiKEruV/MmPDkUkkMBJasqokdbAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFKD8T0srMuYemAhXFdLq7vbt7XLeMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC3NoaWIudnQuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQBVEIAmHl3QeX60Qz3PcNxuO5FMU9lV2PvIJ/75ISP4jcjqHss9
-9AuHHmz+HfZX//T/i37KDhB5Fnfu/aeLZIDyBB2kJigboOBQA70M/KQmkIdheSWv
-S3YQ6PuO3hqe+/Bqfhjw4M7fnD+9rfoNdFUYbHS1zDoxLyL4U6Q+2WeodD/y+YXz
-yrNuDucpRROpjU9RAW2UZ0P7iV4hSllVo85k6gY/VvncGSA8aqeTY4SzNmbH5EIA
-OBy202gvsP4u6pouKjPK0nsQrhFyPmq9d+0JlZGUd44H6s2wCbjDM32GWfbcacF+
-gWAYlDzBb2SsR3PRwT6aJEWink9YHZFGlplY
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.vt.edu:10443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Virginia Polytechnic Institute and State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Virginia Polytechnic Institute and State University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.vt.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Marvin Addison</GivenName>
-    <EmailAddress>shib-admin@vt.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Mary Dunker</GivenName>
-    <EmailAddress>dunker@vt.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Microsoft -->
-<EntityDescriptor entityID="https://downloads.channel8.msdn.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.dreamspark.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 467, expires on Thu Nov 25 20:31:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFlTCCBH2gAwIBAgICAdMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTEyNDIwMzExMloXDTEwMTEy
-NTIwMzExMlowHTEbMBkGA1UEAxMSd3d3LmRyZWFtc3BhcmsuY29tMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzx+TlKaaxrgQm3hZukgmkIDkg7uNYjMl
-zWujZ5UBnmnNr0/LVPbQ7ANUv9TTe2XgV1EbCEMrQD5Siy5z6z7jRYOX27SmDJiL
-vgdckv1XZjxVRCZACiWHHLYYTyPAqf8vlNT2m0uySjssY/teZ4lacZT45JoxCIop
-OC/Un35nlXmNt/dtv66lsc9V4EIxCbMCN0skPWDTy8q9Y/mfzVivKNGicywXuEIF
-baFmQ5ocNVxRxriQ2mxdrEe9UoPZoKKMhegnzyJu1xi87yFMN+kXOpqN3/whdi9p
-/fGaIRw9JT1poT674hL+ejuZuZlvLjHywIhKuQ++59UztAr3ZyQLUQIDAQABo4IC
-pDCCAqAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBS4CV6t2ZkJcxCYGKWZHc0QHaPl
-zzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcBAQSB
-pTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEFBQcw
-AoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJp
-ZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRw
-Oi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Js
-cy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEB
-MEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAdBgNVHREEFjAUghJ3d3cuZHJlYW1zcGFy
-ay5jb20wDQYJKoZIhvcNAQEFBQADggEBAJJad/ukiZYUL59HDAuHQ8QYwEz4iyah
-Pk5FduX3VvO04frWXPCUVRa8HIf62ZNdO8WHQi4RhMzg2Iu3hEp4CyztgZUoNiIS
-klU9kbJxYE1R8XTxI1PzZLk8N1pw18TJSuaM7vI5LEHotobM/IMFlZ8o2+MqKCLU
-x2Yx9YAa6oYkFMpdqFBwR+UjgiWXSLXEhiE4HmVRhyKlxE3LeV87pj+Qa+asfHiS
-szTU69+UEiAwGqB2jKQ4wseqajIFXLoHobwbkCvTX/bK8ZmcHMut33+3huuOC65+
-BWLWJwiFKzVeftNXbInYUAqUErXnNu9R7mYTHSEzPB+BurQ669p6/+s=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.dreamspark.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.dreamspark.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Microsoft</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Microsoft</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.microsoft.com/en/us/default.aspx</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>DreamSpark Engineering Team</GivenName>
-    <EmailAddress>dsengt@microsoft.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>DreamSpark Engineering Team</GivenName>
-    <EmailAddress>dsengt@microsoft.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Scott Blackwell</GivenName>
-    <EmailAddress>scott.blackwell@microsoft.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://staging.dreamspark.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>staging.dreamspark.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 446, expires on Thu Oct  7 18:14:05 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAb4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAwNjE4MTQwNVoXDTEwMTAw
-NzE4MTQwNVowITEfMB0GA1UEAxMWc3RhZ2luZy5kcmVhbXNwYXJrLmNvbTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvyt5Coj3UzRIAN4AMxfkCOJfldddhJjg
-7PEe/9HnY0GnXs3QExkFKoaLqdVa6BbGg8p5iOJvJ+hN8KW8rlEOdUaVhmPdE6y3
-ZHnErru6kmwwV/sFPQEqfsFKhENe7scfgfcMl4jx53PUkAn84itc1LSPhbJfsALu
-HurV5Nwk0+cCAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUrQqs
-L1PyXk/vJ7oK+EACxDjcpwUwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWc3RhZ2luZy5kcmVhbXNwYXJrLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAgFob
-QMnMr7WedSIrpSek0jZoGdwW+Ih2y2ZaNP96ygFyIZTxnYDbY4wGoVPDbA+1uGew
-MoOigJlZkBeJyinRCAaOjRaOWAU91JxtJi/4kZrJbPDY8djyCbfSRAEXUSAPuBwx
-PBUwwjoz57LnhrgSNNU6X20uGOpzt9IYmcujZ/7t5P9u8/tzVBOpa62QAgFJVBwD
-Ucr+wB3H3RDSF0kBH94nAgOPXJToHWJM7gcOr+m8AEEI1YukftZVrwE9/3cI7SPe
-eEW5lxwrxpzVESmLHCr+HpdOsZqG6B4Nrt6UjjI9jB1rguPXKBjfUw7YAeCwx7jT
-05NcwImw3Hy1xQdZqQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://staging.dreamspark.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Microsoft</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Microsoft</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.microsoft.com/en/us/default.aspx</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Brian Conte</GivenName>
-    <EmailAddress>v-bconte@microsoft.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Scott Blackwell</GivenName>
-    <EmailAddress>Scott.Blackwell@microsoft.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Old Dominion University -->
-<EntityDescriptor entityID="urn:mace:incommon:odu.edu">
-  <IDPSSODescriptor errorURL="http://shibboleth.odu.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">odu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.odu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 284, expires on Sat Mar 20 19:06:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnTCCBIWgAwIBAgICARwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMxOTE5MDYxNFoXDTEwMDMy
-MDE5MDYxNFowHTEbMBkGA1UEAxMSc2hpYmJvbGV0aC5vZHUuZWR1MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+BwDkdKLPDpcF/Sl8c+N8R2s7HG0Yotu
-uuJonzoaVhaLITbHQ9dxbF4y9dUJRFTb9KXzuRB9HI1Gc1AugFquLN09gSsUH/80
-EBx3V2PA3yh9oj8jT+VPeR52Y+x2JvTlTXCJE85gto+6M3jc/jxLKu0sBa/hPMEi
-2Lf6eN8wMiykcAjFQy45eD6W3UbhWIdFdIJzBOHbc5Lw2QFL7eh+J1eW49hDAxg1
-Np0rwk7TafXskBN2AQ6xpd/+NNsVSdUIGL79ys4UMyIFRh4bkpPxTh7K3NenqQ4z
-rlLEReIy4Gwv/xP9MsBIT5zTFpP7m80JRylQD7AY1r4ltOI9UaYfpwIDAQABo4IC
-rDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSQLfgOPlsbjl3bNhl+3y5b6eHo
-oTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSB
-rTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNz
-dWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1UdEQQWMBSCEnNoaWJi
-b2xldGgub2R1LmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAGI507zxebncyRIHehRR0
-NW53bXZ7AzWeDX9N7l10aUTPiQcLr1wsLcTfveDiWAAMUEtOwsM6jGucAg6x/lCS
-48aQfXx/9IA5CYV+ZPUlVgKNI3mnmD62+TyX77m6gqR2HRaElHpDvBrppM7MIHGF
-gp1K20EM9EgJWN+kcjaq3VfoYUNZgZFHyK3xTpKVEOMXZx5hq0Cd0YsoEZ1cS5BY
-I0d49jJnMYqCJAkwR8FZ6cPjn7fAZnCvvgs/2bkIpavKa4wSG6WwlQQCJkOy+wzW
-TpO/yauENUQhA4Uk57B0g3c8WrCS8gNTHDli9Hv4cWjp5jRQXrZJJTOPOR0l3L8T
-3w==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.odu.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.odu.edu:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.odu.edu/idp/profile/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">odu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.odu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 284, expires on Sat Mar 20 19:06:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnTCCBIWgAwIBAgICARwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMxOTE5MDYxNFoXDTEwMDMy
-MDE5MDYxNFowHTEbMBkGA1UEAxMSc2hpYmJvbGV0aC5vZHUuZWR1MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+BwDkdKLPDpcF/Sl8c+N8R2s7HG0Yotu
-uuJonzoaVhaLITbHQ9dxbF4y9dUJRFTb9KXzuRB9HI1Gc1AugFquLN09gSsUH/80
-EBx3V2PA3yh9oj8jT+VPeR52Y+x2JvTlTXCJE85gto+6M3jc/jxLKu0sBa/hPMEi
-2Lf6eN8wMiykcAjFQy45eD6W3UbhWIdFdIJzBOHbc5Lw2QFL7eh+J1eW49hDAxg1
-Np0rwk7TafXskBN2AQ6xpd/+NNsVSdUIGL79ys4UMyIFRh4bkpPxTh7K3NenqQ4z
-rlLEReIy4Gwv/xP9MsBIT5zTFpP7m80JRylQD7AY1r4ltOI9UaYfpwIDAQABo4IC
-rDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSQLfgOPlsbjl3bNhl+3y5b6eHo
-oTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIElu
-Q29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcBAQSB
-rTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0EgSXNz
-dWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1UdEQQWMBSCEnNoaWJi
-b2xldGgub2R1LmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAGI507zxebncyRIHehRR0
-NW53bXZ7AzWeDX9N7l10aUTPiQcLr1wsLcTfveDiWAAMUEtOwsM6jGucAg6x/lCS
-48aQfXx/9IA5CYV+ZPUlVgKNI3mnmD62+TyX77m6gqR2HRaElHpDvBrppM7MIHGF
-gp1K20EM9EgJWN+kcjaq3VfoYUNZgZFHyK3xTpKVEOMXZx5hq0Cd0YsoEZ1cS5BY
-I0d49jJnMYqCJAkwR8FZ6cPjn7fAZnCvvgs/2bkIpavKa4wSG6WwlQQCJkOy+wzW
-TpO/yauENUQhA4Uk57B0g3c8WrCS8gNTHDli9Hv4cWjp5jRQXrZJJTOPOR0l3L8T
-3w==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.odu.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.odu.edu:8443/idp/profile/SAML2/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Old Dominion University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Old Dominion University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://web.odu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Todd Dergenski</GivenName>
-    <EmailAddress>tdergens@odu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Technical Support Center</GivenName>
-    <EmailAddress>occshelp@odu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Todd Dergenski</GivenName>
-    <EmailAddress>tdergens@odu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- InCommon LLC -->
-<EntityDescriptor entityID="urn:mace:incommon:incommonfederation.org">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">incommonfederation.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.incommonfederation.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 234, expires on Sun Dec  6 15:28:27 2009 GMT -->
-          <ds:X509Certificate>
-MIIFKTCCBBGgAwIBAgICAOowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIwNjE1MjgyN1oXDTA5MTIw
-NjE1MjgyN1owJTEjMCEGA1UEAxMaaWRwLmluY29tbW9uZmVkZXJhdGlvbi5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMsS3N7wt4yxSxx8yeb08b7go2Nm
-HpKR754gn60sUNhiep1jI3s7kALvK+OTN//fBOf3thTOJDF2k6GC3cj9b0nALPoJ
-gv1/DLsEuCLdndbCVlyBNhG/xxB+kcIkjl/olTH9hO3XSFBFNA0JQbgqbQ/8mqmb
-5nPEqNM4c/td1h/PAgMBAAGjggK0MIICsDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYE
-FB7//2MNy4fSWlaLofsdoJssBz8eMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2N
-k7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVk
-ZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9p
-bmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9j
-YS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNh
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRw
-Oi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5w
-ZGYwJQYDVR0RBB4wHIIaaWRwLmluY29tbW9uZmVkZXJhdGlvbi5vcmcwDQYJKoZI
-hvcNAQEFBQADggEBAHHyY6qs7hO1x0l+UQaO+Um0UH42afl0ZjTk/KFKh/PxgiTu
-tQmf9QBWSOjoOp9F2k3DVMb+2wDVItvPCVC42scmuIfJ/Pz2OFJEvw/LcaeJePNF
-GFh1JlsaAnd8Qz5pf8gyz5tWgVm/v/pdT8tu2uGPK07T+EcQhmsUP2zmkS3BTHnB
-anLUxamn4rqe5KHRkV/dJ7Ikm0r37R/pXCQu1d/aF9thZQ2GB8/uxYxLlqNN379F
-l7vmn2me4bqIfd/ViFaPDz2J9Sw4475aZHzZpMq2SDuhNKecatEVZrpFrrvXBUOV
-qofWkuCJKHd3rr2lhILwUcsDMZUbPW2o1v+Hiy4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.incommonfederation.org/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">incommonfederation.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.incommonfederation.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 234, expires on Sun Dec  6 15:28:27 2009 GMT -->
-          <ds:X509Certificate>
-MIIFKTCCBBGgAwIBAgICAOowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTIwNjE1MjgyN1oXDTA5MTIw
-NjE1MjgyN1owJTEjMCEGA1UEAxMaaWRwLmluY29tbW9uZmVkZXJhdGlvbi5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMsS3N7wt4yxSxx8yeb08b7go2Nm
-HpKR754gn60sUNhiep1jI3s7kALvK+OTN//fBOf3thTOJDF2k6GC3cj9b0nALPoJ
-gv1/DLsEuCLdndbCVlyBNhG/xxB+kcIkjl/olTH9hO3XSFBFNA0JQbgqbQ/8mqmb
-5nPEqNM4c/td1h/PAgMBAAGjggK0MIICsDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYE
-FB7//2MNy4fSWlaLofsdoJssBz8eMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2N
-k7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVk
-ZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHmCAQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9p
-bmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9j
-YS1jZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNh
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8v
-aW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5j
-cmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRw
-Oi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5w
-ZGYwJQYDVR0RBB4wHIIaaWRwLmluY29tbW9uZmVkZXJhdGlvbi5vcmcwDQYJKoZI
-hvcNAQEFBQADggEBAHHyY6qs7hO1x0l+UQaO+Um0UH42afl0ZjTk/KFKh/PxgiTu
-tQmf9QBWSOjoOp9F2k3DVMb+2wDVItvPCVC42scmuIfJ/Pz2OFJEvw/LcaeJePNF
-GFh1JlsaAnd8Qz5pf8gyz5tWgVm/v/pdT8tu2uGPK07T+EcQhmsUP2zmkS3BTHnB
-anLUxamn4rqe5KHRkV/dJ7Ikm0r37R/pXCQu1d/aF9thZQ2GB8/uxYxLlqNN379F
-l7vmn2me4bqIfd/ViFaPDz2J9Sw4475aZHzZpMq2SDuhNKecatEVZrpFrrvXBUOV
-qofWkuCJKHd3rr2lhILwUcsDMZUbPW2o1v+Hiy4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.incommonfederation.org:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">InCommon LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">InCommon Operations</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.incommon.org</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Tech Support</GivenName>
-    <EmailAddress>techsupport@internet2.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- SumTotal Systems, Inc. -->
-<EntityDescriptor entityID="https://imp39.sumtotalsystems.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>Imp39.sumtotalsystems.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 494, expires on Sun Feb 20 20:42:28 2011 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICAe4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIxOTIwNDIyOFoXDTExMDIy
-MDIwNDIyOFowJDEiMCAGA1UEAxMZSW1wMzkuc3VtdG90YWxzeXN0ZW1zLmNvbTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA57Yduahtyr6ATvvix68OB3xlpXHI
-afTkSIU2iI2ynGmZLmMwVrKxAF95In1GsfNW/0zek1XjccycvPPKEU/5KL3XV4jf
-ugRe3+XpADWo7N2vwO+jpk1zgtohIKhZoMmkT7AT17xKx8Q4VpgxY2/Fa/wcSxl3
-jJBSScOE+9k3+jUCAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-3gjdO1qvJkThvFinBDqp0UlvQjAwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJAYDVR0R
-BB0wG4IZSW1wMzkuc3VtdG90YWxzeXN0ZW1zLmNvbTANBgkqhkiG9w0BAQUFAAOC
-AQEAn0sBID7kzx0mxWRs/PbjwhbuhqZlx0442E9rP60DgUMiNaph1AemXi4WBgZr
-eiu7wWkQvEErFU4KFH4Z47GZ5XuqMH09PoyXEj9KOPFF2l4mNGjYw7P70FOsQXiF
-6/qxVpjYRLv/Vh/c76sFp5ICbmdUwFkZJQKx+Rvp2kPi85ybp1zRp5cEYsWF8079
-Oi0dAa1vNa1szzHf4bIwW9zzgutGFRFgYhx/rhQuYMuLRpapUyPClPkPRzI01nZ5
-Gg1ycT+2jqlaXnIT73ZDsa7d46A6KOdJcfcDhrM7M/nxNHYh8fblJ8Pr3rwJvHGt
-2CGfvrHr6XhKiEie1e5yn0QbSg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://imp39.sumtotalsystems.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://imp39.sumtotalsystems.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">SumTotal Systems, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">SumTotal Systems, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sumtotalsystems.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bharathy Mohan</GivenName>
-    <EmailAddress>bmohan@sumtotalsystems.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://imp40.sumtotalsystems.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>imp40.sumtotalsystems.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 250, expires on Sun Jan 24 23:16:24 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICAPowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDEyNDIzMTYyNFoXDTEwMDEy
-NDIzMTYyNFowJDEiMCAGA1UEAxMZaW1wNDAuc3VtdG90YWxzeXN0ZW1zLmNvbTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr9DnV/W4Puy5gbg4RpVSNBEr201j
-SA/qn26C0wlQOWp0weXM2jgHqDEszQ4HYfK+8LpXCdzHjLFf/CbV4oOWtD2jxI+I
-hLQel3CDPCxy7CIrTtgKHXNOeytLHg81+/SvwMuQZp+GtsrYDf5GeIz0irYjOiRi
-QYk1Pe5ZZQ+r7e8CAwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-e+WPn46oeemsfYCTjImaxUBFjG4wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAkBgNVHREEHTAbghlpbXA0MC5zdW10b3RhbHN5c3RlbXMuY29tMA0GCSqGSIb3
-DQEBBQUAA4IBAQAInMexlY3XRx7L5lX1zqp1rjjrLFIgDdQejeyjKX7SjIktFsah
-4DrLwlLt0nCh7YVT/K+BP7av6nceulTJYAKQ0wajNlhbuHd+Yw4dYGzqNviGJVuz
-L8VXEYC1iCf192HlpcAdrubIqle0z0yMP3dW1mHx+7HSKWdN6Njl0zds7eg+lWYI
-xaOu1PHHcU8pAa7sewrXHoLGBAwtn9QY0Ox9fgZmrfAS8//sHKzilKojEay0HKwr
-buux8PbSMrqRWbcMzwgkQuMm4I+gb1qWKBjQ+duNNV0XcTKhXcBZho+oTHAgg0kw
-Wns1sdc2fCYbX57zGG84EE2VtjC0HVwOUig6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://imp40.sumtotalsystems.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://imp40.sumtotalsystems.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">SumTotal Systems, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">SumTotal Systems, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sumtotalsystems.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bharathy Mohan</GivenName>
-    <EmailAddress>bmohan@sumtotalsystems.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ucastage.sumtotalsystems.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>ucastage.sumtotalsystems.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 267, expires on Sat Feb 27 19:11:57 2010 GMT -->
-          <ds:X509Certificate>
-MIIFLTCCBBWgAwIBAgICAQswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDIyNzE5MTE1N1oXDTEwMDIy
-NzE5MTE1N1owJzElMCMGA1UEAxMcdWNhc3RhZ2Uuc3VtdG90YWxzeXN0ZW1zLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2b6MFF9rFvwzOFXq5QPe+3Iw
-uFxJVKab5WPczq2loIFtcerGHS2z2cHGIprAbxkVtS3tvLpTGUJ8FW+bf8ZP356/
-NAHI63FM8wLE+DcjTWJeB8W/EK4DjOPuF+VobcAZgzuvvFfEwtTdL82iob/u82TJ
-Wc3S2U74nQYc8eBXCAsCAwEAAaOCArYwggKyMA4GA1UdDwEB/wQEAwIFoDAMBgNV
-HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
-FgQU6pvyEu33DY9624aGGG7dUZmt3OswfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd
-3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBG
-ZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDov
-L2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRz
-L2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9u
-Y2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0
-dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2Vz
-LnBkZjAnBgNVHREEIDAeghx1Y2FzdGFnZS5zdW10b3RhbHN5c3RlbXMuY29tMA0G
-CSqGSIb3DQEBBQUAA4IBAQB1TG1euFhyPcxWBa0ya179+HkkPPKkKlh9yJY8Qew5
-bDK/1HzXtTlI2iYNEzVPUkCFUmirkQ/kggDnlFQTFqC+u2flemr4SWLlMzpD3uzP
-X6XDp3xSFNVg3uGBIMmVN50yQFaqOE5DuKWSFpcwek4/J128SYqSd9dccIAo/fsb
-SDQVlM5qu/9aiFQQYqMyh6qCbTxCRgfRVUBhHfJwvTfgoA7IjcHltw41MREER5vb
-fmbU2yFwfJuX5qz8IccCXcSHp4YtQrjfB3kK8YL8qmYXgAL5kJyj7lV9zwenTzsA
-nMPAXNDkkcBeJ1tF13Wu2VsIGTruy8ImVz/z9LweiSe6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucastage.sumtotalsystems.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://ucastage.sumtotalsystems.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">SumTotal Systems, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">SumTotal Systems, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sumtotalsystems.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bharathy Mohan</GivenName>
-    <EmailAddress>bmohan@sumtotalsystems.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://uca.sumtotalsystems.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>uca.sumtotalsystems.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 276, expires on Sun Mar  7 21:07:25 2010 GMT -->
-          <ds:X509Certificate>
-MIIFIzCCBAugAwIBAgICARQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMwNjIxMDcyNVoXDTEwMDMw
-NzIxMDcyNVowIjEgMB4GA1UEAxMXdWNhLnN1bXRvdGFsc3lzdGVtcy5jb20wgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJu33uAo5L++MNfi8bVYjR9RqRN9FEbn
-FnsZ2sz+Y5keeYIOU0HriIXWjgE/0zaB2aWX73xYEg4WgkmUeJTgy2NHWnG51OzX
-cWOXHu14ufe1B+uhdo5OXV5Doe3W+tIj7aRhE25zD7hRkT1skiW8/CBd4t6gPIGZ
-DuwEZ8TiATXfAgMBAAGjggKxMIICrTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFs+
-NyWeKXka63hoc09Eja09BVPEMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-gY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5j
-b21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
-XgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8v
-aW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYw
-IgYDVR0RBBswGYIXdWNhLnN1bXRvdGFsc3lzdGVtcy5jb20wDQYJKoZIhvcNAQEF
-BQADggEBABFFV8uUOOKP1Bwzu90QR8F7URSmB5Xne1V6+ZsyZWRc9g5S1ytzSKyd
-KbYV5jexDUKha3x1c4uCc+0uRjVXKi8T8EzFz/+rlQWx36IUm5867cLXUQDUjW3l
-lfeNpfSMGwKA9whsXQmVFXJWdhKUHT/2JdMVMPciHEUkamxU1CgSSLl5b7az1iHj
-BDKEE7EWJ5k7OTHYMP2PH9KQB7DiSirGuZVLw7xOWIo+b9Y/8bkiBtR+gdx9vuWj
-ZkzV/G2XcSwCqxWS0d8itiFi5Lvh/56PwFTy8ZaO4SuVcIzYvLZ3CuEFC2J9O9W3
-C1pT0f2hdavYkWh+l7+Dk/AlQe3jx70=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://uca.sumtotalsystems.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://uca.sumtotalsystems.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">SumTotal Systems, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">SumTotal Systems, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sumtotalsystems.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Bharathy Mohan</GivenName>
-    <EmailAddress>bmohan@sumtotalsystems.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California, Berkeley -->
-<EntityDescriptor entityID="urn:mace:incommon:berkeley.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">berkeley.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.berkeley.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 414, expires on Sun Aug 22 18:12:55 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAZ4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyMTE4MTI1NVoXDTEwMDgy
-MjE4MTI1NVowHDEaMBgGA1UEAxMRc2hpYi5iZXJrZWxleS5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBALaB2FOzSy35hdD5/osuJTqNZpoiovmrwTb7OIAH
-bkMzXgtzgI+FTej52DbIhcNTdWKDzg55hhgEps0H5MwTNg471o7OBabMs3otEeom
-cG534gxJv1Xt1GDlWqpvOGcfpZp8QkGQchOU87ZKZKhUfFctMzGVxBRVscUD2xCg
-eS8PAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFN68x6u92nIC
-FNotBaklE606XvkfMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNo
-aWIuYmVya2VsZXkuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQDJakU1znp9sFZ+VW+a
-LK24k4xBP7m0RZGrDUNGnnl41p8F6xgzKKXvbv6xn6wtcm/pojh4QK3qVOJe+2RT
-XdJL6t82wX34OPFoTNuBunGMCu9qkXmGRZWEvKvE7C38+G5rRHMGKw0b7C/vd4V7
-ICzrBZ1Pb597I/nCZWJzJJdWVeFXNpz9KqPdkgaUmK11QIEPz27y709qutAPDdUe
-SyJlvUdxqnf4Bwl+v6V+K3GppEEcL0GSo6pA1InG6caJ7fM8YKFEuBBnt6fU2Gdc
-eO+3GZPuuQETnxe1TXsip8lEHfsJ9Q0GBXLF+zsl0/t30r3eNf5ljgxl/4P2An6N
-YfHe
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.berkeley.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.berkeley.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">berkeley.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.berkeley.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 414, expires on Sun Aug 22 18:12:55 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAZ4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyMTE4MTI1NVoXDTEwMDgy
-MjE4MTI1NVowHDEaMBgGA1UEAxMRc2hpYi5iZXJrZWxleS5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBALaB2FOzSy35hdD5/osuJTqNZpoiovmrwTb7OIAH
-bkMzXgtzgI+FTej52DbIhcNTdWKDzg55hhgEps0H5MwTNg471o7OBabMs3otEeom
-cG534gxJv1Xt1GDlWqpvOGcfpZp8QkGQchOU87ZKZKhUfFctMzGVxBRVscUD2xCg
-eS8PAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFN68x6u92nIC
-FNotBaklE606XvkfMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNo
-aWIuYmVya2VsZXkuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQDJakU1znp9sFZ+VW+a
-LK24k4xBP7m0RZGrDUNGnnl41p8F6xgzKKXvbv6xn6wtcm/pojh4QK3qVOJe+2RT
-XdJL6t82wX34OPFoTNuBunGMCu9qkXmGRZWEvKvE7C38+G5rRHMGKw0b7C/vd4V7
-ICzrBZ1Pb597I/nCZWJzJJdWVeFXNpz9KqPdkgaUmK11QIEPz27y709qutAPDdUe
-SyJlvUdxqnf4Bwl+v6V+K3GppEEcL0GSo6pA1InG6caJ7fM8YKFEuBBnt6fU2Gdc
-eO+3GZPuuQETnxe1TXsip8lEHfsJ9Q0GBXLF+zsl0/t30r3eNf5ljgxl/4P2An6N
-YfHe
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.berkeley.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Berkeley</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Berkeley</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.berkeley.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Jeff McCullough</GivenName>
-    <EmailAddress>jeffmc@berkeley.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Karl Grose</GivenName>
-    <EmailAddress>karlgrose@berkeley.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ucready.berkeley.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webfarm.berkeley.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 485, expires on Sat Jan 22 20:20:30 2011 GMT -->
-          <ds:X509Certificate>
-MIIFmTCCBIGgAwIBAgICAeUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDEyMTIwMjAzMFoXDTExMDEy
-MjIwMjAzMFowHzEdMBsGA1UEAxMUd2ViZmFybS5iZXJrZWxleS5lZHUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChRHq6xLgNyN8SD9wbs+vYZB0V1uCX
-5EdpVUbcgwdgWh0rsoUfBZHCaYLG9AOk3ZLhNLXtm+kSJraVEpfEvjjifCtiE354
-7tKGbwOy3WwR/DAMmqGocrGLX8UoHFW/Ur0G8hfXhFq6dk7dNy8JoGLcCdv/V+uA
-iRWigAsVoRyNC24Ji2R1xFMGlptLPIvzyFOwNZGwLeuHSFA4qDaFCpyLXUMJxBgi
-tlA/qswI5fdJsUhHH3vwHuGwn5X89NRYDnO75if1LZie685dwNLsfSbuEIOlcCIW
-UCwPjvJwrhtT9VGSD8WvLY6Q3etKU0j6uA2S11hof6t3AQf8gNj4ixdTAgMBAAGj
-ggKmMIICojAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU
-BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFI2fvNBG4HPkPYF5zVcb2Iz7
-VRG2MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYD
-VQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMg
-SW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEB
-BIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUF
-BzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9i
-cmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0
-dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVj
-cmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEE
-AQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB8GA1UdEQQYMBaCFHdlYmZhcm0uYmVy
-a2VsZXkuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCsZSE+A+2fb1GjdrldCXvM5lla
-t1t3SBvvmU2UZsgJxJiW8PJ5UKHdJr63YIAPc9+ypSVJ3gXN9ESFewmnKJhD1e2R
-LggYH3KPRt/u2n9JXYUae5tVFhxHQbZzEreq/tToXdQL5x+1ocjwfZ10yimXObAF
-uL653799mAjjqoBcTkk1M2Bw45cQGnCeckFTNs8eDsC7EVyl+hPX4CFfUp31Fj7Q
-SAMF8aA4DCipGVpJzJXAM6v9N/zELf1WvOOWN3uj4K6HpMVvbTsuj7+/20Cik/k2
-WWYaIDdC/G6LDVTo33Ez3Z1Yf9vWAiAddxH6Ng3f3OCmkMYSFbnWKhjFQ1bk
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucready.berkeley.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Berkeley</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Berkeley</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.berkeley.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Adam Cohen</GivenName>
-    <EmailAddress>adamcohen@berkeley.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ucready-dev.berkeley.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webfarm-dev.berkeley.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 453, expires on Sun Oct 24 18:20:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFoTCCBImgAwIBAgICAcUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyMzE4MjA0M1oXDTEwMTAy
-NDE4MjA0M1owIzEhMB8GA1UEAxMYd2ViZmFybS1kZXYuYmVya2VsZXkuZWR1MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkrJzD5qG3/Rpxl3QTCaRKyg
-vZGEvjCnggeCygzlZedSBmH1Gr0IRmp9v1hpzsHydxEv8MfZvsVy+EFZ6j+qI9N0
-pUPurPDk+Z8646y7rbcLj7sA3c0oPJaH8DSY9tOPNMEK11vxtzzh4FS5O19mJmY1
-o5UJP9moxw7YzyGUFCCGwpFLhV1ooIJDWSGnv/b2p4LvIoSq1DSKVHPZt/wbwBDo
-qzv4y3Bz1lw8KAoj50guMt47kbFr29pMp1zwWVkavklNP/S091xMRkmwsK4x2teZ
-NaFgQOKO41QZJBu2kTd3osfE0jSdSWcLoa91SWeWm8o2lsS79bW1x+cU9S98mwID
-AQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTWeDK33rflHk4wJYhc
-oeDCy/e16jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEF
-BQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggr
-BgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREEHDAaghh3ZWJmYXJt
-LWRldi5iZXJrZWxleS5lZHUwDQYJKoZIhvcNAQEFBQADggEBAFlPbPMoeTiVfm99
-Sv8fj2Ca7uX8SlNVAdsuQfwdxaXRz8G3zMw9dSvAla1paDq4rn2KMX8lgSV3kAS3
-px4JnKrdvTq98lmWlASsAzITImKkLoJ/FJYl8AH2LqWBKUXjdd+9y73bbw15yV09
-N7JrPywg5uXBd6HeXDe3jbIN72Tw0uT2NYGkiD1vwSZ0UZdXodWpyueyI094SLZ2
-ApWiXaRE7/oS1OGjc9tdyt6+W2VJfn9+qmwKZ00sVdlmKvZM4d+k+AJevqDljSoe
-tJ1SHhNFhBqejN8ggPGvP/HOv2CExb7e8wplOBtvYH58qQHoS8kygxkG0kH/i4c6
-jSyjqZg=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucready-dev.berkeley.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Berkeley</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Berkeley</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.berkeley.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Adam Cohen</GivenName>
-    <EmailAddress>adamcohen@berkeley.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://ucready-qa.berkeley.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webfarm-qa.berkeley.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 454, expires on Sun Oct 24 18:20:53 2010 GMT -->
-          <ds:X509Certificate>
-MIIFnzCCBIegAwIBAgICAcYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyMzE4MjA1M1oXDTEwMTAy
-NDE4MjA1M1owIjEgMB4GA1UEAxMXd2ViZmFybS1xYS5iZXJrZWxleS5lZHUwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8cguz8Qi+xngvcT20wJD1AUXD
-soypLBQJKStZFudzqulz7TOGyrDRGP8l8aj+0tSiPddVkYocHFgI9KkG44NUhf4I
-Xr/tR9aWddWOM2r4dHFUDqnYB82fKjra4wsYke8mLsgXvAM0bs1HGwOJqKIrjeOD
-xg6NfprBN1JEqxJ8nJlbMguMkfTnX/sFkekuFioajkge3Wrh1/o6jfxq9kjxnuOf
-G3xLDPpEjoLhaZxflvf3KQfbxdvWJ4VNXs+IywieQgc3+fJz/X3jAkBuo/igT4YW
-t8/pH952PN/L3Wmn2oEcLZie0wVEVlZge8/TBkwNq71a5cp43imBsMcEK6gRAgMB
-AAGjggKpMIICpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFCVJmdIogZVgUF/IUXI1
-d7NeAkG+MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUF
-BwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsG
-AQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCIGA1UdEQQbMBmCF3dlYmZhcm0t
-cWEuYmVya2VsZXkuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAR34Z9a6QzZOpYZkOc
-hV1koBnJdZbaMRKzKkRZ02HT0xtVU4MAnT6VQpfF9OFU2vsILpGmxf7Zuh2RcsRc
-AOY3w6AAvJJi2bvfp1je+9BCFBXcit4KcOjESoxxN3TKh7Y/5AwlU00GoYbDn7iP
-efkDjFClonjGj+2DI0ey0j709VVHQY278d9CO2gaFxQKI/s5qbjABHC1wBZ12Ffa
-1hiGeSBnbCKwpLtPWe995RgBy2wWzdlerVnuEr/i+MPww08OXBffVE/3mQxeVvxG
-s/LpEciHIER2fc9r8As2NabwwDRGGhtnx8XaN5jTwfLF/Gd+e/T25L9f+Qzo8LgV
-0mzQ
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucready-qa.berkeley.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Berkeley</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Berkeley</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.berkeley.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Adam Cohen</GivenName>
-    <EmailAddress>adamcohen@berkeley.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Utah -->
-<EntityDescriptor entityID="urn:mace:incommon:utah.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">utah.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>incommon.sso.utah.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 307, expires on Sat May  1 19:09:36 2010 GMT -->
-          <ds:X509Certificate>
-MIIFozCCBIugAwIBAgICATMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQzMDE5MDkzNloXDTEwMDUw
-MTE5MDkzNlowIDEeMBwGA1UEAxMVaW5jb21tb24uc3NvLnV0YWguZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwupeoMt1OXpXiCCBBCLLziC1jhe
-xrkefGkDJcsMWsMjHqwLsDrZKat56K3MfTfW7mY8h0QDvGHm7lVqkbvxvjx34X76
-ReKJF2MSk5Ye/JBIMPvnLj0Juq+FBRPX6/8ZfTS04YianDwlmaaTxjGHSA76htfD
-Agjwt+dfIW7CpKnwduvGqW9KjuuPiuHM41rJQJK9hhP53rx6vIiZgldTtnxCmS/K
-fBd1v035ajLleEBYmrxo1KYpRLd9Xm6glkvLS0VsVOiLTnyS/GxYm6ANb50NhU63
-n6OW/kYXPfjYxdC3m5T3Lftt3v+OIJ/5bwLvLHlviw+VxA7mupUpkSkaNQIDAQAB
-o4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSOLI/mJIo9iPU+YI374xCg
-CV1TPjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcB
-AQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0Eg
-SXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAGA1UdEQQZMBeCFWlu
-Y29tbW9uLnNzby51dGFoLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAlWYN5xVNTBdO
-SeDz0diIHusZ9catREitt7RC7Dcb8SCliEqDjFY592cjjieEbFvOBB63wt72+2jp
-Hl6kcKtGjtN5KtrU/UkjgRwrRaKGH0qjJXpqQBKEqR5KIwzkecv2U5iW6zYUV//6
-xSxxsCWBBSCE0jJy4V0bV3g0jKh+auqXHr9BJMsQ1fUhGedlotEWniSqqarc31Bh
-giE5C8ThBCCfGJ0gBWJKc1He9eK2EpZQZ5VzVwZij9vt8fUl0YPbjEFbsLlIIyGv
-o0i9vPiEkrD7YNlxVyYWsa8v93yNz9DkCr3dOdl++oNCIk00+JqzyFrnJLNLldZl
-blR5x4yQFg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://incommon.sso.utah.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">utah.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>incommon.sso.utah.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 307, expires on Sat May  1 19:09:36 2010 GMT -->
-          <ds:X509Certificate>
-MIIFozCCBIugAwIBAgICATMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQzMDE5MDkzNloXDTEwMDUw
-MTE5MDkzNlowIDEeMBwGA1UEAxMVaW5jb21tb24uc3NvLnV0YWguZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwupeoMt1OXpXiCCBBCLLziC1jhe
-xrkefGkDJcsMWsMjHqwLsDrZKat56K3MfTfW7mY8h0QDvGHm7lVqkbvxvjx34X76
-ReKJF2MSk5Ye/JBIMPvnLj0Juq+FBRPX6/8ZfTS04YianDwlmaaTxjGHSA76htfD
-Agjwt+dfIW7CpKnwduvGqW9KjuuPiuHM41rJQJK9hhP53rx6vIiZgldTtnxCmS/K
-fBd1v035ajLleEBYmrxo1KYpRLd9Xm6glkvLS0VsVOiLTnyS/GxYm6ANb50NhU63
-n6OW/kYXPfjYxdC3m5T3Lftt3v+OIJ/5bwLvLHlviw+VxA7mupUpkSkaNQIDAQAB
-o4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSOLI/mJIo9iPU+YI374xCg
-CV1TPjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6BggrBgEFBQcB
-AQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiCgkJQ0Eg
-SXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAGA1UdEQQZMBeCFWlu
-Y29tbW9uLnNzby51dGFoLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAlWYN5xVNTBdO
-SeDz0diIHusZ9catREitt7RC7Dcb8SCliEqDjFY592cjjieEbFvOBB63wt72+2jp
-Hl6kcKtGjtN5KtrU/UkjgRwrRaKGH0qjJXpqQBKEqR5KIwzkecv2U5iW6zYUV//6
-xSxxsCWBBSCE0jJy4V0bV3g0jKh+auqXHr9BJMsQ1fUhGedlotEWniSqqarc31Bh
-giE5C8ThBCCfGJ0gBWJKc1He9eK2EpZQZ5VzVwZij9vt8fUl0YPbjEFbsLlIIyGv
-o0i9vPiEkrD7YNlxVyYWsa8v93yNz9DkCr3dOdl++oNCIk00+JqzyFrnJLNLldZl
-blR5x4yQFg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://incommon.sso.utah.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Utah</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Utah</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.utah.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Caprice Post</GivenName>
-    <EmailAddress>Caprice.Post@Utah.Edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Robert Roll</GivenName>
-    <EmailAddress>Robert.Roll@Utah.Edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- NG Web Solutions -->
-<EntityDescriptor entityID="https://federation.nelnet.net">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>osu.scholarships.nelnet.net</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 417, expires on Mon Aug 23 12:03:09 2010 GMT -->
-          <ds:X509Certificate>
-MIIFIzCCBAugAwIBAgICAaEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgyMjEyMDMwOVoXDTEwMDgy
-MzEyMDMwOVowJjEkMCIGA1UEAxMbb3N1LnNjaG9sYXJzaGlwcy5uZWxuZXQubmV0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD/+lcSe3Ii18ZWEebEIH3dTZx
-4oAEufTj7pEWRqwmRL6VLrSnLL7nechn07AxRjDlC55dBYWconvWYFalq5PhP183
-KPFVfKJwhLVxnQF6ribjJwcD7VAxWwSwpbq52mBAcbTuI7zGwIhmPuLOqnIsY7vL
-mj/X4lZLhe4i1+q+vQIDAQABo4ICrTCCAqkwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBQUKybvxskkZmxkN9ROb01OOSPfyjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAmBgNV
-HREEHzAdghtvc3Uuc2Nob2xhcnNoaXBzLm5lbG5ldC5uZXQwDQYJKoZIhvcNAQEF
-BQADggEBACSCtdwRVcJ+TsYNKf+aljErIeTkIoLmm68OyltQvQEFMzmDRty8IrVl
-nEVRT7Zc6IldSGJuI48Q9RcbLuWhZegylVqzomokOKaCN8Yn9CT3Nq4E+yRkQ7av
-lcZi895QRGU8Uq3SchonEkcnd5taERG9Hk+mlEznGgggHWsVd6Tr1ovT368sEgms
-OMhClXOnsReWTwfmm3G4eDV6dfCbEymasHTGJUfHisp6kyrUD9MxdnijKWGdoys6
-Zievc74omc8M35OUgHRVHg7mnxy3S9FgsjI2QGGjj/Bqb2tTeNKTXPkwwDlxFWZh
-TsT1B4GDrOl/VBqPAyJ1YB8GI1FRMTc=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://federation.nelnet.net/sp/acs.saml1" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">NG Web Solutions</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">NG Web Solutions</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ngwebsolutions.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="support">
-    <GivenName>Jim Grace</GivenName>
-    <EmailAddress>Jim.Grace@ngwebsolutions.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>John Muniz</GivenName>
-    <EmailAddress>John.Muniz@ngwebsolutions.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Phil Knight</GivenName>
-    <EmailAddress>Phil.Knight@ngwebsolutions.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://federation.ngwebsolutions.com">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>federation.ngwebsolutions.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 473, expires on Fri Dec 10 20:11:20 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICAdkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIwOTIwMTEyMFoXDTEwMTIx
-MDIwMTEyMFowKDEmMCQGA1UEAxMdZmVkZXJhdGlvbi5uZ3dlYnNvbHV0aW9ucy5j
-b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK5tmnV8AZeEafBEpniJ7NJs
-nSVqaX5nDCG0QeWMuMIWo7H17JkkiN2/d6cqknM/v7TCtJcg3yZMyHg6C5req5Xf
-oo3bpmlUYPrA+EAjqHCgiGfDwTG7wan5EnCMtCP7jg5Ui3CoxQKgE7778iOoBH/8
-zh6AlCI2T6IefNvY7ZipAgMBAAGjggKvMIICqzAOBgNVHQ8BAf8EBAMCBaAwDAYD
-VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O
-BBYEFN3WqnHg6DH8Gt9KjXs7OYp0nvZFMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wz
-nd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24g
-RmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8v
-aW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGN
-BgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4G
-A1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2lu
-Y29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCgG
-A1UdEQQhMB+CHWZlZGVyYXRpb24ubmd3ZWJzb2x1dGlvbnMuY29tMA0GCSqGSIb3
-DQEBBQUAA4IBAQCRmQArihFz/fiP+eBeOTjx2yzT+jwLz45zKaMJlNbgTfLy3poW
-KxFShtAarRdvaZwRptNh+9Hg1SutRj9myP+p4UhhapAyWPTw/RJvZHqpNgVpeYmm
-OWMsLh4WZ6Vk5Sx8JmyNiZhsMoZxA5Lxngv8JZEsR/bbgritwNmxjonrXxz8/8F/
-57le1HC9C+ThM+pa2XNvY3envODrb+lN2j5k38WZkikSzCQGzuOZxGdiuF/iNnBy
-NSM39ulMEYFuwAr2vkPxwtGQUWN9Qhllr28KGZDLDGbIQ0Se3Rwwcfj+nwjAMYZB
-UL656sYEIomSWTGCbYcDSIsNKZBzvZSjWK//
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://federation.ngwebsolutions.com/sp/acs.saml1" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">NG Web Solutions</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">NG Web Solutions</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ngwebsolutions.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Jim Grace</GivenName>
-    <EmailAddress>Jim.Grace@ngwebsolutions.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Phil Knight</GivenName>
-    <EmailAddress>Phil.Knight@ngwebsolutions.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Rutgers, The State University of New Jersey -->
-<EntityDescriptor entityID="urn:mace:incommon:rutgers.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">rutgers.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.oirt.rutgers.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 451, expires on Fri Oct 22 18:17:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmzCCBIOgAwIBAgICAcMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyMTE4MTc0M1oXDTEwMTAy
-MjE4MTc0M1owIDEeMBwGA1UEAxMVc2hpYi5vaXJ0LnJ1dGdlcnMuZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1w9xlflH9s2IiinG6Pgsa3p0dYns
-NcwQqV4+tgRkeHO/4CHx8YWvgkpR3+d8a55+BNaIqCGzfzjIe/pjylcZysf2uPuu
-zMHbrXqZgfTJCBviDggNxEEuxJG7F8LchIgeJMoQfLFgQIhMjDfPkhDMovRlVZtQ
-/2LzWHjs9BR3RWeg+Y/s9gUGc4YvMt9o/aGP8PgvOs3XiSiPxPOECkzQ0mCeG+Tu
-vQ33hnzQ38vqDNfHbinm/ymDkSyA79B5UtK5sgUs+1slogKgQSoUsTDE1Yz5SBkl
-+nf58aVPPMnatLXhnf2TU15MI/Ijk1KexI3i8Rpr5ee0XFeWX8K5S7w50wIDAQAB
-o4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBStut1tWum0Rf7kSFIMDnKE
-nSxgyTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcB
-AQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEF
-BQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
-dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2Vl
-Y3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMB
-BAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAXghVzaGliLm9pcnQu
-cnV0Z2Vycy5lZHUwDQYJKoZIhvcNAQEFBQADggEBADglu4XzsPl03JYT+6GUcZK/
-JPWTJC3Str4EOPEr3p167U9PzIVHUAEe4j3raavl4DhNJImyZIMKUyGbhUcely5q
-K/N19u5B1DHhf2Oq1BgW2acvecFM1+zJJ5J1YwXCPSiAKw77Xe8IGZug0vX1AupU
-5EtXJ9ZaI5lO+oPkQzM9b6jUb9/LIlH/fpQWZJ/vk8U7hLZU4E/Nl38T5UqWgfeo
-acsHVofvEYfACZ19ypG4S6I+X1wWLHKfZytjmuUyZ2rOoIUA7cGQeJ3rZkF8MK0D
-y8KHNJm2KHEh1NgVHRk5nPVGi3AqjhGnX9ydvfQMJT5sGPhgrlwgkAcq/spc77c=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.oirt.rutgers.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">rutgers.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.oirt.rutgers.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 451, expires on Fri Oct 22 18:17:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmzCCBIOgAwIBAgICAcMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyMTE4MTc0M1oXDTEwMTAy
-MjE4MTc0M1owIDEeMBwGA1UEAxMVc2hpYi5vaXJ0LnJ1dGdlcnMuZWR1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1w9xlflH9s2IiinG6Pgsa3p0dYns
-NcwQqV4+tgRkeHO/4CHx8YWvgkpR3+d8a55+BNaIqCGzfzjIe/pjylcZysf2uPuu
-zMHbrXqZgfTJCBviDggNxEEuxJG7F8LchIgeJMoQfLFgQIhMjDfPkhDMovRlVZtQ
-/2LzWHjs9BR3RWeg+Y/s9gUGc4YvMt9o/aGP8PgvOs3XiSiPxPOECkzQ0mCeG+Tu
-vQ33hnzQ38vqDNfHbinm/ymDkSyA79B5UtK5sgUs+1slogKgQSoUsTDE1Yz5SBkl
-+nf58aVPPMnatLXhnf2TU15MI/Ijk1KexI3i8Rpr5ee0XFeWX8K5S7w50wIDAQAB
-o4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBStut1tWum0Rf7kSFIMDnKE
-nSxgyTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjELMAkG
-A1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMT
-IEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEFBQcB
-AQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggrBgEF
-BQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-YnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
-dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2Vl
-Y3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMB
-BAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAXghVzaGliLm9pcnQu
-cnV0Z2Vycy5lZHUwDQYJKoZIhvcNAQEFBQADggEBADglu4XzsPl03JYT+6GUcZK/
-JPWTJC3Str4EOPEr3p167U9PzIVHUAEe4j3raavl4DhNJImyZIMKUyGbhUcely5q
-K/N19u5B1DHhf2Oq1BgW2acvecFM1+zJJ5J1YwXCPSiAKw77Xe8IGZug0vX1AupU
-5EtXJ9ZaI5lO+oPkQzM9b6jUb9/LIlH/fpQWZJ/vk8U7hLZU4E/Nl38T5UqWgfeo
-acsHVofvEYfACZ19ypG4S6I+X1wWLHKfZytjmuUyZ2rOoIUA7cGQeJ3rZkF8MK0D
-y8KHNJm2KHEh1NgVHRk5nPVGi3AqjhGnX9ydvfQMJT5sGPhgrlwgkAcq/spc77c=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.oirt.rutgers.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Rutgers, The State University of New Jersey</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Rutgers, The State University of New Jersey</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.rutgers.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Charles Hedrick</GivenName>
-    <EmailAddress>hedrick@rutgers.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Illinois at Urbana-Champaign -->
-<EntityDescriptor entityID="urn:mace:incommon:uiuc.edu">
-  <IDPSSODescriptor errorURL="https://shibboleth.cites.uiuc.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uiuc.edu</shibmd:Scope>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">illinois.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.cites.uiuc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 280, expires on Sun Mar 14 20:11:34 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICARgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMxMzIwMTEzNFoXDTEwMDMx
-NDIwMTEzNFowJDEiMCAGA1UEAxMZc2hpYmJvbGV0aC5jaXRlcy51aXVjLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn9bQRaUXS3VRj3W6bp1K5BsDwHj3
-RKtJwbsK70c9cRCJZkvGqPa6ZaX6WLaBFcoe75frJHV2FhU79SvhNU3okeEEB1wT
-a4xRxpAYHXjd2n25GywrMbFZWI3fLNfSuBOdH/LGcfp7vWmBDTzPWYiGPC6j2Fmz
-C6pUFG6V0obxwG0CAwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-iOsT3olDjglSNAbIKFUfDAI3BUAwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAkBgNVHREEHTAbghlzaGliYm9sZXRoLmNpdGVzLnVpdWMuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQAMs8uaOODQsZ9cghJJcOuwz5FQMory1GQ5lgnK7WVSHOBg8J6F
-B78M1onB9YVyrcV8Srv1AJgnbbETUKJdL5c9g37UU8QKe01145t+RxNsyJ9UPWyu
-wVrxMAMwBaMCkxVjPD9/+GXI2lkYUWuq0gm+Y335CRz9rCOroHIM9r5dEG/Y3J4t
-32YPLQwb9sn7GcbVCs3ciJhryTmVityieoEjIb4bGisThQvuU8e6xGdlhy6I5VN0
-46o/zjiYpcV+10y1ZXR6AB7Wo9HQG59rUCkzqKxJXoMNDD/oxwansooYVCs23wlM
-4IeHMK+TH49LglGq7DdjKkuiMntQiyEsZr1h
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.cites.uiuc.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.cites.uiuc.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uiuc.edu</shibmd:Scope>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">illinois.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.cites.uiuc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 280, expires on Sun Mar 14 20:11:34 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICARgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMxMzIwMTEzNFoXDTEwMDMx
-NDIwMTEzNFowJDEiMCAGA1UEAxMZc2hpYmJvbGV0aC5jaXRlcy51aXVjLmVkdTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn9bQRaUXS3VRj3W6bp1K5BsDwHj3
-RKtJwbsK70c9cRCJZkvGqPa6ZaX6WLaBFcoe75frJHV2FhU79SvhNU3okeEEB1wT
-a4xRxpAYHXjd2n25GywrMbFZWI3fLNfSuBOdH/LGcfp7vWmBDTzPWYiGPC6j2Fmz
-C6pUFG6V0obxwG0CAwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-iOsT3olDjglSNAbIKFUfDAI3BUAwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAkBgNVHREEHTAbghlzaGliYm9sZXRoLmNpdGVzLnVpdWMuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQAMs8uaOODQsZ9cghJJcOuwz5FQMory1GQ5lgnK7WVSHOBg8J6F
-B78M1onB9YVyrcV8Srv1AJgnbbETUKJdL5c9g37UU8QKe01145t+RxNsyJ9UPWyu
-wVrxMAMwBaMCkxVjPD9/+GXI2lkYUWuq0gm+Y335CRz9rCOroHIM9r5dEG/Y3J4t
-32YPLQwb9sn7GcbVCs3ciJhryTmVityieoEjIb4bGisThQvuU8e6xGdlhy6I5VN0
-46o/zjiYpcV+10y1ZXR6AB7Wo9HQG59rUCkzqKxJXoMNDD/oxwansooYVCs23wlM
-4IeHMK+TH49LglGq7DdjKkuiMntQiyEsZr1h
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.cites.uiuc.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Illinois at Urbana-Champaign</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Illinois at Urbana-Champaign</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uiuc.edu/index.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Mike Grady</GivenName>
-    <EmailAddress>m-grady@uiuc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Mike Grady</GivenName>
-    <EmailAddress>m-grady@uiuc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://collab.cic.net/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>collab.cic.net</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 489, expires on Mon Jan 31 20:59:18 2011 GMT -->
-          <ds:X509Certificate>
-MIIFCTCCA/GgAwIBAgICAekwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDEzMDIwNTkxOFoXDTExMDEz
-MTIwNTkxOFowGTEXMBUGA1UEAxMOY29sbGFiLmNpYy5uZXQwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAIbE37VnSZ3eGEExVJTWk4GpeMPZVhMNp/UBJOppuDX1
-ZdJnL/W1+QIpL7RQB3IyZrf1rGboPghLizqGYRnFbQY1egHw7vUnPvUoaWiNbWS6
-WsQRqbbkuBnbze6umsU1lvS4X/aSqV6lppShPASlInf57tybrqbTmAY1FlkqP3U3
-AgMBAAGjggKgMIICnDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFG9pikIpXkpz6HIj
-WlIPUvQ4m4g0MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBW
-MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcG
-A1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsG
-AQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDmNvbGxh
-Yi5jaWMubmV0MA0GCSqGSIb3DQEBBQUAA4IBAQA3S4XvyeVt/1Q5WT1vSp8UAw3j
-Bz5iFB54v5odMgVtLSEAlLFJcnu3EQRgvMva7QbQUueJT++fzpc4KGcFftmPZZ38
-PgsPMn0saJM26/t2jMW0B2Xj847euDd60IO/PptISZLjl/TZlyG3Qqm3IhK2jLRu
-Xv+8G43JNj+xLIIbLe8TZPyEMJznxbYnRjL4fXL6AApyeEXM1LhFHak7jCa7Y+gH
-yjuQhVW/fvvxcuIEe8t/+mVjnACl19zYW30IaVCldivVZl9XDEGdTJPsakg/uBR6
-2QAq7Ez7YxTk9N0RWIKPQbz8OaUuDKBRVOGiN0k+0VOWzHbDF5HCLELVQQUs
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://collab.cic.net/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://collab.cic.net/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cicme.cic.net/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://cicme.cic.net/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Illinois at Urbana-Champaign</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Illinois at Urbana-Champaign</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uiuc.edu/index.html</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Marko Stojkovic</GivenName>
-    <EmailAddress>mstojkov@staff.cic.net</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Russ Snyder</GivenName>
-    <EmailAddress>rwsnyder@staff.cic.net</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Tim Newcomb</GivenName>
-    <EmailAddress>tdnewk@staff.cic.net</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- UniversityTickets -->
-<EntityDescriptor entityID="https://brownbearstickets.universitytickets.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>brownbearstickets.universitytickets.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 427, expires on Sun Sep  5 18:09:26 2010 GMT -->
-          <ds:X509Certificate>
-MIIFvzCCBKegAwIBAgICAaswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwNDE4MDkyNloXDTEwMDkw
-NTE4MDkyNlowMjEwMC4GA1UEAxMnYnJvd25iZWFyc3RpY2tldHMudW5pdmVyc2l0
-eXRpY2tldHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2G+X
-cD+vAFy+xWOgF1vnLtPx1gV8JqhHiy9isknfuJGgs2PQU5gAMQwdpBiPaGYNGPNR
-p8zIS6cop1xxMhp3fWp8YYke0hPIZ/GTvqdSCcOI7G3DpoJEPFiTvZqGSZA1Va3X
-Cq+aqa7AOq4kQb723va8SebTalZaAXTJPkxc09qVVJJI6QwsES8hemIJWh0jqWoz
-cvsmhwtYUn2NjngsugIjxQHP6gUt3xwGXUZ4ndsr0LiwA8dryNV/VOvoqeUIt9qA
-+pxlgw80AWDcIZ8bPRoNSjidDPXY5eq6hoS42LV7wr2xIqpKIcnHeqX9p+XSHKlE
-wZiqLdlDYPTEWUDUvQIDAQABo4ICuTCCArUwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBQ3nK/gX1Fs8lP4UvBpnyahl+lRDTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYD
-VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1v
-bmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNV
-HSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNv
-bW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAyBgNV
-HREEKzApgidicm93bmJlYXJzdGlja2V0cy51bml2ZXJzaXR5dGlja2V0cy5jb20w
-DQYJKoZIhvcNAQEFBQADggEBAHBWFy1yfMKbtK35JnrWUz9JCyQ05bGaFw1DrCns
-fVIytVjLy4Cfs9EEUXjg9RvMWc6IQWw901u/lx4gEskRvjndl+yWMWbwBL6wGZg/
-y89z8irqmaU8F/fN5pwyGhp+NyM32vZ8IiS/Zyu4Q01WT05iVqheIgN8+RgHE5bj
-3wPAaDS7zZiHlIOgSwe3nd+GizrCVwO8N5INmRCec3pxhAaVEPqD/OKvkCpBVWvb
-ZO3RHjBLw2KY804qROPhmnb2WwhLvYqAigB0TdWXbDMDeoqqEaQJJ9BHRwCX90Iz
-JePLUGjTtzJgdjy7/FKNlfKHc7FYFBTLdNLJ8CTNMKw2K50=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://brownbearstickets.universitytickets.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">UniversityTickets</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">UniversityTickets</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://universitytickets.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Gordon Capreol</GivenName>
-    <EmailAddress>gcapreol@universitytickets.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>UniversityTickets Support</GivenName>
-    <EmailAddress>support@universitytickets.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://dev-laf.universitytickets.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>dev-laf.universitytickets.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 388, expires on Thu Jul 22 16:07:24 2010 GMT -->
-          <ds:X509Certificate>
-MIIFqzCCBJOgAwIBAgICAYQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcyMTE2MDcyNFoXDTEwMDcy
-MjE2MDcyNFowKDEmMCQGA1UEAxMdZGV2LWxhZi51bml2ZXJzaXR5dGlja2V0cy5j
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI7gQq2M7lN/JdV0WO
-WhmK47s89ed6McQL7T/UaVNUH829dazHy82PV25DFOCtuKKoTXEeMrPue2G0TGej
-8sRRGqbKqFnjuizsCdOhEso4Oy+jwA4UsZcaUmBBt4EmEsVxnASbhjVHTnlo3Lcu
-Qc9t4DyGjfZiD6u9p6WpXlrZ8teqkH4nA1XWZzM60UPLe8HoQr0RdLahUm0lcGPs
-3BJofbJwemAqCuyevm+nJjuhn0Njt0ikhrPomqOwbCNY3S6XdKUwwwWQ3Hbw5CRl
-4AUJ/2Q6zBE+OG+QznEuhoP6HRDQqtkqLjrCEVIEZ7VyiciZUoM/ybr4ubggc1q2
-+DwVAgMBAAGjggKvMIICqzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFMNgGIuU9v4S
-UT7NqabGQGVqDfjuMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCgGA1UdEQQhMB+CHWRl
-di1sYWYudW5pdmVyc2l0eXRpY2tldHMuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQAY
-qRQonOWAVKtRGUs2h1Dmr9JdIDRhXYLhDd0T6otUzMZ0V8Py39GNR4zxAHh5flGY
-loMIGD/k7hsmNInoHYfOXW7dqH2jMf0oK2uGFWTth7/Mva5Ez7RVCox1R7j33CkA
-tWkXIk0whVi6rdKR0Y/1s6dfbJWBfm/gVpbvJmTkL4/e545Z5prvt8x3ilx14yey
-Xq/WsUZn1sqV03ozVg+ofW5mfQjrhQuqfgrI+Gx2fwwvTSyNt5ifK0RabG+eKM6M
-S3Ws3gQGM9ZtsvN1pa4uEsELz4IvFv7EWx0eHgZzoBvja6L5DdJvJVeuF9vMJ0rh
-VLYOWEFagbyFZQq7KBtX
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://dev-laf.universitytickets.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">UniversityTickets</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">UniversityTickets</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://universitytickets.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Gordon Capreol</GivenName>
-    <EmailAddress>gcapreol@universitytickets.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>UniversityTickets Support</GivenName>
-    <EmailAddress>support@universitytickets.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://lafayetteticketsonline.universitytickets.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>lafayetteticketsonline.universitytickets.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 465, expires on Thu Nov 18 20:27:51 2010 GMT -->
-          <ds:X509Certificate>
-MIIFyTCCBLGgAwIBAgICAdEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTExNzIwMjc1MVoXDTEwMTEx
-ODIwMjc1MVowNzE1MDMGA1UEAxMsbGFmYXlldHRldGlja2V0c29ubGluZS51bml2
-ZXJzaXR5dGlja2V0cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDUjz8rf4wXX47CBdxJU4+sJ9SohhMLvtxwH/HeePBBDcHwfKzdAVICA46fOqvb
-qf6vBr3Yf446Ml2/ic25ZYTWZr2PBeqKuI3K1NRInRV/N+8f6xCkA3aV3QJZ9/yf
-N3Is5RxMi2O7tMhoOtxszLBViW0gEhHRbQNpyBryxJzSPyb3gDrIcSna4vSSyyRu
-1BT+LnyzgHBattUsLKb6UH0sJ3yZG/G5TNr4NhCOmHMCmLbBLNZOHYlS73gLDEoE
-+BxwEDs6rViJKhS4CzIIFEfxfDPpdTKbb3j7Iay1Mu+kt7XskxR74pTHa5/8a99M
-eBaXiac+QXLP8M45ILKkEzNbAgMBAAGjggK+MIICujAOBgNVHQ8BAf8EBAMCBaAw
-DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYD
-VR0OBBYEFEkaASR1WxRpxfePmuKwIOlvlejMMH4GA1UdIwR3MHWAFJMtyGEYrWPj
-m2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21t
-b24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-MIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDov
-L2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRm
-MDcGA1UdEQQwMC6CLGxhZmF5ZXR0ZXRpY2tldHNvbmxpbmUudW5pdmVyc2l0eXRp
-Y2tldHMuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQB3I1L1UN+N3qDDb0UTY6ggg+2+
-Pgx9ZBK2tJgI49RkBfsX8c4voHs7GWTN28cos6FPP+3U/WIbqN1Qs0I8/kdwuPtI
-Q3L5z5yefJq276M/MZC9e9dGcCDGh1b6HhkKCgn1jb004YSVnuE216xxe11MyAfM
-ilpXF+3kHH//JHew4RUk6XjH2ia5Rpl8zCTmtN818bCKLgNtVGzGXEWupcsDjw8H
-FevaWhDhF5JGoQ0G5Kd9APjRBwMnXSlZoTXcuwE0Z7u0e8DnvPAlDOVE7mTjzlxb
-8DvfcO4DYAkkNNYr3k8w+QLSFFPA5csJmB0bPggPTbOFiefvB53f0TsZTF9V
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://lafayetteticketsonline.universitytickets.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">UniversityTickets</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">UniversityTickets</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://universitytickets.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Gordon Capreol</GivenName>
-    <EmailAddress>gcapreol@universitytickets.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>UniversityTickets Support</GivenName>
-    <EmailAddress>support@universitytickets.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://nbo.universitytickets.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>nbo.universitytickets.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 425, expires on Sat Sep  4 18:08:05 2010 GMT -->
-          <ds:X509Certificate>
-MIIFozCCBIugAwIBAgICAakwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwMzE4MDgwNVoXDTEwMDkw
-NDE4MDgwNVowJDEiMCAGA1UEAxMZbmJvLnVuaXZlcnNpdHl0aWNrZXRzLmNvbTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMONVvSmTQKsVAFGTEwXyqK3
-NXOduMrJ70i3zi5YkRs5sOyLFpVcVkvZGTmh/hJQKOtQywtKF98RdGXSk6NC8WT8
-XUOkyMmCptx1AbhRH6o8FCgwRGabx5DMy44VJduPDzgtiK54BwngdEJMIDpZ9Pnr
-xFaTaiDkX+y44Ne/WOJGBX8+RNoTkyLjDtzlSnjFnxRNEIUtZ3omRxqzbqAytWDS
-4OSELB1Oso9FL9f/EnEI053ER8/WMN0ajM/WlSRm/ZcHO16XJUL8WebUF9Cs8SeH
-cKHrKoJI05iNoC8xr+zUZJbVSo4B4x2Kc8x/ck7yOmgTGLMB2T73ysLh2YlsyUMC
-AwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUiu5JRbdWhU4c4cfn
-J9wzE+WackYwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYB
-BQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYI
-KwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEE
-Aa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJAYDVR0RBB0wG4IZbmJvLnVu
-aXZlcnNpdHl0aWNrZXRzLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAIKzjxMKODDzS
-uJY5iDeKS+U6MGeWOdQoErZ8pl1zJSHB095OlKmu/Ae+bxw0IzgigQEESL2AM8vU
-yUCHm2W1pT5iikjg0z138P7ZmUO8BF8z2sLidej1kzC00UAcWRTOe6CA4/ZM/64Q
-nLE8ynj4C4lal8uDWBPbmyZHirzExife75L7y7CesH6LsXJwGr1H5E83Ekyky0EM
-NcukodOuo5BqYDoQoPidDtS2dgAHfIrBUtbAY73Cs6bPflpoG4693Bqcw7b9U/zz
-mHvQBsu33PJW431arOYqQKwPseAb1HL4d07AU56Np3YE3MUFk+WGao0SBDeBJVfx
-bBD8CYndNw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://nbo.universitytickets.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">UniversityTickets</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">UniversityTickets</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://universitytickets.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Gordon Capreol</GivenName>
-    <EmailAddress>gcapreol@universitytickets.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>UniversityTickets Support</GivenName>
-    <EmailAddress>support@universitytickets.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Trondent Development Corporation -->
-<EntityDescriptor entityID="https://ucsso.travelprefs.com">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>ucsso.travelprefs.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 309, expires on Sat May  1 19:09:49 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICATUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQzMDE5MDk0OVoXDTEwMDUw
-MTE5MDk0OVowIDEeMBwGA1UEAxMVdWNzc28udHJhdmVscHJlZnMuY29tMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDE7kMyOXiQPfLNlvE2FBax2unKP+/0IFJG
-D1ZETFGSrcmm32uutzj1smmIR7S+GtjqutDT//d5nHPHoaNbwg1oyfg4qSag0G16
-RI2I4rRVGYyH5QmBByrS4raoBgqXtp5dajn41LD3gRze4BCrtXZqhYXfQ69u0brt
-5s+ctM3hWQIDAQABo4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQyt9vV
-JI9u4BLRLAcly2egrzm6HzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGN
-BgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4G
-A1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2lu
-Y29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAG
-A1UdEQQZMBeCFXVjc3NvLnRyYXZlbHByZWZzLmNvbTANBgkqhkiG9w0BAQUFAAOC
-AQEAQKVV2RwO4VukBocgwA62ySYRylbk8r8yarOYWNmsFQ7FAVQmVmXUqw/AW7Cx
-O/AXN4tEFzkw6botF94maZul4lXlaqtTKvZfAF853LIkiiKSUobTSybf5dOsxv82
-izM0YY2zYmyqZn3VYmuBn5qb++6Knkl8BJ+ki3ERaKEK7sJvxkuLqOtw6a1vHBHS
-M6gd7wNfv9h821tZU1kOXv2Nsvy2bYgnCISMm1eDzH4kHPAgn4PwvfIkoMXVz92N
-8Br3I/wU03FE0xkAmpkx+GDXWcKfL6y7U+IRj62G+lGzapmnpUNpkRYTKEgT/333
-YCvb1+hq4tiYs5WNusR51DogHw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucsso.travelprefs.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://ucsso.travelprefs.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Trondent Development Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Trondent Development Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.trondent.com/tdc/default.jsp</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Network Operations</GivenName>
-    <EmailAddress>netops@trondent.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Jeff McCombs</GivenName>
-    <EmailAddress>jmccombs@trondent.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Trondent Support</GivenName>
-    <EmailAddress>support@trondent.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://uc-stage.trondent.com/shibboleth/incommon/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>uc-stage.trondent.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 303, expires on Mon Apr 19 19:51:47 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICAS8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQxODE5NTE0N1oXDTEwMDQx
-OTE5NTE0N1owIDEeMBwGA1UEAxMVdWMtc3RhZ2UudHJvbmRlbnQuY29tMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZIm9gGYtAFRFiUMVEgETVsneAViagoUI4
-6CUtgewauE/cyoPj9usamr2F+0EkceB6Y5KPVzwfdAVSEfjcdE/DkgFEzkTBypHU
-ncA6bSioMZ9Q0IfHPOq0cR1Qz6J7b74XlffXe6iNVSNKfLbFilmdyGQ8aWqh7U+G
-DyaoXbLjGQIDAQABo4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQjq7Gp
-hXBkOz/4kTx03AhdBpdoTjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGN
-BgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29t
-bW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4G
-A1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2lu
-Y29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCAG
-A1UdEQQZMBeCFXVjLXN0YWdlLnRyb25kZW50LmNvbTANBgkqhkiG9w0BAQUFAAOC
-AQEAMS0778CCZsfjg7IY0EHRRxlNNwr/wbBesCCdUUNKmTyAS2ggMTwoLKRp9G/o
-1QJL5gM88vB9X4A7yiCVBcqRQXwMWC6sllb4jXfs4G4utN/FI4ajDeeUUOO7ki55
-gZ31kMry68fo7rHz0hMIB3pUaBo1Yf/Zis4pUIhaDqGce6mkpwu4AFK4TWzNHmJN
-2+TBtG96jTBKF0ENrrRny2MxkbPzyUa+IQMDWwF9hIuBATzmG9IHVAcd/IbDTmUH
-lJcP6BKzSTnZ3O6apBf4tMiBm62Atxdp/Tk4cYfU1tf2VCap3Ym0eV3G0/BM9OtX
-yOosFX12U+tAmVA2kBVBJANV8A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://ucsso-stage.trondent.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://ucsso-stage.trondent.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Trondent Development Corporation</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Trondent Development Corporation</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.trondent.com/tdc/default.jsp</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Trondent Network Operations</GivenName>
-    <EmailAddress>netops@trondent.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Trondent Support</GivenName>
-    <EmailAddress>support@trondent.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Jeff McCombs</GivenName>
-    <EmailAddress>jmccombs@trondent.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- ProQuest LLC -->
-<EntityDescriptor entityID="https://pqshibboleth.proquest.com:9443">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>pqshibboleth.proquest.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 490, expires on Fri Feb  4 17:05:26 2011 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICAeowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIwMzE3MDUyNloXDTExMDIw
-NDE3MDUyNlowJDEiMCAGA1UEAxMZcHFzaGliYm9sZXRoLnByb3F1ZXN0LmNvbTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuphJptTTHCmMVxNgJxhde0Gvtoqc
-O+u68ZQk6AIGvwbjnwPKoryOai42KpOqS2cqTqXIpRM5ix+dZkRK2qy6yaVxm9/x
-68jT5iy1PBPMgBjPDfCLdHFIfG35wOlq831aWjzoydAqfeEk9d5Ql63jj28l5Oh0
-2sCAN+h2AjfGjnECAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-OoO6+Fn1w3syWfMo69II2kWsO30wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJAYDVR0R
-BB0wG4IZcHFzaGliYm9sZXRoLnByb3F1ZXN0LmNvbTANBgkqhkiG9w0BAQUFAAOC
-AQEAkT2N6y0Abrf4Lj+hsLcemWkBjEsSa6gMTgS3bGUUxO2keC/OLcAKyjheVB3/
-vEv7IPgvTUVGDwExqSdrZBdQD6gvbcndZcZG17QtZmQaGGocRGgtVFqLJeX/X8Mh
-eDuSfigWj3mh461yqJhFRp8mtRrLmztBaC0WDRPHHiv5SSPSL6XGVIYnNCPOPRh0
-V2R1qZsnBeqSHdiddTjp2385jCVOa9AoZ+vmYhnUeQr4hNviBk1m1sbbZxav4VSm
-bmq1F/ZhWxiiHpnDJ3lk1fTb98ClOTUbl/vigTsU7TFGO7SZE7QlJRdisWC/aWOo
-rUdtGoUocs9Py0i043t+fTvBPw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://pqshibboleth.proquest.com:9443/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">ProQuest LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">ProQuest LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.proquest.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Chad Roberts, Software Developer Lead, ProQuest (Ann Arbor, MI)</GivenName>
-    <EmailAddress>chad.roberts@proquest.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://pqshibboleth.proquest.com:9443/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>pqshibboleth.proquest.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 490, expires on Fri Feb  4 17:05:26 2011 GMT -->
-          <ds:X509Certificate>
-MIIFHzCCBAegAwIBAgICAeowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIwMzE3MDUyNloXDTExMDIw
-NDE3MDUyNlowJDEiMCAGA1UEAxMZcHFzaGliYm9sZXRoLnByb3F1ZXN0LmNvbTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuphJptTTHCmMVxNgJxhde0Gvtoqc
-O+u68ZQk6AIGvwbjnwPKoryOai42KpOqS2cqTqXIpRM5ix+dZkRK2qy6yaVxm9/x
-68jT5iy1PBPMgBjPDfCLdHFIfG35wOlq831aWjzoydAqfeEk9d5Ql63jj28l5Oh0
-2sCAN+h2AjfGjnECAwEAAaOCAqswggKnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-OoO6+Fn1w3syWfMo69II2kWsO30wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNv
-bW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1j
-ZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1Ud
-HwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
-cmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0g
-BFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21t
-b25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwJAYDVR0R
-BB0wG4IZcHFzaGliYm9sZXRoLnByb3F1ZXN0LmNvbTANBgkqhkiG9w0BAQUFAAOC
-AQEAkT2N6y0Abrf4Lj+hsLcemWkBjEsSa6gMTgS3bGUUxO2keC/OLcAKyjheVB3/
-vEv7IPgvTUVGDwExqSdrZBdQD6gvbcndZcZG17QtZmQaGGocRGgtVFqLJeX/X8Mh
-eDuSfigWj3mh461yqJhFRp8mtRrLmztBaC0WDRPHHiv5SSPSL6XGVIYnNCPOPRh0
-V2R1qZsnBeqSHdiddTjp2385jCVOa9AoZ+vmYhnUeQr4hNviBk1m1sbbZxav4VSm
-bmq1F/ZhWxiiHpnDJ3lk1fTb98ClOTUbl/vigTsU7TFGO7SZE7QlJRdisWC/aWOo
-rUdtGoUocs9Py0i043t+fTvBPw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://pqshibboleth.proquest.com:9443/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">ProQuest LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">ProQuest LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.proquest.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Chad Roberts, Software Developer Lead, ProQuest (Ann Arbor, MI)</GivenName>
-    <EmailAddress>chad.roberts@proquest.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth.chadwyck.co.uk/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.chadwyck.co.uk</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 323, expires on Fri May 21 19:15:42 2010 GMT -->
-          <ds:X509Certificate>
-MIIFJzCCBA+gAwIBAgICAUMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyMDE5MTU0MloXDTEwMDUy
-MTE5MTU0MlowJDEiMCAGA1UEAxMZc2hpYmJvbGV0aC5jaGFkd3ljay5jby51azCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArzKU6RnrTXwfmc+H7A0tafWJBtOL
-2ecNo8KUysZk7zGWz045UmiSNGcxKlzZWNeWwRHHzf4opaAvOpcLZrfS9S8/LxNd
-QrcUlHKRwmTTz30q0ULzPmCxaxCni4tSjWhOj1kh4ZdNmQtpzfe4dxSfkmCos/+Z
-ACnSC3Xufah0rXkCAwEAAaOCArMwggKvMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
-Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
-6YXozFjlpfRtzvawsiiXDqaLr7EwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2T
-uufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRl
-cmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2lu
-Y29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
-LWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2Ey
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3
-YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6
-Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBk
-ZjAkBgNVHREEHTAbghlzaGliYm9sZXRoLmNoYWR3eWNrLmNvLnVrMA0GCSqGSIb3
-DQEBBQUAA4IBAQAS17xM+wjnjLIEjjf1aLZXJq4OA+yelzKP/u+tlghNBKvO6E/k
-38o7xW5qDU8HX43ILq6qIYmNbp9iEeyClxQtMCZ537GKHaUFGq4oZYmd07Xxos5E
-p71qeTf6gP3K+MgaVyXGl07vA61QrhbdcFPvgKPLGuqF1NakNIcc+ovtHqY2hstU
-WiJWNJnRk4iY3NoNVEk3OvueoyGsQf8gLpDXRpm9BgGSxmzRXv62yzFJlmJsSa8Z
-OOVcF1YDrNrK6KLEP+Nxhf/hGnf4BAgwEo3nApw3M1UhIYuhpMBKq73jAFFyYTbR
-SOCDIImN0MPzGKyb7eXBpjpT6oxfdUtcR2uY
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.chadwyck.co.uk/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">ProQuest LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">ProQuest LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.proquest.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Geoff Leach, Software Team Leader, ProQuest (Cambridge, UK)</GivenName>
-    <EmailAddress>geoff.leach@proquest.co.uk</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Douglas Hall, Assistant IT Manager, ProQuest (Cambridge, UK)</GivenName>
-    <EmailAddress>douglas.hall@proquest.co.uk</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://shibboleth.illumina.csa.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.illumina.csa.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 305, expires on Thu Apr 29 19:13:48 2010 GMT -->
-          <ds:X509Certificate>
-MIIFKzCCBBOgAwIBAgICATEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQyODE5MTM0OFoXDTEwMDQy
-OTE5MTM0OFowJjEkMCIGA1UEAxMbc2hpYmJvbGV0aC5pbGx1bWluYS5jc2EuY29t
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoAg+5TPj5KNbuC9bHst1bZaxX
-Z2Mk0ltpDqocQ8l0Nfa+w/VhnfAhtZMlrqhlqjpHz3u7T2u2VUNB3IZ12CKXS5pR
-0lEy3r2sqABZgCCRVpoYwTTSlymvlf7s3A15oLCy9OaFO5RLM7tRQACEOdBJGRM7
-3oHNEt2fkIt1/KpkRQIDAQABo4ICtTCCArEwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
-BBSNxK3a53PuzUHMwU+3xcnt/8cmzTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53d
-jZO658pjRaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZl
-ZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5ggEAMIG6BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8v
-aW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMv
-Y2EtY2VydHMucDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25j
-YTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0
-cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMu
-cGRmMCYGA1UdEQQfMB2CG3NoaWJib2xldGguaWxsdW1pbmEuY3NhLmNvbTANBgkq
-hkiG9w0BAQUFAAOCAQEAmJOVEWMGhkeyNwqQ+lE9WYrCRryIqOawuQ3Zb7+GGzzj
-a09Q3MH/KgMRSX/AfLF27h4jBirEuDjZXiEBjXmPZi1O/V5zOvcZmF36qZNjZyo/
-gPdqq+tQOXyM6Wm5tvMo7b8NI8ZpNx57lU4R678dH4Gf1g3yRIhASILZHriaAGnQ
-JpLdWS00FY3rhvcp5WjkNqEPxyeQ7gKZr30bo5wEEAhnVGLT3/GGKTOtmzg+MQpX
-/Y8WKhQGK81gp1WDeAffj6/+lU8XcOeQOCPcID570UOVBjFhMSztJKqzTy/Wbnzb
-9GoWoU7XiW45ydbYRSNdBybEvvCHJIWz+G85Yg/HZA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.illumina.csa.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://shibboleth.illumina.csa.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">ProQuest LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">ProQuest LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.proquest.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Shibboleth Illumina Tech</GivenName>
-    <EmailAddress>shibboleth.illumina.tech@proquest.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Shibboleth Illumina Admin</GivenName>
-    <EmailAddress>shibboleth.illumina.admin@proquest.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>CSA Illumina Support</GivenName>
-    <EmailAddress>support@csa.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Outside The Classroom -->
-<EntityDescriptor entityID="https://v9.alcoholedu.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>v9.alcoholedu.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 346, expires on Sun Jun  6 18:25:02 2010 GMT -->
-          <ds:X509Certificate>
-MIIFmzCCBIOgAwIBAgICAVowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwNTE4MjUwMloXDTEwMDYw
-NjE4MjUwMlowHDEaMBgGA1UEAxMRdjkuYWxjb2hvbGVkdS5jb20wggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGr3qv8tMKon+6463E4VuBKB0hJvWsLJ3I
-GahW2HJKApSzaFqlz5Xp6yFS3jqKxYaLQ8yJWbymtUuzRnYIl1/YpBYjX28t5eJQ
-WnkCZ53f8A7hcK5L/JLdUTIWGH50m5QLyLg9gg78/wtoinDAaIoQWtCTGQb1Pi2d
-6j3qsIPgosPCq0VubV8V/uNEG3lu24ipjLHabfjCEvzBiZ60cvQE5uZa42AMef/1
-/q2kMtGwf/raDDkq0RmCKdb5N2Cn4AWbuv9TONd/BRhQjwseNn0JOdDukercLsHw
-QpIuK+F7LdG+jM4MN7uUlEFbN1sEHv/t2YBhA6BYiN2/kMSeBRuBAgMBAAGjggKr
-MIICpzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFGgjaCd5Hzms1Qzzw8I/vkpGOa1y
-MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQG
-EwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5D
-b21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgboGCCsGAQUFBwEBBIGt
-MIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IKCQlDQSBJc3N1
-ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEE
-Aa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHAYDVR0RBBUwE4IRdjkuYWxj
-b2hvbGVkdS5jb20wDQYJKoZIhvcNAQEFBQADggEBAE6mU86LJlJJPRGP2LSsO8qU
-CkNxFcjfaE56XRg9d8AGAiDcbfb7kq+II2HPtTFX020U8khb9sRejJ3gJ3tMZDru
-BS4Kvq+iV4bcngAGGalKL9zXUaMyyALypiyun58F66MxjR2LpsZEMBIG3sn6rMBn
-USgVos1vEst2EncdncUXsYJ33qQdYdnj/hMRqNETFFSqk3pec0hbkGhA6YFEuWjb
-N6QvUmjpZLgvBpAoHnpu7SW0iDdunr2NoDlb608coNd/4HRkIk1ASufH676TBhvB
-gz8FoesKwAYamK8RRPdK20Aymj5gCu/8rlrmf0vpqmhwedN3xOrt9KjJRvsasZQ=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://v9.alcoholedu.com/Shibboleth.sso/SAML/Artifact" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://v9.alcoholedu.com/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://v9.alcoholedu.com/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Outside The Classroom</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Outside The Classroom</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.outsidetheclassroom.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Heather Haynes</GivenName>
-    <EmailAddress>haynes@outsidetheclassroom.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Carleton College -->
-<EntityDescriptor entityID="urn:mace:incommon:carleton.edu">
-  <IDPSSODescriptor errorURL="https://login.carleton.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">carleton.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.carleton.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 324, expires on Mon May 24 14:40:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAUQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyMzE0NDA0M1oXDTEwMDUy
-NDE0NDA0M1owHTEbMBkGA1UEAxMSbG9naW4uY2FybGV0b24uZWR1MIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDOBlQORZtupdGd0bmLXZIj0NY2gL6jGcKKKe0/
-cMXvkQ1xh8x4luevXDq1HFnyzo/zurhNERV9acqkEBpILpZJcY9lYyH9Szv/0fKG
-+rc6u5eX74p/nBR5vgOMTIbrf+jYfaq23D4kEV8vH0hJzLA4iKlPPcsXIblzSsFK
-gK9afwIDAQABo4ICrDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTNZvXaldWs
-VQb6F/LDVXzVLgKEEjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1Ud
-EQQWMBSCEmxvZ2luLmNhcmxldG9uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAAgtx
-yxaJazfvu3yd/OQvQCwVG4wbaaXcOTYnkTPPUYJPJS7Mmh7bQaZeK+ltBIvCkXQr
-JGXCn2uzTjBg3YoHMxAwhqq6WIdg6STpO7OhcbgZTlWdl30lb4pOQ4QmSQWYxNJ7
-2Xd3depIw6y8vNk4cfJLQqddDEJY06QodzKvKGRPwzVRwtLusjk7jzE+f1VOcjlE
-xcp4SbHt6s7F/QgGyJJH/H8y06gN4UOLhLzodQ0d4RMwFyTLBXsytP3rhICYYeTn
-0B+uSI+ww0jCXojhytCbXCqn5SP0lJRxM428ozsGaKhhu3I+ZnnEUGK236VVN/Wq
-mmC9Y9C/V2Q77ijp3Q==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://login.carleton.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">carleton.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.carleton.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 324, expires on Mon May 24 14:40:43 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAUQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyMzE0NDA0M1oXDTEwMDUy
-NDE0NDA0M1owHTEbMBkGA1UEAxMSbG9naW4uY2FybGV0b24uZWR1MIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDOBlQORZtupdGd0bmLXZIj0NY2gL6jGcKKKe0/
-cMXvkQ1xh8x4luevXDq1HFnyzo/zurhNERV9acqkEBpILpZJcY9lYyH9Szv/0fKG
-+rc6u5eX74p/nBR5vgOMTIbrf+jYfaq23D4kEV8vH0hJzLA4iKlPPcsXIblzSsFK
-gK9afwIDAQABo4ICrDCCAqgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTNZvXaldWs
-VQb6F/LDVXzVLgKEEjB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFa
-pFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24x
-KTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIG6
-BggrBgEFBQcBAQSBrTCBqjCBpwYIKwYBBQUHMAKGgZpodHRwOi8vaW5jb21tb25j
-YTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiCgkJQ0EgSXNzdWVycyAtIFVSSTpodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB0GA1Ud
-EQQWMBSCEmxvZ2luLmNhcmxldG9uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAAgtx
-yxaJazfvu3yd/OQvQCwVG4wbaaXcOTYnkTPPUYJPJS7Mmh7bQaZeK+ltBIvCkXQr
-JGXCn2uzTjBg3YoHMxAwhqq6WIdg6STpO7OhcbgZTlWdl30lb4pOQ4QmSQWYxNJ7
-2Xd3depIw6y8vNk4cfJLQqddDEJY06QodzKvKGRPwzVRwtLusjk7jzE+f1VOcjlE
-xcp4SbHt6s7F/QgGyJJH/H8y06gN4UOLhLzodQ0d4RMwFyTLBXsytP3rhICYYeTn
-0B+uSI+ww0jCXojhytCbXCqn5SP0lJRxM428ozsGaKhhu3I+ZnnEUGK236VVN/Wq
-mmC9Y9C/V2Q77ijp3Q==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.carleton.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Carleton College</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Carleton College</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.carleton.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Bockol</GivenName>
-    <EmailAddress>mbockol@carleton.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://test-sp.carleton.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>test-sp.carleton.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 325, expires on Mon May 24 14:40:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFHTCCBAWgAwIBAgICAUUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDUyMzE0NDA1MloXDTEwMDUy
-NDE0NDA1MlowHzEdMBsGA1UEAxMUdGVzdC1zcC5jYXJsZXRvbi5lZHUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAMlpaCTTtwI94Yo6k08BURvC3kSZaOSAYepg
-hvk+GtR0SOT45noMbCLXNtNVi2Mme1InAIEn/CfdXKWhnlhFv05hhvcJP/cYGf4c
-4pVU8RyPR8EpqSztxsihfLHpaJ6qy2zatIF2ZsRsrScMJkt898GJhRssLpjT7BH6
-3RCCdwyHAgMBAAGjggKuMIICqjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFA6ssSQQ
-cUcZhxhNCweXZYRMJiScMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNF
-oVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlv
-bjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAw
-gboGCCsGAQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmh0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IKCQlDQSBJc3N1ZXJzIC0gVVJJOmh0dHA6Ly9pbmNvbW1vbmNhMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0G
-A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21t
-b25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYD
-VR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5j
-b21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHwYD
-VR0RBBgwFoIUdGVzdC1zcC5jYXJsZXRvbi5lZHUwDQYJKoZIhvcNAQEFBQADggEB
-ADvZcrzHQxuFLUQi08rjonuDvgzvBSiuX2P5Q3cvKF/m8ZuMOmH19IHn8h1QxEwb
-0Ps5/t5na/Qczh7a1CAXdtoHnwjLMduNDKZTOJQgujgeimxmVgUy4Upa80RRtBQX
-m3SqKLPewq8KXixm8rUS4ZB3L0x+KhZeDPFQcR0H4pHzAVRfKxaMvzr6+E6JDJRL
-sjqiTLc4FqyK/mV7oqA7Ja0mJGoaLhbk85OJLypTpgxB5Dx5roCuasJ1fthKK85e
-3NkAf8Zfe2kL5y34z41TC/Bt3lVGVWdaKQM9NUCa6CUHowBqtMcPxGPAJXyAtpge
-o6d3r6g6/3W+CZ4LEhGBE/c=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://test-sp.carleton.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://test-sp.carleton.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Carleton College</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Carleton College</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.carleton.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Matthew Bockol</GivenName>
-    <EmailAddress>mbockol@carleton.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Safari Books Online -->
-<EntityDescriptor entityID="https://authenticate.bvdep.com/incommon">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>authenticate.bvdep.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 383, expires on Sun Jul 18 19:01:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAX8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNzE5MDExNFoXDTEwMDcx
-ODE5MDExNFowITEfMB0GA1UEAxMWYXV0aGVudGljYXRlLmJ2ZGVwLmNvbTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAscMqs1FV2fggIqHhUc0TSqk/JvM+VN+0
-IjFJWGeweX+tEMJ4qdWbFSRuIZ6snqKPq0fngozU4JZxq8npWi282fD+z/FwN3Z8
-j2GZzNL6WAE4LhewWKV4SMny7sMCsz5tzslA8u0kKWzl0oHfFRuFhg7TNK7Nm/uJ
-JhXArH7CiWMCAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU1H4n
-S2C9fAB5YyZYFDlX0bxMYDMwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWYXV0aGVudGljYXRlLmJ2ZGVwLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAljyy
-qVwgJGmNsAMpswmc3xOQ4yjhMICD4Y01u35CEmZ7OqRJVOj3roMqAGx763Cvr87Q
-I6Zeu+GbJ2BSRnW2ELnWLkMDa4kH/rdDI5RL4/lDp4AV0QmSSX21oeMU3vlQtiYw
-8/fG5lE6mSZgd8K7lRVKv13mBHDxFB833RPUa1nXLuvRVPPXW98tSMup9ru+g8Au
-6wQ1a9DUQF+5VM85MdGlh5CRUAon5jC5QmlgiflsqLYCoUJpf7VaSxkkNZaW+OcL
-80U+U2obJ0fn6hrFUj4yWZo1wX1bvXEB3LDWQB0VJXb4FRarFykh+tRJ6mdqtSZO
-cPtXaeaGBEu0gmNxBA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://authenticate.bvdep.com/incommon/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://authenticate.bvdep.com/incommon/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Safari Books Online</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Safari Books Online</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.safaribooksonline.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Peter Buelens</GivenName>
-    <EmailAddress>pb@bvdep.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Peter Buelens</GivenName>
-    <EmailAddress>pb@bvdep.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Peter Buelens</GivenName>
-    <EmailAddress>pb@bvdep.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of South Carolina -->
-<EntityDescriptor entityID="urn:mace:incommon:sc.edu">
-  <IDPSSODescriptor errorURL="http://www.uts.sc.edu/authentication/shibboleth/shibberror.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">sc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.sc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 464, expires on Thu Nov 11 20:03:45 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkzCCBHugAwIBAgICAdAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTExMDIwMDM0NVoXDTEwMTEx
-MTIwMDM0NVowHDEaMBgGA1UEAxMRc2hpYmJvbGV0aC5zYy5lZHUwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChmwpos/dPDlh7zhzfYNI5RNc8udsppS2T
-VPPy5/SZ/eB0hRYGs3HCZCrE8t7zpepS2Y7sXHsJG96kPgeZVvWhDIOYEJZRTMcp
-tYHSjuD5OlOYGaSaxZ2CfycbnxS/gQJBSyi7pbeSYEQjShcVYCViRLc2NVP6vwY/
-juaipq7wTNblRnmLUYuBkikriRc4f0z4qa1j0TFI9dHa9pp1DZuOz8XhsJ8sl5TZ
-FSJLwnPqmaWcMwFm9BSqjihn1d6hsMEpPMcO4lpaQF2lzyQrkGJfTTwNy4uoA4er
-QJj+Hg0Fxaf/iS5IRTj6urUQO6J8b9boOEwEtZtLwIo3PG5RDpiFAgMBAAGjggKj
-MIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJ6EsggZYpFRPhU7KH9Zfhmcamvg
-MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQG
-EwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5D
-b21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGl
-MIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAC
-hkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNoaWJib2xldGguc2Mu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAQQkot3bYBJCbOi/gMLeWnC96Xyb9UJ5sW
-ZWP8Q6TvkPCIH254aAGeiaeqg4tKhNU1wJJWUf6jYWkrMUE+GxEPA7aQVb0F/tqO
-fTHHJBnKAgej/Cw3fw5pzoeTKXbJRtf45oRK8vvm3BVuanpqy2DmFP2XEIg+W0kv
-xOS/mVf+I4m+E+sGc2hqOKERUKa9I3OIZRyt4fcayHKUoSq2lr3+WH6TCNOI3ftI
-JeFdpFAEsVRCf6G0y15/NE2ZrZxIa40eMQyFiQBJZ3rg7QTxNHyRxrT1RzcJiqGW
-/BZ+1dTx9GUEp9N5c398vGG3GdxwYl6E0T7Cbv26YYi4i7HFU1VF
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.sc.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.sc.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">sc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.sc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 464, expires on Thu Nov 11 20:03:45 2010 GMT -->
-          <ds:X509Certificate>
-MIIFkzCCBHugAwIBAgICAdAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTExMDIwMDM0NVoXDTEwMTEx
-MTIwMDM0NVowHDEaMBgGA1UEAxMRc2hpYmJvbGV0aC5zYy5lZHUwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChmwpos/dPDlh7zhzfYNI5RNc8udsppS2T
-VPPy5/SZ/eB0hRYGs3HCZCrE8t7zpepS2Y7sXHsJG96kPgeZVvWhDIOYEJZRTMcp
-tYHSjuD5OlOYGaSaxZ2CfycbnxS/gQJBSyi7pbeSYEQjShcVYCViRLc2NVP6vwY/
-juaipq7wTNblRnmLUYuBkikriRc4f0z4qa1j0TFI9dHa9pp1DZuOz8XhsJ8sl5TZ
-FSJLwnPqmaWcMwFm9BSqjihn1d6hsMEpPMcO4lpaQF2lzyQrkGJfTTwNy4uoA4er
-QJj+Hg0Fxaf/iS5IRTj6urUQO6J8b9boOEwEtZtLwIo3PG5RDpiFAgMBAAGjggKj
-MIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJ6EsggZYpFRPhU7KH9Zfhmcamvg
-MH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQG
-EwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5D
-b21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGl
-MIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAC
-hkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlk
-Z2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
-Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxz
-LmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEw
-RDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEXNoaWJib2xldGguc2Mu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAQQkot3bYBJCbOi/gMLeWnC96Xyb9UJ5sW
-ZWP8Q6TvkPCIH254aAGeiaeqg4tKhNU1wJJWUf6jYWkrMUE+GxEPA7aQVb0F/tqO
-fTHHJBnKAgej/Cw3fw5pzoeTKXbJRtf45oRK8vvm3BVuanpqy2DmFP2XEIg+W0kv
-xOS/mVf+I4m+E+sGc2hqOKERUKa9I3OIZRyt4fcayHKUoSq2lr3+WH6TCNOI3ftI
-JeFdpFAEsVRCf6G0y15/NE2ZrZxIa40eMQyFiQBJZ3rg7QTxNHyRxrT1RzcJiqGW
-/BZ+1dTx9GUEp9N5c398vGG3GdxwYl6E0T7Cbv26YYi4i7HFU1VF
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.sc.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of South Carolina</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of South Carolina</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Bill Crayton</GivenName>
-    <EmailAddress>bcrayton@sc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Bill Crayton</GivenName>
-    <EmailAddress>bcrayton@sc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Roger Truesdale</GivenName>
-    <EmailAddress>rogert@mailbox.sc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://sp.csd.sc.edu/shibboleth/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sp.csd.sc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 475, expires on Sun Dec 12 20:14:27 2010 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAdswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIxMTIwMTQyN1oXDTEwMTIx
-MjIwMTQyN1owGDEWMBQGA1UEAxMNc3AuY3NkLnNjLmVkdTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKe83oKrzfsQGNyHCL0Xee4v0jojXaRYaQF5Ozto
-z06OgAWA/l5Az0biB6EPDNILI7+NolIBsxbSDuONU1DxAL/pDDaq0/RhUjQD1H5A
-dLnViaXckM9pxt4EiHRpG2uVtyJRBYqEGDSPoTPESalW1aplWIFgAJH4PxWSiZdc
-JLe6D9dyvT078snBaYSt+YKYukfKQ6R9m96X8aqE4HeTzoZQTn0Ee4VHGqr4m3Al
-NVXbNFAOPTMgaPb3GlryKOOcnIN8veGLqDLv9d4X3AePG8g6SJ5BT6jQ87I4IBfn
-r57ntPNLK++jFG4tTR+St8ITQ+oPsi/nEoqHEkmcSsGKRL8CAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUkB2lyon8syQax+aIxAJY3Wk5IxswfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INc3AuY3NkLnNjLmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEATEFpkd2jv/JHYESaFRWtKjZXA5gxRSktFSF6iVUJH4TN
-FWK1zJaSNt4rjDlQzMpQAQ0MiXZ5HvCnP1vfgiKEpA9T1mY0J22iJyyi/QfY45wD
-22vamAOpsSbQ/jGeRLABBFxotv5kp3+3ROlK8kiQOcoa4G9sbZgi0dU6IwBL22no
-kJxkyTVDiKiMrkTNF/9BBVoCcjmnDJUspBLCBs1lQLUDBZE7qiEpaaOqDMMoa/gU
-Q2V/c97aeKZn1FIzLYtKknc/XxF+ikkFDzV/HxLcm8FZ91DF67SCC+HbM4xopRBA
-UH5ola7ll+RTHAwb8nhSZyeAWOg33QUh71P+168oFA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sp.csd.sc.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://sp.csd.sc.edu/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of South Carolina</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of South Carolina</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.sc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Bill Crayton</GivenName>
-    <EmailAddress>bcrayton@sc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Bill Crayton</GivenName>
-    <EmailAddress>bcrayton@sc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Roger Truesdale</GivenName>
-    <EmailAddress>rogert@mailbox.sc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Stark State College of Technology -->
-<EntityDescriptor entityID="urn:mace:incommon:starkstate.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">starkstate.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.starkstate.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 339, expires on Fri Jun  4 19:18:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAVMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwMzE5MTg1MloXDTEwMDYw
-NDE5MTg1MlowITEfMB0GA1UEAxMWd2ViYXV0aC5zdGFya3N0YXRlLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6KT2FBQHDnNpjRESPZnemI2uI/WFDXxD
-KgkwzntoTDbDivhan0LZh6bGGmTxswFBLG5EPLA6i9zCxGBqZ1fDe4chMtsg+PnD
-pvV+O7uR66X8TxXs8TzhAV5yKKQ+BUX2aaHUUFagYtVlH8YdUKhSDGNmH8wnznfS
-RrDqeBkB8JcCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUVWWE
-UrZC7RU5zp/kGhtydLOWBwEwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZ3ZWJhdXRoLnN0YXJrc3RhdGUuZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQBAyD07sLApJ1dpbnm1vP3yR4xxXIcKz7Tlc8OmPYLMgknR79SXXV3rVkQo
-1HsFW8ITvw5y7hFdRAUFETX2WRAJJr7gDq5WDYSaDpl+bnCWisttquyOc+xqpQNp
-d0Ny/11auzq78ts7Q/OP5FLJbQ5psxmQbKvmk9eq//1H70LJwfUbjwZjWU/j+Yxm
-nzAfqJBRC8zqphoGlT+CTDqqA2zi3SqdDZGhY5dGc2+CA3Bc0eRSYv6CV5iDbt2y
-4szQfw0P6iUJFS/rU3FLq7m2je956ldHiFjgxG9Eu7co/vsooyteycVvw2fyEuE+
-UnaztJjasKEag0jDI9zFEcuNEeGk
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.starkstate.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">starkstate.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.starkstate.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 339, expires on Fri Jun  4 19:18:52 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAVMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDYwMzE5MTg1MloXDTEwMDYw
-NDE5MTg1MlowITEfMB0GA1UEAxMWd2ViYXV0aC5zdGFya3N0YXRlLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6KT2FBQHDnNpjRESPZnemI2uI/WFDXxD
-KgkwzntoTDbDivhan0LZh6bGGmTxswFBLG5EPLA6i9zCxGBqZ1fDe4chMtsg+PnD
-pvV+O7uR66X8TxXs8TzhAV5yKKQ+BUX2aaHUUFagYtVlH8YdUKhSDGNmH8wnznfS
-RrDqeBkB8JcCAwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUVWWE
-UrZC7RU5zp/kGhtydLOWBwEwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29t
-bW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNl
-cnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCB
-jQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBe
-BgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
-bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAh
-BgNVHREEGjAYghZ3ZWJhdXRoLnN0YXJrc3RhdGUuZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQBAyD07sLApJ1dpbnm1vP3yR4xxXIcKz7Tlc8OmPYLMgknR79SXXV3rVkQo
-1HsFW8ITvw5y7hFdRAUFETX2WRAJJr7gDq5WDYSaDpl+bnCWisttquyOc+xqpQNp
-d0Ny/11auzq78ts7Q/OP5FLJbQ5psxmQbKvmk9eq//1H70LJwfUbjwZjWU/j+Yxm
-nzAfqJBRC8zqphoGlT+CTDqqA2zi3SqdDZGhY5dGc2+CA3Bc0eRSYv6CV5iDbt2y
-4szQfw0P6iUJFS/rU3FLq7m2je956ldHiFjgxG9Eu7co/vsooyteycVvw2fyEuE+
-UnaztJjasKEag0jDI9zFEcuNEeGk
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.starkstate.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stark State College of Technology</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stark State College of Technology</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.starkstate.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Josh Bresaw</GivenName>
-    <EmailAddress>jbresaw@starkstate.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Geoff Starnes</GivenName>
-    <EmailAddress>gstarnes@starkstate.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Minnesota -->
-<EntityDescriptor entityID="urn:mace:incommon:umn.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umn.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.shib.umn.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 370, expires on Sat Jul  3 18:27:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICAXIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMjE4MjcxMloXDTEwMDcw
-MzE4MjcxMlowGzEZMBcGA1UEAxMQaWRwLnNoaWIudW1uLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA2ibZeTkmSuUrb57iMvpAF41vMqqCptXr1cfh8V4X
-du5eoZP0XRuP9XKXOTsCjUOpmvKKr0ABRJDHQZL1WXnTp1H22Z7Cm1YhW6EXDUec
-lxp8mCIn4LPVzZ6QO2CjdNwJ4SyeEREuRgjaHvmfCuq8xMX7DNF7uxUQ2O3SSLuJ
-u0MCAwEAAaOCAqIwggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUHqN2x18TbfFk
-NB0xvrRWUKR8AvwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQaWRw
-LnNoaWIudW1uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEACEqzbOYx/CeMdb+nOPJx
-+MXfUtJdEWztRWBeqsWR3Pk3UQPc0Nzj+V60zyDF+ExkAtw6gsBel+cekYFBM2NB
-RJkKfaCgpGVB/x1rFZcNlbXmE4Zr7GBuTKoeEetLjw91YA7/gJgcnlCiTik5gcbs
-mYhjUlEC9CYALH5ErVsmE5NCD9Q1fOpvg5si5/w55r7Cv409ZGbWTIPtlOkziDhz
-G7A1Zt35ZEu5RzfI14iZwZ3RsfW/zjofU14fMpyNjhTPtXoGXs8PleL+okf0cYhC
-inwynxHwtT40C+7jQSOcEHa5n+LCMFKcpeUv4oMWix+ia34RwUJ8R8kzYOoX65NM
-Zg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.shib.umn.edu/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.shib.umn.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umn.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.shib.umn.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 370, expires on Sat Jul  3 18:27:12 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICAXIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMjE4MjcxMloXDTEwMDcw
-MzE4MjcxMlowGzEZMBcGA1UEAxMQaWRwLnNoaWIudW1uLmVkdTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA2ibZeTkmSuUrb57iMvpAF41vMqqCptXr1cfh8V4X
-du5eoZP0XRuP9XKXOTsCjUOpmvKKr0ABRJDHQZL1WXnTp1H22Z7Cm1YhW6EXDUec
-lxp8mCIn4LPVzZ6QO2CjdNwJ4SyeEREuRgjaHvmfCuq8xMX7DNF7uxUQ2O3SSLuJ
-u0MCAwEAAaOCAqIwggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUHqN2x18TbfFk
-NB0xvrRWUKR8AvwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQaWRw
-LnNoaWIudW1uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEACEqzbOYx/CeMdb+nOPJx
-+MXfUtJdEWztRWBeqsWR3Pk3UQPc0Nzj+V60zyDF+ExkAtw6gsBel+cekYFBM2NB
-RJkKfaCgpGVB/x1rFZcNlbXmE4Zr7GBuTKoeEetLjw91YA7/gJgcnlCiTik5gcbs
-mYhjUlEC9CYALH5ErVsmE5NCD9Q1fOpvg5si5/w55r7Cv409ZGbWTIPtlOkziDhz
-G7A1Zt35ZEu5RzfI14iZwZ3RsfW/zjofU14fMpyNjhTPtXoGXs8PleL+okf0cYhC
-inwynxHwtT40C+7jQSOcEHa5n+LCMFKcpeUv4oMWix+ia34RwUJ8R8kzYOoX65NM
-Zg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.shib.umn.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Minnesota</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Minnesota</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www1.umn.edu/twincities/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Christopher Bongaarts</GivenName>
-    <EmailAddress>cab@tc.umn.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Kevin O'Rourke</GivenName>
-    <EmailAddress>kor@tc.umn.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Iowa -->
-<EntityDescriptor entityID="urn:mace:incommon:uiowa.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uiowa.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.uiowa.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 401, expires on Sat Aug  7 18:29:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAZEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgwNjE4Mjk0NloXDTEwMDgw
-NzE4Mjk0NlowGDEWMBQGA1UEAxMNaWRwLnVpb3dhLmVkdTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKtOTz8AVTxEX/oU3a3J6wglgQKVRv2mjeAc6eKy
-OyNNYMzTV+E2Rsd2E7bHSthylq3rTeFclw+NKYb8OoRXQv4D8vtz7ulGlMmJ5yoZ
-DAAbN2fEnd/DjQL1yTON4XVy42Gj/IDVXPf/zFBk2e/awTVxV4UcJkwSWULxEHf5
-1UwQ0C7atGfm02EoFSZCMTX/x1xRYNlo1cDzQCXUa+RnqxAEa5Fp/jTNc9yfQnG/
-nAsN5Njy5v6twRa/1oKcs3a8EVhMcVCPtMQSe/WmUyqt2jYL4O91EsvPy2YFvslx
-i8GrhhwVnGO9diqbXR4XE77omY4zi64t6tHnEWrzHBuK/mUCAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUHYpzrOA8RbdJgWRMBT1Ph6a6wOkwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INaWRwLnVpb3dhLmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEAw7FaEh9HZWCYXSJOEb/FRiR7LK0avVD9ffPtNoWOTYPI
-jfCVm092CdsrkcU1UfZOj84+9dBTosyaZ+NNEcGHhF6MM4i8i9aIt49gfFeoVonV
-x1OM5D7PawiJjAMg2wp7Zzm9ePtC51akFZPOlkCNI9Y1AzphC38+8pw8OpCgCH2P
-pF2BZXe4sgVvuxOBGfe16fPq1xs+DKItdpmo6v7PROscFfLapDPbVnOtXhl5bohi
-rTMWFUxPYfQa3kKxN/L7BbND7VjzpX+IfsYSFl4GQU/jrHByRg8KYt9M4UAfTQ/R
-CGbWjgCXSwY8fzaCmzhEF2ogrTYuH9DGe9f3X8D/Hw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.uiowa.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.uiowa.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uiowa.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.uiowa.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 401, expires on Sat Aug  7 18:29:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAZEwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgwNjE4Mjk0NloXDTEwMDgw
-NzE4Mjk0NlowGDEWMBQGA1UEAxMNaWRwLnVpb3dhLmVkdTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKtOTz8AVTxEX/oU3a3J6wglgQKVRv2mjeAc6eKy
-OyNNYMzTV+E2Rsd2E7bHSthylq3rTeFclw+NKYb8OoRXQv4D8vtz7ulGlMmJ5yoZ
-DAAbN2fEnd/DjQL1yTON4XVy42Gj/IDVXPf/zFBk2e/awTVxV4UcJkwSWULxEHf5
-1UwQ0C7atGfm02EoFSZCMTX/x1xRYNlo1cDzQCXUa+RnqxAEa5Fp/jTNc9yfQnG/
-nAsN5Njy5v6twRa/1oKcs3a8EVhMcVCPtMQSe/WmUyqt2jYL4O91EsvPy2YFvslx
-i8GrhhwVnGO9diqbXR4XE77omY4zi64t6tHnEWrzHBuK/mUCAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUHYpzrOA8RbdJgWRMBT1Ph6a6wOkwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INaWRwLnVpb3dhLmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEAw7FaEh9HZWCYXSJOEb/FRiR7LK0avVD9ffPtNoWOTYPI
-jfCVm092CdsrkcU1UfZOj84+9dBTosyaZ+NNEcGHhF6MM4i8i9aIt49gfFeoVonV
-x1OM5D7PawiJjAMg2wp7Zzm9ePtC51akFZPOlkCNI9Y1AzphC38+8pw8OpCgCH2P
-pF2BZXe4sgVvuxOBGfe16fPq1xs+DKItdpmo6v7PROscFfLapDPbVnOtXhl5bohi
-rTMWFUxPYfQa3kKxN/L7BbND7VjzpX+IfsYSFl4GQU/jrHByRg8KYt9M4UAfTQ/R
-CGbWjgCXSwY8fzaCmzhEF2ogrTYuH9DGe9f3X8D/Hw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.uiowa.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Iowa</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Iowa</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uiowa.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Nicholas Roy</GivenName>
-    <EmailAddress>nicholas-roy@uiowa.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://its-spa-006.iowa.uiowa.edu/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>its-spa-006.iowa.uiowa.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 404, expires on Thu Aug 12 18:17:09 2010 GMT -->
-          <ds:X509Certificate>
-MIIFITCCBAmgAwIBAgICAZQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxMTE4MTcwOVoXDTEwMDgx
-MjE4MTcwOVowJTEjMCEGA1UEAxMaaXRzLXNwYS0wMDYuaW93YS51aW93YS5lZHUw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL75EMh+kU502akMsK/1o2PLi7ow
-97MbKn0L+IHp2lvDT2+cPHFORfECvNnrkYjcHscHy+Ws7KWrfDdF7X5F4rk8KOXs
-hSIKP9wxNFwslTO2LemByH3YDFYOdfyk0v1yZNC1NaWZNaKDzcVvELgvgZ5QYtXw
-IK8YzbaF8H4M0mFNAgMBAAGjggKsMIICqDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYE
-FIK0DHRllNEARJElXJ5gFOxIPKCvMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2N
-k7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVk
-ZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5j
-b21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2Et
-Y2VydHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNV
-HR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRl
-cmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9u
-Y3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1Ud
-IARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29t
-bW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMCUGA1Ud
-EQQeMByCGml0cy1zcGEtMDA2Lmlvd2EudWlvd2EuZWR1MA0GCSqGSIb3DQEBBQUA
-A4IBAQBuTBgmcs44oDktuvTPaC2ebb4L6hrYiP461wCChLoPiJHBR9umy0AkLIgG
-2/SCjl4WES26fRqccEiK0RGDzpRNo62Jk5HHyYcJ2ZnG9R56ZXiaAsaVnWAd1BnB
-zQxOFyvXYE8LP0lvgxP/Nmj6aIV0mPHxYDNNG6z7rIfiY+2uSadxkc7gB2JKTmts
-QUi8gDZl3RPUr7ghn9dHuwTXeCKQ7gfiwQqZvHopFr3NcEAvI2LBPaEBtROh028z
-RBYooeEPXZ6AOJO6yOWFjxo8XFv5YfFLZ8CPJV//2uqqWFOJ3c9kxeXSLFurD+Kh
-AZiJyjK1tAzhGRWoc/wmXjd30Vx+
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://its-spa-006.iowa.uiowa.edu/Shibboleth.sso/SAML/Artifact" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://its-spa-006.iowa.uiowa.edu/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Iowa</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Iowa</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uiowa.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Nicholas Roy</GivenName>
-    <EmailAddress>nicholas-roy@uiowa.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Nevada, Reno -->
-<EntityDescriptor entityID="urn:mace:incommon:unr.edu">
-  <IDPSSODescriptor errorURL="http://idp.unr.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">unr.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.unr.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 450, expires on Fri Oct 22 18:17:34 2010 GMT -->
-          <ds:X509Certificate>
-MIIFAzCCA+ugAwIBAgICAcIwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyMTE4MTczNFoXDTEwMTAy
-MjE4MTczNFowFjEUMBIGA1UEAxMLaWRwLnVuci5lZHUwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALE9Jiuj6jFkiHXIBObYhI5y63pQIxjvoL5FBPYbtpSDKIfl
-hP40SJZ3l6Sf4rDOp7FQL+Wjb/bWX6whOj0G1EX7tz186D+ge2OCx4XO+1K/u9n5
-UWaZHsFW70xSETWwVrlQEtLTRiXOvpwOlNDaq0arqsVCZQjdDKlMqvlIHuJjAgMB
-AAGjggKdMIICmTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFToJOXuGtQn2smzBwX9
-aOrgpZZvMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUF
-BwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsG
-AQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC2lkcC51bnIu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQAQfUtqC2dCUSmPhBsVFhyVPCJtuTduEpei
-fgwZc8UOpP8fpOyySxGIyLotwfOTw9YN4lrOPyfHPg7pQT17oe71ZQMrWSFxmlfB
-OixB9Nm3ximjTvIdwLYoQzj7psSymym7qBOlXOtrxK49Fbf89Y5irwQXyWkLcQkN
-8BqVDBeo3CWSV3zG3UhGrqalsz3oJcAIdKRN8vf2yrfyBQbLmQOyJ1do+0GU996a
-xM0hW+EbfC3WrXlYf0uIGfCLWi12dm8Qtp7KZ9HqcYdrktNbY5w1uGg4V7Ots8Sa
-cZAddRO/LKD6zlaki1uKlaXYQtzWJkg1MggLLiw84wE4+RqWKis0
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.unr.edu/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.unr.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">unr.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>aa.unr.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 456, expires on Fri Oct 29 19:13:03 2010 GMT -->
-          <ds:X509Certificate>
-MIIFATCCA+mgAwIBAgICAcgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyODE5MTMwM1oXDTEwMTAy
-OTE5MTMwM1owFTETMBEGA1UEAxMKYWEudW5yLmVkdTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAsT0mK6PqMWSIdcgE5tiEjnLrelAjGO+gvkUE9hu2lIMoh+WE
-/jRIlneXpJ/isM6nsVAv5aNv9tZfrCE6PQbURfu3PXzoP6B7Y4LHhc77Ur+72flR
-ZpkewVbvTFIRNbBWuVAS0tNGJc6+nA6U0NqrRquqxUJlCN0MqUyq+Uge4mMCAwEA
-AaOCApwwggKYMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUVOgk5e4a1CfaybMHBf1o
-6uCllm8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJ
-BgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQD
-EyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUH
-AQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYB
-BQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5
-aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9l
-ZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4j
-AQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwFQYDVR0RBA4wDIIKYWEudW5yLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAwElplY/XGBBoToMaMDB8EuQjkbc3rBKgROM4
-voQ8qzj3/NfX1pMApYAlYdvCrMCzaFnnxPpHR3imc3g1RLhVGnSkBsHOh+lmlPD9
-50UMsp4T3o8/FRFYQ8lT55J2I5GktE4eHquZKBtPd15gJipJR/Igj5XShK7GKUQ0
-vllvogsLp0ohueHOs3iORIxAEtwIBiLRvbKua7HV/Kp7pverMFjT0nuBGssvBhe6
-lWyw38ssv65+b48+dmTaFL4hSfUwUKStpsCRXOzhCuvNaMNcVkw6n37drQRtrZyO
-xolnKWw7rzS4cc+k0vn0HafRDuMEjRaVwu4g1f4GB2Vnwes4zw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.unr.edu/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Nevada, Reno</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Nevada, Reno</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.unr.edu/content/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Derek Eiler</GivenName>
-    <EmailAddress>derek@unr.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Jeff Springer</GivenName>
-    <EmailAddress>jeffs@unr.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Teragrid of the University of Chicago -->
-<EntityDescriptor entityID="https://go.teragrid.org/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>go.teragrid.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 499, expires on Fri Mar  4 20:07:05 2011 GMT -->
-          <ds:X509Certificate>
-MIIFCzCCA/OgAwIBAgICAfMwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMwMzIwMDcwNVoXDTExMDMw
-NDIwMDcwNVowGjEYMBYGA1UEAxMPZ28udGVyYWdyaWQub3JnMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCpRGQ6cLGZ5KyqFw9FUVPKYsOZbLhxN9Jx6Ib0dDPF
-Fj9g0mBo1odGP5CV1Ibbya9fzwKbkR3D6TpOnK3+KG2FTWzQAm3/wVlgmXs4Ekxp
-uzXeJoieEJKpTngwLEG3+nXVlKWRuLVjsuRaR9qPMLv0WhazFv+dG6kpxrEgerWk
-qwIDAQABo4ICoTCCAp0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRfSnCLeRleFv2E
-bMhqoMaYm/qooTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggr
-BgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg9nby50
-ZXJhZ3JpZC5vcmcwDQYJKoZIhvcNAQEFBQADggEBAHLsKg+bFI2QY54JPiywebSy
-MRa361UGlbIEAnyyYXYbcp49YbrMfmbikkAWFRBIDNrRIBn3LGZqL0qUmG6FomsT
-8ZYx5dV86p2rRccf7C5ZNCleTUYgxzWI+UgAJLCxs0GaEFgAqBqRnBniG/NaTwXf
-qzENZ43/jp//5BBjwHfC6EWmLImh60gaw5ChY4ud+lqkxvDwpHdw/vhAorwxQSfP
-DGvlfNohAA0rpeXqclS7GiFLf0e9L3QoSJ7tgYzyJCPR/pe/CgyD1ehNI8Y0K0Go
-RTjvYKJtKYcspAqNn5wrWP5MTgF/kw0uN6TMzWWRxwQIQs2YgdIqbxLsWgZWfJ8=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://go.teragrid.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://go.teragrid.org/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Teragrid of the University of Chicago</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Teragrid of the University of Chicago</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.teragrid.org/index.php</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Terry Fleury</GivenName>
-    <EmailAddress>tfleury@ncsa.uiuc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Von Welch</GivenName>
-    <EmailAddress>vwelch@ncsa.uiuc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- NITLE (National Institute for Technology and Liberal Education) -->
-<EntityDescriptor entityID="urn:mace:incommon:nitle.org">
-  <IDPSSODescriptor errorURL="https://idp.nitle.org/idp/error.jsp" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nitle.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.nitle.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 408, expires on Sun Aug 15 18:09:28 2010 GMT -->
-          <ds:X509Certificate>
-MIIFBzCCA++gAwIBAgICAZgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxNDE4MDkyOFoXDTEwMDgx
-NTE4MDkyOFowGDEWMBQGA1UEAxMNaWRwLm5pdGxlLm9yZzCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAsZPVB0aWBQr0bu4bML3LPfDDlJ7ZfYUDfjTI/nTVi3oU
-ViqzeCqajzGnaiWRjSPW/bRVPt6XwUTO12lD52xzi8Zq11q0Id6SjXOwyUGZPOM3
-zf1OEEPqAFq3l9X9mC0rGcRA3k7JbYeEVlF3Mtur8vQ9iB7dhCcomX+4OFhXNtEC
-AwEAAaOCAp8wggKbMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0/LQyEED82+rGiB1
-o25RVQ+MkXwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYB
-BQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYI
-KwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEE
-Aa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INaWRwLm5p
-dGxlLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEADWLDv8PwASnMjLxlkBcH67BYQMf7
-qckPXztNCRwevPeZ+keCD2Wf+Uo9qIusOgYGA1mqEfUyy+XjpfSA3bmzU0+LYpUX
-Qwm5gxKw68SCbBAgHJw/WGkasuCGISml2d0hzwdXGwjpTVLhm9P0NoGy+8xkoRyC
-mzBF4qXC+cX9HhWjWJw+ULpxxad2gsL+GNccatE8P7kxKy+mBrP1uBsig1sWftnZ
-SYuewTBmV8WgbokLxbdCOC5iU5Q17V8wuu4npLiKIe/t+Kfkc30PlOj97SrpqNgs
-iguD8wia0hD3xgoWrbZKBG7pDNaR6IAZooy6w5bS/nF3uNTjnknL6Zq6DA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.nitle.org/idp/profile/SAML2/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.nitle.org/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nitle.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.nitle.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 408, expires on Sun Aug 15 18:09:28 2010 GMT -->
-          <ds:X509Certificate>
-MIIFBzCCA++gAwIBAgICAZgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxNDE4MDkyOFoXDTEwMDgx
-NTE4MDkyOFowGDEWMBQGA1UEAxMNaWRwLm5pdGxlLm9yZzCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAsZPVB0aWBQr0bu4bML3LPfDDlJ7ZfYUDfjTI/nTVi3oU
-ViqzeCqajzGnaiWRjSPW/bRVPt6XwUTO12lD52xzi8Zq11q0Id6SjXOwyUGZPOM3
-zf1OEEPqAFq3l9X9mC0rGcRA3k7JbYeEVlF3Mtur8vQ9iB7dhCcomX+4OFhXNtEC
-AwEAAaOCAp8wggKbMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0/LQyEED82+rGiB1
-o25RVQ+MkXwwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYB
-BQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYI
-KwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEE
-Aa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INaWRwLm5p
-dGxlLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEADWLDv8PwASnMjLxlkBcH67BYQMf7
-qckPXztNCRwevPeZ+keCD2Wf+Uo9qIusOgYGA1mqEfUyy+XjpfSA3bmzU0+LYpUX
-Qwm5gxKw68SCbBAgHJw/WGkasuCGISml2d0hzwdXGwjpTVLhm9P0NoGy+8xkoRyC
-mzBF4qXC+cX9HhWjWJw+ULpxxad2gsL+GNccatE8P7kxKy+mBrP1uBsig1sWftnZ
-SYuewTBmV8WgbokLxbdCOC5iU5Q17V8wuu4npLiKIe/t+Kfkc30PlOj97SrpqNgs
-iguD8wia0hD3xgoWrbZKBG7pDNaR6IAZooy6w5bS/nF3uNTjnknL6Zq6DA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.nitle.org/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.nitle.org/idp/profile/SAML2/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">NITLE (National Institute for Technology and Liberal Education)</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">NITLE (National Institute for Technology and Liberal Education)</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.nitle.org</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Eric Harper</GivenName>
-    <EmailAddress>eric.harper@nitle.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Chris G. Sellers</GivenName>
-    <EmailAddress>csellers@nitle.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>NITLE Web Support</GivenName>
-    <EmailAddress>webadmin@nitle.org</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Identit-E, LLC -->
-<EntityDescriptor entityID="https://www.myidentit-e.com/shibboleth/incommon/sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.myidentit-e.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 384, expires on Sun Jul 18 19:01:46 2010 GMT -->
-          <ds:X509Certificate>
-MIIGlzCCBX+gAwIBAgICAYAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcxNzE5MDE0NloXDTEwMDcx
-ODE5MDE0NlowHjEcMBoGA1UEAxMTd3d3Lm15aWRlbnRpdC1lLmNvbTCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAOEKAeuqQrETGYthEMVeamazd9qc3e6m
-DGpWgZpdCSZz4iuXYfiK5/Y4hHqbSaJFdYOwbpbMw3O/4wV9cEyaNhhWTCAcvr0j
-tXDTGKrUoVMk5/TgrxHGU6xpj5R1yr1/Mgcwx1xBO7BAsEh6BmT5jzFc1Hqm5BA+
-MQnuo5sg9qtCFfVxTpyWsCYfSXUvGkx6ZlKaUzjzw4fep0je4gUUmJQXepD+Bb0+
-JY8mckp74Qat1bBIuAcQcNInoZyyAXAaca4oSrPE5Gd8aNK/66wUi/2gQ3F1ykuL
-tFOCzSjG1yPm1KTJW3oCE1ekcFpyyJgLmVcp6lnkSuYsQ2iZK5uJ4xz1C79pnvA1
-uSogoA/yqFYzDeiaUeE3qUNVl5Xltvqc4qkyVj8Yohbvr+/c5lNezzbMKK62tv+U
-8OpnOPirQ/dwn0AKDPOIWd8aNK+oAkSu+yLWMWplBBC0GUW0D9azD2tuVtr4CQ7L
-xTDUHY221jVb5DCUxy+JcKH9U0RTc/isO1dlz1sZYtCns7chY22zDIuF61ArgnmI
-QVZa+w5MDI1gD/259u4pblniH3RZYrtyx0rkSHB56Pu3CBrx9Tu6ucBmgCyj48a1
-yS7KCHFGsgoaTGaLhsAyMkFp9Fga2zDeNBQ409EHUPYGVYlYpxO+QYxAWKuXVsiS
-Bar+96WaPieZAgMBAAGjggKlMIICoTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDMS
-Bw4nrG+g9+CCiXLCcklfKfnzMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rn
-ymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
-dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmC
-AQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21t
-b25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2Vy
-dHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8E
-gYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3Js
-Mi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARX
-MFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9u
-Y2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMB4GA1UdEQQX
-MBWCE3d3dy5teWlkZW50aXQtZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAAMOhh6c
-XVjUP3HTaFwNYSu/92jNt5SyH09DUYwNm/nvqrBNYrTBMFP+pbOuuHK7GOccBrji
-pF1ffMauLZWBTvBJSAT1S4K5NuHVscj2uol6lEKviXnFgjZRhmJSIoFmslTKmw71
-ejsWeoKKxFyWh/+nq9qPft94Ntw7C4Ju+CBbtcwdn+ZfjGJz/pKkOqbSOxDFw0fz
-HHNHSxSrx76TYKhh9waa+KXws5KJJXEWXCyDzOyOA51alpULEnL8RqCuB134OxDo
-x9ul3wV4yRuVWHAw596Y8DuGxR6oMUOo0UTNbge0FZnGwxJ/sEE9cN9iJe7y3MZb
-iD15Lsh07Mmzea4=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://test.myidentit-e.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://test.myidentit-e.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.myidentit-e.com/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.myidentit-e.com/Shibboleth.sso/SAML/Artifact" index="4"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Identit-E, LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Identit-E, LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://myidentit-e.com/defaultstatic/default.htm</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Josh DePeau</GivenName>
-    <EmailAddress>jdepeau@dstewart.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Findlay -->
-<EntityDescriptor entityID="urn:mace:incommon:findlay.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">findlay.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>metis.findlay.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 364, expires on Fri Jul  2 17:15:10 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAWwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTUxMFoXDTEwMDcw
-MjE3MTUxMFowHDEaMBgGA1UEAxMRbWV0aXMuZmluZGxheS5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAKqbDQVE/rX7VihHQLlXy+E6/+EFu7NbgEZgCtqV
-AXfRy40g8xtVxP39LSftBDDu5vCxaudoFEkmA/7Eny7ww4tPalkNt7NksOwLlraS
-7/yOdHAcsAtxsPJoXhq7GGfGVkBrhKpBE20SDCWSBm3Uy2ZgAS0SGZZRKS/SCWXk
-u/OTAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJFG9w0MLDyc
-8O18DdWE2dbIdWgzMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEW1l
-dGlzLmZpbmRsYXkuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBZZMv0yXb1WNTBBex4
-Te+ZG1eTkT/ndwZmoCKc5KfRIgn9b1GKpxqEQdzC0JttIQTyZzmgnklbM9R+TVOl
-iJgGSqmyDZnUL/S3EA7P6uxiMmyi7Nuhi4lnR/L+urhwOoE9yYdJ2y1vT4KUOiaR
-9Ohh1ZclHKVC6nCrPEYbqp2+PoD2tTkJPuRMIT+05AkWFESk98lV4/T58jkdU9m+
-ibNwq3lnmqPhbnQPqTkqtUaS+shcOph7ozJYiNk+jXoYBLnQucqqIUfmIz5ZmBpN
-fY7uHexMkfKSf7ZWhnlOJ+2VxA5/xvFZ8pGkLl3WXV7iq5Ech0kAjm/++pLkF+d/
-RrT+
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://metis.findlay.edu:8443/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://metis.findlay.edu:8442/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">findlay.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>metis.findlay.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 364, expires on Fri Jul  2 17:15:10 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDzCCA/egAwIBAgICAWwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDcwMTE3MTUxMFoXDTEwMDcw
-MjE3MTUxMFowHDEaMBgGA1UEAxMRbWV0aXMuZmluZGxheS5lZHUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAKqbDQVE/rX7VihHQLlXy+E6/+EFu7NbgEZgCtqV
-AXfRy40g8xtVxP39LSftBDDu5vCxaudoFEkmA/7Eny7ww4tPalkNt7NksOwLlraS
-7/yOdHAcsAtxsPJoXhq7GGfGVkBrhKpBE20SDCWSBm3Uy2ZgAS0SGZZRKS/SCWXk
-u/OTAgMBAAGjggKjMIICnzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJFG9w0MLDyc
-8O18DdWE2dbIdWgzMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqk
-WDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEp
-MCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIG
-CCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIw
-P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYL
-KwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBwGA1UdEQQVMBOCEW1l
-dGlzLmZpbmRsYXkuZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQBZZMv0yXb1WNTBBex4
-Te+ZG1eTkT/ndwZmoCKc5KfRIgn9b1GKpxqEQdzC0JttIQTyZzmgnklbM9R+TVOl
-iJgGSqmyDZnUL/S3EA7P6uxiMmyi7Nuhi4lnR/L+urhwOoE9yYdJ2y1vT4KUOiaR
-9Ohh1ZclHKVC6nCrPEYbqp2+PoD2tTkJPuRMIT+05AkWFESk98lV4/T58jkdU9m+
-ibNwq3lnmqPhbnQPqTkqtUaS+shcOph7ozJYiNk+jXoYBLnQucqqIUfmIz5ZmBpN
-fY7uHexMkfKSf7ZWhnlOJ+2VxA5/xvFZ8pGkLl3WXV7iq5Ech0kAjm/++pLkF+d/
-RrT+
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://metis.findlay.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Findlay</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">The University of Findlay</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.findlay.edu/default.htm</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Ryan Fox</GivenName>
-    <EmailAddress>rfox@findlay.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- PeopleAdmin, Inc. -->
-<EntityDescriptor entityID="https://emp510.peopleadmin.com/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>peopleadmin.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 405, expires on Fri Aug 13 18:48:13 2010 GMT -->
-          <ds:X509Certificate>
-MIIFCzCCA/OgAwIBAgICAZUwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxMjE4NDgxM1oXDTEwMDgx
-MzE4NDgxM1owGjEYMBYGA1UEAxMPcGVvcGxlYWRtaW4uY29tMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDdAujQPFfA3SJbvATaV3ZOyrU0pR+XTYxt1YscwGWB
-65oJpinlJVt8EX6Wv57UiRd1qNUmvxOKzQy+yMRBsc4g+whvaeumiLgz2Qlhp8g1
-SNsR/gmVYPLOLNzmVPrX7XNKNli5+DOqtq5F4+9ou8bwqiqzRFy+lPWYLgYMvegh
-/wIDAQABo4ICoTCCAp0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ2Nt7DOvqITu4x
-RqumCysoiZP7WTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggr
-BgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg9wZW9w
-bGVhZG1pbi5jb20wDQYJKoZIhvcNAQEFBQADggEBADiiC7+8367p+Rgdzpiul67Y
-rci//XYMt5eklnWSDDnILTxCmnZ/9qBnpARjzIIyUToU8qR53F8UHjpp3SAzLgxA
-CiQWSIWOzoqAJHKfKeQNID51wKLH5BP+6YD52+Q8ufjZgpYierKqLcJqtf+WaQGX
-36kVQP38uI3zK7jHnr28mN5OCEyKPAV+4Rs2KwxG+6rQ/NjBM+W0Y/k34Uguk2XM
-MOvH3xJ+SwsQJBcjigErJwsl1zOZxlvHEg8/p719H/dK8ZbZROHw2z5LMoCdwMmf
-IFJDINAoOBl+1Mb5A0xgbbDpQbh1/+KLgd+rOdA1ko6m0o4bfxAQHuM8M7xJsSc=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.nyucareers.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cs510.peopleadmin.com/Shibboleth.sso/SAML/POST" index="2"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://training510.peopleadmin.com/Shibboleth.sso/SAML/POST" index="3"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">PeopleAdmin, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">PeopleAdmin, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.peopleadmin.com/index.php?option=com_frontpage&amp;Itemid=105</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Matt Thomas</GivenName>
-    <EmailAddress>matt@peopleadmin.com</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Sohail Bashadi</GivenName>
-    <EmailAddress>sohail.bashadi@peopleadmin.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of South Florida -->
-<EntityDescriptor entityID="urn:mace:incommon:usf.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">usf.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.usf.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 410, expires on Fri Aug 20 18:07:39 2010 GMT -->
-          <ds:X509Certificate>
-MIIFCzCCA/OgAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxOTE4MDczOVoXDTEwMDgy
-MDE4MDczOVowGjEYMBYGA1UEAxMPd2ViYXV0aC51c2YuZWR1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDXUvEYBD8VxBl8aSFhCNXnS15LEy5IMI9HEiawq//i
-GeiI0g4Yn/QlB5zXrawPJYHuvbXQ6jFP4rdK3XJ7c9vWBNGHknLCArpQ368HtcSk
-wzAfVX74dICwL+rld9FemANj6NMmEgc5x0MuhtHJlZXnpa3XVctigs2JZavke9V+
-QwIDAQABo4ICoTCCAp0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSFk/bu8QXqbkgW
-+PKzRABJX453jTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggr
-BgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg93ZWJh
-dXRoLnVzZi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAJjo8AuzFeiTMaYo0MqeA375
-LO/eSZwzNdX6nBhzcVO/ubt9LozU8kDuSErlsTbjjX6w9oLat7JTdgd2yhdkdTmz
-FyqSlUXMKrGCIhoVBSMzxqIx9J33gGmSrip+tv9th+O8T0Z/Ol7WlbuZqdW5t1EN
-7rHrlANVlL0xAH+G0JO3XAlugtWhFfmzI04D/Mf8XFsWYkkVKUHODrqANN/QomcF
-dgxP4mV8Kf5ngIt8a1vrPLn3ZSchOeWYxtgnUVn4W5U7Jsv2BzVuhrDkj7zh1S0P
-z5zqzc8t7pTK0XnvXrE85meYmAXJZDA5TXn/UIZLLlUJsqv5TkIqwhWKlU20YTw=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.usf.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.usf.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">usf.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.usf.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 410, expires on Fri Aug 20 18:07:39 2010 GMT -->
-          <ds:X509Certificate>
-MIIFCzCCA/OgAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDgxOTE4MDczOVoXDTEwMDgy
-MDE4MDczOVowGjEYMBYGA1UEAxMPd2ViYXV0aC51c2YuZWR1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDXUvEYBD8VxBl8aSFhCNXnS15LEy5IMI9HEiawq//i
-GeiI0g4Yn/QlB5zXrawPJYHuvbXQ6jFP4rdK3XJ7c9vWBNGHknLCArpQ368HtcSk
-wzAfVX74dICwL+rld9FemANj6NMmEgc5x0MuhtHJlZXnpa3XVctigs2JZavke9V+
-QwIDAQABo4ICoTCCAp0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSFk/bu8QXqbkgW
-+PKzRABJX453jTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgw
-VjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAn
-BgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggr
-BgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBP
-BggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+g
-PaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcv
-Y3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
-AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAaBgNVHREEEzARgg93ZWJh
-dXRoLnVzZi5lZHUwDQYJKoZIhvcNAQEFBQADggEBAJjo8AuzFeiTMaYo0MqeA375
-LO/eSZwzNdX6nBhzcVO/ubt9LozU8kDuSErlsTbjjX6w9oLat7JTdgd2yhdkdTmz
-FyqSlUXMKrGCIhoVBSMzxqIx9J33gGmSrip+tv9th+O8T0Z/Ol7WlbuZqdW5t1EN
-7rHrlANVlL0xAH+G0JO3XAlugtWhFfmzI04D/Mf8XFsWYkkVKUHODrqANN/QomcF
-dgxP4mV8Kf5ngIt8a1vrPLn3ZSchOeWYxtgnUVn4W5U7Jsv2BzVuhrDkj7zh1S0P
-z5zqzc8t7pTK0XnvXrE85meYmAXJZDA5TXn/UIZLLlUJsqv5TkIqwhWKlU20YTw=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.usf.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of South Florida</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of South Florida</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.usf.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Eric Pierce</GivenName>
-    <EmailAddress>epierce@usf.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Dayton -->
-<EntityDescriptor entityID="urn:mace:incommon:udayton.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">udayton.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibidp.udayton.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 396, expires on Sun Aug  1 18:17:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAYwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDczMTE4MTcxNFoXDTEwMDgw
-MTE4MTcxNFowHjEcMBoGA1UEAxMTc2hpYmlkcC51ZGF5dG9uLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEApJvzKV1jlZNC8GfgodgdpbrAe98NUuaYm2ND
-KrSmmXbdSk5dox7RcJ3v6NPKGjVfpy+i8xW1BbbKCVkqjBIDMCMX0b15KTRE/hml
-YeX8iQ2uuH9bjEUWDlHYb2yW1CS8I/P/9rRhksgYADu1f7pnDBwipGvvJeRdiOsl
-gNfi9B8CAwEAAaOCAqUwggKhMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUWD9YR3xQ
-YU+N8IoPEOzET3HVMQ0wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-sgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYIT
-c2hpYmlkcC51ZGF5dG9uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEACxmcyCXR1P7W
-GAm99hdRXNFxpxeuY5XeSMxCUAJK6iTNOfNySyPFuiPDB7cdisqb/actVi4rlfqK
-2HcrTD4TBsK3l7goNiNn3WlZePhKukqKAwAl/BPOa2HYqW80KrEnC+YAxduVqWru
-q5+s6ya8/8egAHWBv1utWnkk1PP/xr2qAcWYAi60XHxmI8RcENdLs4ElFPf2O1jc
-V6fKnCvBv+pPgNy4N+J53MtFSAgcKGufb5TXU3SHvXIW63cttEOz32EMJ5VYxTUq
-j5a1HvZfe/9d/yyQeHZYTR38jxtANjI1H13UmjpzJ4iMZFjggYgS/Ye/spu4t/yW
-PRUbc3lr6A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibidp.udayton.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibidp.udayton.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">udayton.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibidp.udayton.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 396, expires on Sun Aug  1 18:17:14 2010 GMT -->
-          <ds:X509Certificate>
-MIIFEzCCA/ugAwIBAgICAYwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDczMTE4MTcxNFoXDTEwMDgw
-MTE4MTcxNFowHjEcMBoGA1UEAxMTc2hpYmlkcC51ZGF5dG9uLmVkdTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEApJvzKV1jlZNC8GfgodgdpbrAe98NUuaYm2ND
-KrSmmXbdSk5dox7RcJ3v6NPKGjVfpy+i8xW1BbbKCVkqjBIDMCMX0b15KTRE/hml
-YeX8iQ2uuH9bjEUWDlHYb2yW1CS8I/P/9rRhksgYADu1f7pnDBwipGvvJeRdiOsl
-gNfi9B8CAwEAAaOCAqUwggKhMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
-MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUWD9YR3xQ
-YU+N8IoPEOzET3HVMQ0wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0Wh
-WqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9u
-MSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCB
-sgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNh
-MS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5w
-N2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCB
-gjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmlu
-Y29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBT
-BgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYIT
-c2hpYmlkcC51ZGF5dG9uLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEACxmcyCXR1P7W
-GAm99hdRXNFxpxeuY5XeSMxCUAJK6iTNOfNySyPFuiPDB7cdisqb/actVi4rlfqK
-2HcrTD4TBsK3l7goNiNn3WlZePhKukqKAwAl/BPOa2HYqW80KrEnC+YAxduVqWru
-q5+s6ya8/8egAHWBv1utWnkk1PP/xr2qAcWYAi60XHxmI8RcENdLs4ElFPf2O1jc
-V6fKnCvBv+pPgNy4N+J53MtFSAgcKGufb5TXU3SHvXIW63cttEOz32EMJ5VYxTUq
-j5a1HvZfe/9d/yyQeHZYTR38jxtANjI1H13UmjpzJ4iMZFjggYgS/Ye/spu4t/yW
-PRUbc3lr6A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibidp.udayton.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Dayton</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Dayton</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.udayton.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Steven Smith</GivenName>
-    <EmailAddress>smithstm@notes.udayton.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>UDit Help Desk</GivenName>
-    <EmailAddress>pchelp@notes.udayton.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Al Stern</GivenName>
-    <EmailAddress>astern@udayton.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- The University of Arizona -->
-<EntityDescriptor entityID="urn:mace:incommon:arizona.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">arizona.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.arizona.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 423, expires on Fri Sep  3 18:12:55 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAacwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwMjE4MTI1NVoXDTEwMDkw
-MzE4MTI1NVowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5hcml6b25hLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqBuPxEj2NG2GqJjg7Zw+4mu4XRPa0ufs
-sw3cIASt3IEgufn42asdZI8wzKhWT05byJb4tceUxuL28Um1gQBCVX6zembBwyqD
-90xsk7OS0YUEs6b48/QRlp2/hgpB4hTRRbFQmb5DCWYB/uL+v5tJuNFSet9lRGso
-T0lirQezkL0CAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUzw3Z
-4FLbvZT827kCD8nEamfZjokwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWc2hpYmJvbGV0aC5hcml6b25hLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAxJZo
-4qDSuwBWODXdbOuHwo5v34tHZR6OSjPDGxDJAyNcqVaTICmkq7a1ZIRoga0ju3Uc
-FtcC97sQGMElKMCK8eLdHZ28c/Cpenl/HSrUQMXBtc6Vs+66TsDGSwLnfb17Fo24
-u1uzOH8UrRfO9zOV8jpt/XwvkNQhgOFpMHX/n4uuvAZdrsxuh24ZsUoGKA3CmzE2
-p/F1Fthazm/YvrKZOAjQS1kKNw7z7p3MXpnfwZa+lc+oAEgXdCcHL18b4omzMYpv
-ra8DeM0kT40bZQp415GZvJTO+66U36H6oeKUcPyHbO0t35B2yNPTEldklNs+9cbU
-eA7pKr2ed6JHgScoZA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.arizona.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.arizona.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">arizona.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.arizona.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 423, expires on Fri Sep  3 18:12:55 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAacwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkwMjE4MTI1NVoXDTEwMDkw
-MzE4MTI1NVowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5hcml6b25hLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqBuPxEj2NG2GqJjg7Zw+4mu4XRPa0ufs
-sw3cIASt3IEgufn42asdZI8wzKhWT05byJb4tceUxuL28Um1gQBCVX6zembBwyqD
-90xsk7OS0YUEs6b48/QRlp2/hgpB4hTRRbFQmb5DCWYB/uL+v5tJuNFSet9lRGso
-T0lirQezkL0CAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUzw3Z
-4FLbvZT827kCD8nEamfZjokwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWc2hpYmJvbGV0aC5hcml6b25hLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAxJZo
-4qDSuwBWODXdbOuHwo5v34tHZR6OSjPDGxDJAyNcqVaTICmkq7a1ZIRoga0ju3Uc
-FtcC97sQGMElKMCK8eLdHZ28c/Cpenl/HSrUQMXBtc6Vs+66TsDGSwLnfb17Fo24
-u1uzOH8UrRfO9zOV8jpt/XwvkNQhgOFpMHX/n4uuvAZdrsxuh24ZsUoGKA3CmzE2
-p/F1Fthazm/YvrKZOAjQS1kKNw7z7p3MXpnfwZa+lc+oAEgXdCcHL18b4omzMYpv
-ra8DeM0kT40bZQp415GZvJTO+66U36H6oeKUcPyHbO0t35B2yNPTEldklNs+9cbU
-eA7pKr2ed6JHgScoZA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.arizona.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">The University of Arizona</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">The University of Arizona</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.arizona.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Gary Windham</GivenName>
-    <EmailAddress>gary.windham@arizona.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Massachusetts Institute of Technology -->
-<EntityDescriptor entityID="urn:mace:incommon:mit.edu">
-  <IDPSSODescriptor errorURL="https://idp.mit.edu/help.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">mit.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.mit.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 478, expires on Fri Dec 24 20:10:58 2010 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAd4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIyMzIwMTA1OFoXDTEwMTIy
-NDIwMTA1OFowFjEUMBIGA1UEAxMLaWRwLm1pdC5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQC4JDUGKlGjm+lm9mkncjbs1z+vLOUoGCuwOHbQsU1r
-akWDqvREXQu0FigrPJkkp3Bk/ubMVWa8uJXBGyuUsoZmx5LCEJfDJ5AqaEP2M2jl
-B7Rds9N+U9FgVu/BySWn1FQDbjFfzyeBHQusOB92pPaQ7JIaPAh1oV8ryN4mRQu/
-s2Bju7Y1FpfvOljjqCYSstVyWG/ISxKbWxgq3fnkTp+HL8Vd2SGOHf52+sQyrNhZ
-CK9dbryO30K8Stjc/N+67s6A3iJL47arHWJsFul9p6P6hOl4BfxUutOewz0cXbYm
-GaOP7huY42732NjZK3AT7ODvi+E6YIl+lIr4czxJH/EdAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFA4dQCFwOCJZo1agHARkr2Y3PpWCMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC2lkcC5taXQuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQAIhtxXLVfuF+/LB9uyUh5tDaK0PPdSAc8emsn7CSMI3Z0RZCwV
-fIDDf4stU1uMGmUBh7lS7BHrAQJwOI1FcZnOd9XKi+oAmj61I8m+HddGP+sG524v
-HaxWaqRAtJY1ot50qP0rjOYzKSolcLhd+Ym5Py1FMDMg12bWxCGNcLzUIK4dE2pt
-Z6cyRWuC/zMsm3Lv1LP0w1Yqi5/d2a2QHvNm6Tzn7pB8WzR8ML/GvnceDw8ey5lJ
-TYIDqpRgCXxinC6bMYfUlPYkUn1z36ZL717lT8AwAoGzgonVvOzK+fmTge9ecexo
-u8C5dIrhLGq5YYp8NHNCbnpri6j85M+fzqOs
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.mit.edu:8444/shibboleth-idp/Artifact" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.mit.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">mit.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.mit.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 478, expires on Fri Dec 24 20:10:58 2010 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAd4wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIyMzIwMTA1OFoXDTEwMTIy
-NDIwMTA1OFowFjEUMBIGA1UEAxMLaWRwLm1pdC5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQC4JDUGKlGjm+lm9mkncjbs1z+vLOUoGCuwOHbQsU1r
-akWDqvREXQu0FigrPJkkp3Bk/ubMVWa8uJXBGyuUsoZmx5LCEJfDJ5AqaEP2M2jl
-B7Rds9N+U9FgVu/BySWn1FQDbjFfzyeBHQusOB92pPaQ7JIaPAh1oV8ryN4mRQu/
-s2Bju7Y1FpfvOljjqCYSstVyWG/ISxKbWxgq3fnkTp+HL8Vd2SGOHf52+sQyrNhZ
-CK9dbryO30K8Stjc/N+67s6A3iJL47arHWJsFul9p6P6hOl4BfxUutOewz0cXbYm
-GaOP7huY42732NjZK3AT7ODvi+E6YIl+lIr4czxJH/EdAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFA4dQCFwOCJZo1agHARkr2Y3PpWCMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC2lkcC5taXQuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQAIhtxXLVfuF+/LB9uyUh5tDaK0PPdSAc8emsn7CSMI3Z0RZCwV
-fIDDf4stU1uMGmUBh7lS7BHrAQJwOI1FcZnOd9XKi+oAmj61I8m+HddGP+sG524v
-HaxWaqRAtJY1ot50qP0rjOYzKSolcLhd+Ym5Py1FMDMg12bWxCGNcLzUIK4dE2pt
-Z6cyRWuC/zMsm3Lv1LP0w1Yqi5/d2a2QHvNm6Tzn7pB8WzR8ML/GvnceDw8ey5lJ
-TYIDqpRgCXxinC6bMYfUlPYkUn1z36ZL717lT8AwAoGzgonVvOzK+fmTge9ecexo
-u8C5dIrhLGq5YYp8NHNCbnpri6j85M+fzqOs
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.mit.edu:8444/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Massachusetts Institute of Technology</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Massachusetts Institute of Technology</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://web.mit.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Touchstone Support</GivenName>
-    <EmailAddress>touchstone-support@mit.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California, San Francisco -->
-<EntityDescriptor entityID="urn:mace:incommon:ucsf.edu">
-  <IDPSSODescriptor errorURL="https://dp.ucsf.edu/idp/profile/error.jsp" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsf.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>dp.ucsf.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 444, expires on Mon Oct  4 19:20:54 2010 GMT -->
-          <ds:X509Certificate>
-MIIFAzCCA+ugAwIBAgICAbwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAwMzE5MjA1NFoXDTEwMTAw
-NDE5MjA1NFowFjEUMBIGA1UEAxMLZHAudWNzZi5lZHUwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAL38UnLIMPP6ULM3JMt3in+PtLQhD1hEC4vd45TxKEurL7Me
-WRX95OyDvDpDUxnvgntG1Uc8q+vQZw1Ydtf5VUv7lC2hIQHPKaaA6cqHcWkyrGvz
-sqBGduA1NUkuvX5TD2tZkX2cw4AoVpg13a+t0MX/Mfuhtiy6JO0X+8EqqyKNAgMB
-AAGjggKdMIICmTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDeq6q04ki5fSKGOfhjt
-ud9Lp7ITMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUF
-BwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsG
-AQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC2RwLnVjc2Yu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCyPTzm4iZFtprMTOEl4x8+Nh7GJZJBErNZ
-tJ1kuxNywJ+yCNLc75V+z/LIgpd0YoaZoUhtknzQMskbs37UZ/5LqdHxCH6yVZf7
-vCVNSNmbFSrhbrLxvgaPSIfp2H/p3te3v9fNJTOaiwHHUuLdn/J1XtlV5hZtuMOF
-IycSYPzuhyNT8SkBfRAtqn1L8ekQATIeqZPh8mAAJ5Bhk9QqYjRjfE9mwcw0LOGP
-kGpkb0X9psKNbA4UnirbkT2mA1j4y6OuqxVRbvCOEaYXrHUMDRbImmOpc4h4k/HH
-ox1OwwxESYdcngIsJK8WDOJpQV8x0T5Ik3ilU5vpT8146/LyF+Pu
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://dp.ucsf.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://dp.ucsf.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsf.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>dp.ucsf.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 444, expires on Mon Oct  4 19:20:54 2010 GMT -->
-          <ds:X509Certificate>
-MIIFAzCCA+ugAwIBAgICAbwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAwMzE5MjA1NFoXDTEwMTAw
-NDE5MjA1NFowFjEUMBIGA1UEAxMLZHAudWNzZi5lZHUwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAL38UnLIMPP6ULM3JMt3in+PtLQhD1hEC4vd45TxKEurL7Me
-WRX95OyDvDpDUxnvgntG1Uc8q+vQZw1Ydtf5VUv7lC2hIQHPKaaA6cqHcWkyrGvz
-sqBGduA1NUkuvX5TD2tZkX2cw4AoVpg13a+t0MX/Mfuhtiy6JO0X+8EqqyKNAgMB
-AAGjggKdMIICmTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDeq6q04ki5fSKGOfhjt
-ud9Lp7ITMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQsw
-CQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UE
-AxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUF
-BwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsG
-AQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuG
-OWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
-ZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGu
-IwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC2RwLnVjc2Yu
-ZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCyPTzm4iZFtprMTOEl4x8+Nh7GJZJBErNZ
-tJ1kuxNywJ+yCNLc75V+z/LIgpd0YoaZoUhtknzQMskbs37UZ/5LqdHxCH6yVZf7
-vCVNSNmbFSrhbrLxvgaPSIfp2H/p3te3v9fNJTOaiwHHUuLdn/J1XtlV5hZtuMOF
-IycSYPzuhyNT8SkBfRAtqn1L8ekQATIeqZPh8mAAJ5Bhk9QqYjRjfE9mwcw0LOGP
-kGpkb0X9psKNbA4UnirbkT2mA1j4y6OuqxVRbvCOEaYXrHUMDRbImmOpc4h4k/HH
-ox1OwwxESYdcngIsJK8WDOJpQV8x0T5Ik3ilU5vpT8146/LyF+Pu
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://dp.ucsf.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, San Francisco</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, San Francisco</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucsf.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Mukesh Yadav</GivenName>
-    <EmailAddress>mukesh.yadav@ucsf.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Omnilert, LLC -->
-<EntityDescriptor entityID="https://www.omnilert.net/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.omnilert.net</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 472, expires on Sun Dec  5 20:09:13 2010 GMT -->
-          <ds:X509Certificate>
-MIIFDTCCA/WgAwIBAgICAdgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIwNDIwMDkxM1oXDTEwMTIw
-NTIwMDkxM1owGzEZMBcGA1UEAxMQd3d3Lm9tbmlsZXJ0Lm5ldDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAn1ty+PZBoIj4hBES8WyxzqOy6CjQEMYH93AtZOOA
-Q0BLIMCHuLL6VI0kdhlI9TDKNHQwQg+UtY+FWlLbW3TPxvYbrpWMBupGL9CV+6LI
-Y+qdQALu1B/F3mWvMDYxt5uT59OnpCmQWdpv4+jje/DmFJw/2bsJF6wBUxSor/Nf
-6d8CAwEAAaOCAqIwggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUD5hZ/0Fl9rix
-ua07wGN2uvnUtvQwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRY
-MFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkw
-JwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYI
-KwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5p
-bmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2Iw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsr
-BgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQd3d3
-Lm9tbmlsZXJ0Lm5ldDANBgkqhkiG9w0BAQUFAAOCAQEA0RBRVCJ28djkkZuB3Fpl
-NFG4RcDl2o4Q5sjEELRWc+VjJnM3vWQtCXrBjihPAcdaHyqj36ocx8S+drFbZNio
-7Lwhzi9j/P6b2qYFAnGDXrvoiR1x14ks25OU83OOBr/6p6O8+feCm1kePwmgNUSR
-z+bc2h02a2T2FED6+gQi50vBWUO1F/+CaRsf8xxEUt3swxiNjyJNdaubQfQrZMbe
-oWHn52Pyl2P278tY26B4AAqrbyYEIG2r9LtkylNW8qGKAdfv5j6M6Qsa2XgrvlvA
-8s35LCMU4VczWhkyJ6zQSU6XnS4Jiy5spXONEqSYgm6KazfZoFlrhtfyX04vVaF+
-8g==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.omnilert.net/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.omnilert.net/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Omnilert, LLC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Omnilert, LLC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.omnilert.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Niclas Gustavsson</GivenName>
-    <EmailAddress>nick@omnilert.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- National Student Clearinghouse -->
-<EntityDescriptor entityID="shibboleth.studentclearinghouse.org">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.studentclearinghouse.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 431, expires on Thu Sep 16 18:25:26 2010 GMT -->
-          <ds:X509Certificate>
-MIIFMzCCBBugAwIBAgICAa8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxNTE4MjUyNloXDTEwMDkx
-NjE4MjUyNlowLjEsMCoGA1UEAxMjc2hpYmJvbGV0aC5zdHVkZW50Y2xlYXJpbmdo
-b3VzZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8fFUw3LWIC/q2E
-oezArp4IjYvRJLF4d9pCR8oayNFub+g3R16TfSe0yKrMM4bD81Rn7mMerswB0dKz
-+JiRaZuw4Fb9ytGZCmnGE8Zjf/t8Cr2yEXN/xQQv1clUcWq6BN8sTIDpWC+Qmy9c
-tiY5NB6HPZbwgrd+01hbNcSsgYZxAgMBAAGjggK1MIICsTAOBgNVHQ8BAf8EBAMC
-BaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-HQYDVR0OBBYEFAiT7XmlV0E2HuJN4gpTPC9UozCfMH4GA1UdIwR3MHWAFJMtyGEY
-rWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5D
-b21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNo
-dHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25j
-YTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMu
-cDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0
-cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMu
-cGRmMC4GA1UdEQQnMCWCI3NoaWJib2xldGguc3R1ZGVudGNsZWFyaW5naG91c2Uu
-b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQCCP56jBkF3NE4I6ff+tidrSqpRbsX01jZv
-bTo99OADf8yGnObck/Gd78OoERy2lQxHRrxoeVmag77xzf1CrQ8oVbPBvoE+MpJd
-aniqGppioL6TOYKtLDaQxc2S8s/jmMBwW/3YZTOoK5kFOhZushOXNbCDZmRXx2by
-1KLsqSMqyP7Ug4tKzAgXEeu+khAfkP9AGy1EuO6p5gPyGvRQ/vbWCQs8utWlJi6H
-CQKIPtOMhfk8rxHW8VC/1SimJHx7JvOXENIPIQEZOXVwUapsOauWARRV1QpME7R0
-AbztAeD/+7P30XKcBbsrpu22hcL0DY41YHzCvaYuTd1ouxfYqwdI
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibboleth.studentclearinghouse.org/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">National Student Clearinghouse</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">National Student Clearinghouse</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.studentclearinghouse.org/default.asp</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Doug Falk</GivenName>
-    <EmailAddress>falk@studentclearinghouse.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Tim Bornholtz</GivenName>
-    <EmailAddress>tim@bornholtz.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of California, Santa Cruz -->
-<EntityDescriptor entityID="urn:mace:incommon:ucsc.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.ucsc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 476, expires on Fri Dec 17 21:19:19 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjTCCBHWgAwIBAgICAdwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIxNjIxMTkxOVoXDTEwMTIx
-NzIxMTkxOVowGTEXMBUGA1UEAxMObG9naW4udWNzYy5lZHUwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCSO2gZQ1lSAwOHTsceWnCYsP6ZuOEglBjshPIB
-lvTTgy6E6LP0WR6sYyQ72zOH14EtzO5UUKg9rUt8BqXBoBUSmUBUmyMeadSHBwHA
-7JCTlgusoLIccG9c5jCYDedDnTLvjUpl3ywLJVSPYpw05RkUqlwEHlipdoRMzKyy
-VFoC+HWZssqI2w3HXJFD1Fr2XHmZjGBw79FKoooBbuMIXx32W2i88/krFXQhPfus
-KyB2qKelVmpWqxZFYeQcMJEvQR/oCFbWsgD5et3X86bddGjcyK/bs/OERSNpogYh
-pZsG6XMUA+kHXMI2QffZf3hZh1+jdBdhyDUnZtDVeLUEkp0jAgMBAAGjggKgMIIC
-nDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJbXBeHNLP4G0PqXbQuDoBmq0wctMH4G
-A1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21t
-b24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNo
-dHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBC
-BggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDmxvZ2luLnVjc2MuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQDQOUFYCcFNunrQBXxm5hSHMNTpvxy0ydb3xjwqtdQw
-Sf4PMHFPk/o4QRTc2Wnh158RSabQ+9pfLLi9CoGIyvR3IZuoNEarxQVFEYeaYX14
-pbx5X5FMqluZSJlJmK+HX2wWzQYSV0q4qBNbxcViiMOe1o6MlfY3O47OLLROVi5L
-9fDm/U3j6IMLecg0pcu1FTAXXloKl26fyp+Wh1ZJGYEQKqUtAWc4l6o95fhteP8h
-s2bd1ZvXDpfBjSBUWJC7r/1J9B959dkP2AopTEGf6enxEmkzxBL8gvCsv6h8E0pN
-Bcy4FNoCys9BQiP6rC4iR/kpT3MYff0/lDbM3Wq5WXW5
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.ucsc.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://login.ucsc.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.ucsc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 476, expires on Fri Dec 17 21:19:19 2010 GMT -->
-          <ds:X509Certificate>
-MIIFjTCCBHWgAwIBAgICAdwwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIxNjIxMTkxOVoXDTEwMTIx
-NzIxMTkxOVowGTEXMBUGA1UEAxMObG9naW4udWNzYy5lZHUwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCSO2gZQ1lSAwOHTsceWnCYsP6ZuOEglBjshPIB
-lvTTgy6E6LP0WR6sYyQ72zOH14EtzO5UUKg9rUt8BqXBoBUSmUBUmyMeadSHBwHA
-7JCTlgusoLIccG9c5jCYDedDnTLvjUpl3ywLJVSPYpw05RkUqlwEHlipdoRMzKyy
-VFoC+HWZssqI2w3HXJFD1Fr2XHmZjGBw79FKoooBbuMIXx32W2i88/krFXQhPfus
-KyB2qKelVmpWqxZFYeQcMJEvQR/oCFbWsgD5et3X86bddGjcyK/bs/OERSNpogYh
-pZsG6XMUA+kHXMI2QffZf3hZh1+jdBdhyDUnZtDVeLUEkp0jAgMBAAGjggKgMIIC
-nDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJbXBeHNLP4G0PqXbQuDoBmq0wctMH4G
-A1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21t
-b24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNo
-dHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBC
-BggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDmxvZ2luLnVjc2MuZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQDQOUFYCcFNunrQBXxm5hSHMNTpvxy0ydb3xjwqtdQw
-Sf4PMHFPk/o4QRTc2Wnh158RSabQ+9pfLLi9CoGIyvR3IZuoNEarxQVFEYeaYX14
-pbx5X5FMqluZSJlJmK+HX2wWzQYSV0q4qBNbxcViiMOe1o6MlfY3O47OLLROVi5L
-9fDm/U3j6IMLecg0pcu1FTAXXloKl26fyp+Wh1ZJGYEQKqUtAWc4l6o95fhteP8h
-s2bd1ZvXDpfBjSBUWJC7r/1J9B959dkP2AopTEGf6enxEmkzxBL8gvCsv6h8E0pN
-Bcy4FNoCys9BQiP6rC4iR/kpT3MYff0/lDbM3Wq5WXW5
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.ucsc.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of California, Santa Cruz</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of California, Santa Cruz</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ucsc.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Jeffrey Crawford</GivenName>
-    <EmailAddress>jeffreyc@ucsc.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Eric Goodman</GivenName>
-    <EmailAddress>ericg@ucsc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Northern Michigan University -->
-<EntityDescriptor entityID="urn:mace:incommon:nmu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nmu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sso.nmu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 493, expires on Sun Feb 13 20:00:54 2011 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAe0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIxMjIwMDA1NFoXDTExMDIx
-MzIwMDA1NFowFjEUMBIGA1UEAxMLc3NvLm5tdS5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCvIyUrqI7RNJ6XFN/F7wgZ3bKY6fgXndhLtviIgjNi
-V/4n5TSCMomu7nEojkCrAMwKnuaGv4PHumavb3Jre8Y65/Fw2jmHSwRCEnMkDst2
-oCx29Hm0nm81Ew/rvg3SEcSOs+d/WkQ3Sx5X+3hm3Qci88TvIEyi3dIO9aK1mVBB
-Cq1k/1CujIqXubLfA/LGFMMEyNUU/A/Zfw/Ig4dDe4hUIneCKpn7EnWpKuTI4VQo
-qXG6pGbLEALd87ZV4cME45hZwXFEgti7kvl293vJhhaGqdd7BFMFuZRs5wTjjuB1
-L7T/rBzDOu72iACixF8rLck+iuO+Ruhu26oOiKnWSTXnAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFMPJsWdc7+Gk8JRf2/hVACxgaqGWMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC3Nzby5ubXUuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQDOiphaH9y4wH/4B2Zg6s9FLlIZWiMcD/sJQX9Iu4biFwX/WtFN
-9PjqpsLU9xFFc9cYNO0ppEJvtp8vbdpYA22id9G98wyW5cUtF8jh7O3fL/cglaWS
-uFkYbT0qUNAe3ceSeTeud4LQZU4e8ITVj1msZz9IobIxFpROmT+SZT/47DaN911w
-5RPY2ZTVlVX+FjeqsRAnqE7wKH14oh9UoUQQ3kDD9xHJvH/CPzZxrE5RPfen0vv7
-0OZHJJt42dylmhqQAHDWWmAu816lOy/flBGHuRT7X06OLFEHdM3Hm0b7ld0YrvYg
-whIN8JhvHoiclcPpsFP5IwpT6RQijRaNW4RV
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://sso.nmu.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://sso.nmu.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">nmu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sso.nmu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 493, expires on Sun Feb 13 20:00:54 2011 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAe0wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIxMjIwMDA1NFoXDTExMDIx
-MzIwMDA1NFowFjEUMBIGA1UEAxMLc3NvLm5tdS5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCvIyUrqI7RNJ6XFN/F7wgZ3bKY6fgXndhLtviIgjNi
-V/4n5TSCMomu7nEojkCrAMwKnuaGv4PHumavb3Jre8Y65/Fw2jmHSwRCEnMkDst2
-oCx29Hm0nm81Ew/rvg3SEcSOs+d/WkQ3Sx5X+3hm3Qci88TvIEyi3dIO9aK1mVBB
-Cq1k/1CujIqXubLfA/LGFMMEyNUU/A/Zfw/Ig4dDe4hUIneCKpn7EnWpKuTI4VQo
-qXG6pGbLEALd87ZV4cME45hZwXFEgti7kvl293vJhhaGqdd7BFMFuZRs5wTjjuB1
-L7T/rBzDOu72iACixF8rLck+iuO+Ruhu26oOiKnWSTXnAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFMPJsWdc7+Gk8JRf2/hVACxgaqGWMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC3Nzby5ubXUuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQDOiphaH9y4wH/4B2Zg6s9FLlIZWiMcD/sJQX9Iu4biFwX/WtFN
-9PjqpsLU9xFFc9cYNO0ppEJvtp8vbdpYA22id9G98wyW5cUtF8jh7O3fL/cglaWS
-uFkYbT0qUNAe3ceSeTeud4LQZU4e8ITVj1msZz9IobIxFpROmT+SZT/47DaN911w
-5RPY2ZTVlVX+FjeqsRAnqE7wKH14oh9UoUQQ3kDD9xHJvH/CPzZxrE5RPfen0vv7
-0OZHJJt42dylmhqQAHDWWmAu816lOy/flBGHuRT7X06OLFEHdM3Hm0b7ld0YrvYg
-whIN8JhvHoiclcPpsFP5IwpT6RQijRaNW4RV
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://sso.nmu.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Northern Michigan University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Northern Michigan University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.nmu.edu</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Karl Mulder</GivenName>
-    <EmailAddress>kmulder@nmu.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>John Marra</GivenName>
-    <EmailAddress>jmarra@nmu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Travel Solutions, Inc. -->
-<EntityDescriptor entityID="https://www.ts24.com/shibboleth-sp">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>www.ts24.com</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 463, expires on Mon Nov  8 20:07:09 2010 GMT -->
-          <ds:X509Certificate>
-MIIFBTCCA+2gAwIBAgICAc8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTEwNzIwMDcwOVoXDTEwMTEw
-ODIwMDcwOVowFzEVMBMGA1UEAxMMd3d3LnRzMjQuY29tMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC9S6QKWeuZTPBytlfVJtPXJzyDsdl4qsDPBYzJKFrz03Yr
-Cz776IcfbM3ixxetvpQ4nvQpLr7aszEKl4kqof5RnhPraRt8zlEbXwAd9hSXIo1j
-Ca0kzZzrWU6a4V6FShbGHMGGnw2rUWhXRf0AHH6AJqn0Ifdva455rDxZtxQH+wID
-AQABo4ICnjCCApowDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR86xpWy3+FO8iNUXrM
-8goTDtn7SzB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEF
-BQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggr
-BgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAXBgNVHREEEDAOggx3d3cudHMy
-NC5jb20wDQYJKoZIhvcNAQEFBQADggEBAHVx9rufKqMtOsulOIbbjZaIJKP8+dsH
-CvjELrU2Fi1yeQjFRCelYdpw6zlbr67FtSNgDzzyq0PqZ96NUhd6wAjjw5L6m/3D
-z1pF2D0bZSkZiLw+I1tqzlSCW02eV31KOb6jDp88RE/InRRWg8N7VepLbXEBgdUX
-6G631E5kwrSRx5fRLk9SHUAuuE4eg8tFRljmKk7o9c+joOapkE8RAkOJda/6LWht
-WvUcG95M/xgdaGkLAjRiIfXF9L8fY7vr1yL5P3Zdk5OvUieFk57FxpZ6x/t3LV0u
-c/a8BOP0NC1EwfS6soxPZ8eXbKPI5fZb2UwW5s3Lldoc+O6tZcR5o8U=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.ts24.com/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.ts24.com/Shibboleth.sso/SAML/Artifact" index="2"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Travel Solutions, Inc.</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Travel Solutions, Inc.</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://ts24.com/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Binh Ly</GivenName>
-    <EmailAddress>bly@ts24.com</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Stevens Institute of Technology -->
-<EntityDescriptor entityID="urn:mace:incommon:stevens.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">stevens.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.stevens.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 457, expires on Fri Oct 29 19:13:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAckwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyODE5MTMwNloXDTEwMTAy
-OTE5MTMwNlowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5zdGV2ZW5zLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAocsjfJIlX+OTF31Cnw4/kkSJZTiIUoug
-jDbbz1T+a8i9qqFhM298Wc71GpyUq6kcDXRhzK6vxWxxmFsUfh12GAISAhRUszAZ
-4i9l/e20dp84rnW7QGRGdoBHoL304Z6xNTGW45Zu/hvaojeY/HK6WIR4FBrQG9my
-KG5W/nuqn90CAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQW/J
-6n/2/qfwRnkhPQM1MNsgcv8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWc2hpYmJvbGV0aC5zdGV2ZW5zLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAvfWD
-IkdOPTZTdW+kdgCJK2UW8BwsZkX63Sc6RRMEjDTYRNtkw2h4XA1zLm+27ewQSoM2
-RvkjS6WF9zMutAaZ5hKwApVzStW4wMB9rGIVFr7h+0QEBKRNa6oZ+c4YrR68aDdU
-QLzx5AdQOnm3ApYJwjsGJInojSFkgd+zDjidHqopb9Y2FwYuFqavE8EPjLUXW680
-eqgiCB2Z4z24byfXewB0A/PvKBj6wV7SNeqOcS/jrwBHBFJzBHiQ7011cFSWKNJX
-JJIh98XAHGe1WnZ8I2grI3BscWkuwyUUixXYc8VPUz4dqLD+aZmWAy8d+o2b4JD1
-/Phf4LkcGWZen1904w==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.stevens.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">stevens.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shibboleth.stevens.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 457, expires on Fri Oct 29 19:13:06 2010 GMT -->
-          <ds:X509Certificate>
-MIIFGTCCBAGgAwIBAgICAckwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTAyODE5MTMwNloXDTEwMTAy
-OTE5MTMwNlowITEfMB0GA1UEAxMWc2hpYmJvbGV0aC5zdGV2ZW5zLmVkdTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAocsjfJIlX+OTF31Cnw4/kkSJZTiIUoug
-jDbbz1T+a8i9qqFhM298Wc71GpyUq6kcDXRhzK6vxWxxmFsUfh12GAISAhRUszAZ
-4i9l/e20dp84rnW7QGRGdoBHoL304Z6xNTGW45Zu/hvaojeY/HK6WIR4FBrQG9my
-KG5W/nuqn90CAwEAAaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
-AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQW/J
-6n/2/qfwRnkhPQM1MNsgcv8wfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufK
-Y0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
-aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIB
-ADCBsgYIKwYBBQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1v
-bmNhMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0
-cy5wN2IwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSB
-hTCBgjA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2NybC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwy
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcw
-VTBTBgsrBgEEAa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25j
-YS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBow
-GIIWc2hpYmJvbGV0aC5zdGV2ZW5zLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAvfWD
-IkdOPTZTdW+kdgCJK2UW8BwsZkX63Sc6RRMEjDTYRNtkw2h4XA1zLm+27ewQSoM2
-RvkjS6WF9zMutAaZ5hKwApVzStW4wMB9rGIVFr7h+0QEBKRNa6oZ+c4YrR68aDdU
-QLzx5AdQOnm3ApYJwjsGJInojSFkgd+zDjidHqopb9Y2FwYuFqavE8EPjLUXW680
-eqgiCB2Z4z24byfXewB0A/PvKBj6wV7SNeqOcS/jrwBHBFJzBHiQ7011cFSWKNJX
-JJIh98XAHGe1WnZ8I2grI3BscWkuwyUUixXYc8VPUz4dqLD+aZmWAy8d+o2b4JD1
-/Phf4LkcGWZen1904w==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.stevens.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Stevens Institute of Technology</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Stevens Institute of Technology</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.stevens.edu/sit/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Byron Dolan</GivenName>
-    <EmailAddress>bdolan@stevens.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="administrative">
-    <GivenName>Simon Shi</GivenName>
-    <EmailAddress>sshi@stevens.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Simon Shi</GivenName>
-    <EmailAddress>sshi@stevens.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- MCNC -->
-<EntityDescriptor entityID="urn:mace:incommon:mcnc.org">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">mcnc.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.mcnc.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 486, expires on Thu Jan 27 20:11:00 2011 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAeYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDEyNjIwMTEwMFoXDTExMDEy
-NzIwMTEwMFowGDEWMBQGA1UEAxMNc2hpYi5tY25jLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALa8PSAGOD7i05Hx/bkR/dhNCfiI/uAxH6OocSOd
-DXVrIqDCdz9ORshHSCAe0zxCNBDrVjSU+sCwcQFZTN/BhX4fzkjeCBIIgcsGzy0K
-5jrhDJ0xLIaXw3SNWjxSaTFRMftouW8DA+RDkjyhTcQ/AfRqpu02Zk691Wwm/p+M
-buaK6UpGvJTwS4pZLDp2cDiowhxSyZSJb8gFcwdSaTZPgAte9W43TVFiIEc6Y08g
-+SSswSjhjlUrmXzLG6cGo/DIZuCGOPX+vaPS+CJXhHqACOW1n8GBTUP6bYpXG5Qy
-v0gEiF6Q3zpJZ7Y7eQy+LIXq7VRkQAGQJM5Bekr71/M2dXUCAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUW44lUTMIMW34L32RSSBpxHcbpRMwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INc2hpYi5tY25jLm9yZzANBgkq
-hkiG9w0BAQUFAAOCAQEAnbWRaMnlQu1PMuPRGxQKaIjnm25W4vSwxxzYpZLGGj+N
-iFFlJpbCJYlij0vjJ/JUskdbZyCVopCcqbi4AA0X9ezzRJWAl1eJK+u9oRLoQDm+
-ugjnifamZ/7x3PwIZ1eaTEyaDxCiHV2GpIz5lh7KnTs+p1o7mZfF6J0GPxqX1ltz
-Bdy7onbaItXINVNPCtTMHLDSrp1qdK7rkUPDQpDpChyz9Ziklzro6dgKEKw9J0l2
-xgsGNqHOXMeKNwErEdyDWw3AedupG70RPfSOLZIHiEJHpNUmz7B6ZAB5yMS5eZz7
-6CYR06z1DuBKhT87McNUZWFVqojdQfHYrYCnEpYUDw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.mcnc.org/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">mcnc.org</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.mcnc.org</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 486, expires on Thu Jan 27 20:11:00 2011 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAeYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDEyNjIwMTEwMFoXDTExMDEy
-NzIwMTEwMFowGDEWMBQGA1UEAxMNc2hpYi5tY25jLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALa8PSAGOD7i05Hx/bkR/dhNCfiI/uAxH6OocSOd
-DXVrIqDCdz9ORshHSCAe0zxCNBDrVjSU+sCwcQFZTN/BhX4fzkjeCBIIgcsGzy0K
-5jrhDJ0xLIaXw3SNWjxSaTFRMftouW8DA+RDkjyhTcQ/AfRqpu02Zk691Wwm/p+M
-buaK6UpGvJTwS4pZLDp2cDiowhxSyZSJb8gFcwdSaTZPgAte9W43TVFiIEc6Y08g
-+SSswSjhjlUrmXzLG6cGo/DIZuCGOPX+vaPS+CJXhHqACOW1n8GBTUP6bYpXG5Qy
-v0gEiF6Q3zpJZ7Y7eQy+LIXq7VRkQAGQJM5Bekr71/M2dXUCAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUW44lUTMIMW34L32RSSBpxHcbpRMwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INc2hpYi5tY25jLm9yZzANBgkq
-hkiG9w0BAQUFAAOCAQEAnbWRaMnlQu1PMuPRGxQKaIjnm25W4vSwxxzYpZLGGj+N
-iFFlJpbCJYlij0vjJ/JUskdbZyCVopCcqbi4AA0X9ezzRJWAl1eJK+u9oRLoQDm+
-ugjnifamZ/7x3PwIZ1eaTEyaDxCiHV2GpIz5lh7KnTs+p1o7mZfF6J0GPxqX1ltz
-Bdy7onbaItXINVNPCtTMHLDSrp1qdK7rkUPDQpDpChyz9Ziklzro6dgKEKw9J0l2
-xgsGNqHOXMeKNwErEdyDWw3AedupG70RPfSOLZIHiEJHpNUmz7B6ZAB5yMS5eZz7
-6CYR06z1DuBKhT87McNUZWFVqojdQfHYrYCnEpYUDw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.mcnc.org:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">MCNC</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">MCNC</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.mcnc.org/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Steve Thorpe</GivenName>
-    <EmailAddress>thorpe@mcnc.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Keith Venters</GivenName>
-    <EmailAddress>kventers@mcnc.org</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Chris Caswell</GivenName>
-    <EmailAddress>ccaswell@mcnc.org</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Brown University -->
-<EntityDescriptor entityID="urn:mace:incommon:brown.edu">
-  <IDPSSODescriptor errorURL="https://wiki.brown.edu/confluence/x/b4D_AQ" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">brown.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sso.brown.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 470, expires on Sat Dec  4 20:12:36 2010 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAdYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIwMzIwMTIzNloXDTEwMTIw
-NDIwMTIzNlowGDEWMBQGA1UEAxMNc3NvLmJyb3duLmVkdTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALJiUuxzSSpZqym8fnDsyuM/RZGXQGa7HISwVFPM
-FRyHWojRKzy17Ea2EtojP3FNqw2v0zAdtc4OGfuXRyY106eJoNmcqbTgaCex+zeC
-D7Vo0zABYx5YR3QptUkzAnoKWP2RFCEXUiN6Cpu8dz9SuQExb6Sj9yeYYOQrPkDE
-GLB6f6MRrWqWje4BdPY1rVRY5X0mDNA1TZ4rEhI19CHpjozj6xV9hFGFCIctDS7m
-xfHQnRz+E7hbqI5f/1A62mVVyv/UORp39Jf52JVhdnxUcAFfFoVNxxS2I0AnNAFU
-O8ypIVCBFOJqQmd3iaFeHCscO7wY6MDyp9fGbrKdYABIM70CAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUd9gkg/AJGCd4Fp1uDSmEGTGhEWQwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INc3NvLmJyb3duLmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEArp6d+sYNBHSmEd13Hkb88voWkr5mu1EHh80MrwGBgB/1
-eqb0TQqQUMKAll+zmj+zkjcpdo3wEDlRYWwHUi2+CMjomIEqyFCFkSiH76BwFEwg
-xcmDKcHgX838AT1Bf/6S7muTJF+bqFb21yCugGZ3hS8DHbHLj1LqLR4feycZyxNs
-D+ljCT8Dw56Nop8oRCQqkYgQqdMjULSpBsrFTfgKO0OzCyxbvPq39aRMjUtOMdKC
-0z044PObWHWadU/pedaOwnaB/EINlIOPDeYHbhJAaRRTGccYlnG9Wgs+reTBp4jK
-Ht+HOLYVH/hQo8fE76DpgVINNBPHHicrQEfiRQfjRw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://sso.brown.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">brown.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sso.brown.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 470, expires on Sat Dec  4 20:12:36 2010 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAdYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MTIwMzIwMTIzNloXDTEwMTIw
-NDIwMTIzNlowGDEWMBQGA1UEAxMNc3NvLmJyb3duLmVkdTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALJiUuxzSSpZqym8fnDsyuM/RZGXQGa7HISwVFPM
-FRyHWojRKzy17Ea2EtojP3FNqw2v0zAdtc4OGfuXRyY106eJoNmcqbTgaCex+zeC
-D7Vo0zABYx5YR3QptUkzAnoKWP2RFCEXUiN6Cpu8dz9SuQExb6Sj9yeYYOQrPkDE
-GLB6f6MRrWqWje4BdPY1rVRY5X0mDNA1TZ4rEhI19CHpjozj6xV9hFGFCIctDS7m
-xfHQnRz+E7hbqI5f/1A62mVVyv/UORp39Jf52JVhdnxUcAFfFoVNxxS2I0AnNAFU
-O8ypIVCBFOJqQmd3iaFeHCscO7wY6MDyp9fGbrKdYABIM70CAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUd9gkg/AJGCd4Fp1uDSmEGTGhEWQwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INc3NvLmJyb3duLmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEArp6d+sYNBHSmEd13Hkb88voWkr5mu1EHh80MrwGBgB/1
-eqb0TQqQUMKAll+zmj+zkjcpdo3wEDlRYWwHUi2+CMjomIEqyFCFkSiH76BwFEwg
-xcmDKcHgX838AT1Bf/6S7muTJF+bqFb21yCugGZ3hS8DHbHLj1LqLR4feycZyxNs
-D+ljCT8Dw56Nop8oRCQqkYgQqdMjULSpBsrFTfgKO0OzCyxbvPq39aRMjUtOMdKC
-0z044PObWHWadU/pedaOwnaB/EINlIOPDeYHbhJAaRRTGccYlnG9Wgs+reTBp4jK
-Ht+HOLYVH/hQo8fE76DpgVINNBPHHicrQEfiRQfjRw==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://sso.brown.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Brown University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Brown University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.brown.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Brown University Shibboleth Administrator</GivenName>
-    <EmailAddress>idm-shib-admin@brown.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://groups.brown.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>groups.brown.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 502, expires on Thu Mar 17 18:50:36 2011 GMT -->
-          <ds:X509Certificate>
-MIIFkTCCBHmgAwIBAgICAfYwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMxNjE4NTAzNloXDTExMDMx
-NzE4NTAzNlowGzEZMBcGA1UEAxMQZ3JvdXBzLmJyb3duLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALCyNFQPgtaqUEdRtAPgy5f+QiRwSSa5r1TW
-vcvLTIvcTiAWg+yzd5Xeod+ZejaEi1Y/nLGVYcS7jrMHLQgofDP9liFcZzmLvJS5
-ZIT9sXkYYZC2oi9qR/3PQ17Wat/naCTaxKYjkywmnXsLUfUGeY84SmzIloKNhkTs
-nGT3Izt/9a+Gt8q1Wl5+b7xAVTc6WDs4DnMJlzo/su4LBfG598yrcHCCSgkC+D+q
-6URydpSLVJjtpsWICgEdmjqK2ngYYoq/urvE6pPgvM4c8K133ldw2sEtRLvKnt2L
-5U90GHJKkHXUB9VGUyi/lvHoLyxi0cT+FUYFVnjIYdPtKp/iU10CAwEAAaOCAqIw
-ggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUFjeo7IhQhHwTJIksmjwuNyK4nhww
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUw
-gaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKG
-Q2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRn
-ZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBE
-MEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQZ3JvdXBzLmJyb3duLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAJJk3YEnwcW0BPIFn3uRhhjB2ygpoJZpJu2hW
-Sh02xoMk3VpuBofy2ZB2Bh6CeS9CuTN2NrbusTKhE5Te9GJITnZAHf+aU02Q29I4
-uEhb7Rjevt+dgj6aHNG6zo5LMn/gSafihafi4XqdHbcvRE8frRBxCnsLsnvJqiZ9
-H/C4SyWJ5FQL8l1Dt3C819UxxLoHkkuPmgVCqR21I/apo2gLIdPt5O/hmmcgqOSe
-ZbfQkDiOcZY41CIU1S8wZQW8rq02kv961BkcUcHBlHTqWfWtpdVQMyB9ArbR4u1K
-SrgwTJ+UKtxeNn1ANISYWoLpxz9qkJjlg/8bzPddxkGR4wwcKg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://groups.brown.edu/Shibboleth/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Brown University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Brown University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.brown.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Shibboleth Administrator</GivenName>
-    <EmailAddress>idm-shib-admin@brown.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://groups.cis-qas.brown.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>groups.cis-qas.brown.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 503, expires on Thu Mar 17 18:50:45 2011 GMT -->
-          <ds:X509Certificate>
-MIIFoTCCBImgAwIBAgICAfcwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMxNjE4NTA0NVoXDTExMDMx
-NzE4NTA0NVowIzEhMB8GA1UEAxMYZ3JvdXBzLmNpcy1xYXMuYnJvd24uZWR1MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kwxg3WePfG/2MEhA8qwxJwp
-W3KjguVtqBPj/GqIE3UbvVLOR2PmAOvJM47+6ISrVxn+Dz7/vliK0j0I4AduxEZe
-u8dLztZpdEQFjZ/PUKKyRDMwg59dKU+ob/wJbigOBWsrgEnpCMGFC+CY9LRkpXpA
-UnpNeZrv6pFbqVMN7lsAMpLbknliz1sTLpchKD0/5l1q3Vxmiuiu38Yzg6mXEjy8
-IQvin6Oh9aBvi1wgD6ChIUAwVSLIrjp2Fpvzu+b/bnUvBaQPk4DPUsHz7pbrk87K
-+HFnmSVQ8BHHoKAwJpMVdc+8VUiLicNs3NcxFWuy+sxm0jdgfX2S3w0VZZExCwID
-AQABo4ICqjCCAqYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSwoEGU+I4tcO94KMts
-esi9eNLloTB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pjRaFapFgwVjEL
-MAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNV
-BAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMIGyBggrBgEF
-BQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2ExLmluY29t
-bW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjBPBggr
-BgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7
-hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3Js
-L2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25m
-ZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQB
-riMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAjBgNVHREEHDAaghhncm91cHMu
-Y2lzLXFhcy5icm93bi5lZHUwDQYJKoZIhvcNAQEFBQADggEBABczluBf2UDbPwAZ
-FcuV8sHrvnHXTeNxhXC/dQxs2i0rKHy1YEy0DnBfSGXiTjqWlZ8/GEXSdZRJXT8q
-Lkf0voum2kMY9bpmGjVVoyNTBDIDj31yCWpvcidyEZwY7WbWvhfWx4SCP6FcXjwK
-O5R7FXhaasxsFSAY9dF2kEjmfWnMd46XLmHtgTqK5QPyJ/bCpJu8nz/PRPjghq32
-W9wxIvUp7X8btulwPHCT8Wx3NZ3OSdlzWI0dm3h48O8dusNoirbGB+gYd+qQlse2
-3W1z6NrZoEi3gXFOWUTFf4NbGkVUYgwqUka7h2hlRSeOgGDyoCBeveCbf3z0OAeI
-yg0MMYc=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://groups.cis-qas.brown.edu/Shibboleth/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Brown University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Brown University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.brown.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Shibboleth Administrator</GivenName>
-    <EmailAddress>idm-shib-admin@brown.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://james.cis.brown.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>james.cis.brown.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 504, expires on Thu Mar 17 18:50:54 2011 GMT -->
-          <ds:X509Certificate>
-MIIFlzCCBH+gAwIBAgICAfgwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMxNjE4NTA1NFoXDTExMDMx
-NzE4NTA1NFowHjEcMBoGA1UEAxMTamFtZXMuY2lzLmJyb3duLmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjNjOCYmjsTRZXKDITnYjPLMcz3bhJl
-JTdm6QXrmluIc2HcK8w5Wpl2fhTRaz9sxsrhoxHhIu9sMAZswJ2bYn/qP1JYApFQ
-uwdHG0zAapWGmrUr5uGUf29J5cxhqNxsPnS8Mk/d35/D1D3J8KyL/DZYND8LZ+YH
-KCy/sPAaxbh4sU22SO0ZDFzSarwL9HWBSNO5inCRAeY/HHAj9WPE303txHkGFmKr
-DsXQoUAE6CYeaOexDfHoo1T05CCCNGbA+Ea0g6iBn1EJuM0XBCMVmJ0J+9Hr8+yj
-JQ9T5Q1hQBVaKBMcQFM5C6XXS902czIl04rUYTOBX3o5kl7eyMr1ng0CAwEAAaOC
-AqUwggKhMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
-CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUnZSndHd+52BAPGCya0V2qcIh
-+tEwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNV
-BAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJ
-bkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEE
-gaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUH
-MAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Jy
-aWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
-cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNy
-bHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJh
-dGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQB
-ATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwHgYDVR0RBBcwFYITamFtZXMuY2lzLmJy
-b3duLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAdsdPtkObCHWynGj3/O67CmFrcZ85
-UtBKjBu0IONrcutMbB7sS7+3YWJTLTYSyXpi66NUeYti3MmB9PEBEz7DHWqq3WNa
-Ggg0lo+ffnq2J62LkYFskNPr/YoyuzocQTT01VfSkigRqMpoMpBV/u9ipnxjygva
-juI1Qi0ptFXr3jFeGEbtf33i85Tbu74LlbKm6/wYJudnX97GpQIRjsBIMCctuLm/
-wzWDeP6Gz+ohtwpu/L6gH63Dr3l5591Eu4fkmZPBL+H4M+89rP9hvM+ztFN34cVh
-EJ4UbTsAnZTTxBVlXy2WGHJW6vX27JPCIB09fdiW+uROn0IoAqrOE81Msg==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://james.cis.brown.edu/Shibboleth.sso/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Brown University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Brown University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.brown.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Shibboleth Adminstrator</GivenName>
-    <EmailAddress>idm-shib-admin@brown.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wiki.brown.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wiki.brown.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 505, expires on Thu Mar 17 18:51:01 2011 GMT -->
-          <ds:X509Certificate>
-MIIFjTCCBHWgAwIBAgICAfkwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMxNjE4NTEwMVoXDTExMDMx
-NzE4NTEwMVowGTEXMBUGA1UEAxMOd2lraS5icm93bi5lZHUwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDBAadQfT9KJ66pa/qob7Cp0i4HQfDhl/FAzL5d
-Ls/ekMycDsEZHpCouVHUsRmpkgU3MSgtR5MlLPIbNoHiJf6D+2m3UDGCsVGb0iqG
-I72Qwe42fv8/OFK2I47qzv/FSvZS3zmUkuKuu+yyWBpe+c05Wf97IH1pXSKcNVsx
-dBt8pVYt/vOHJljm6uZoML9BybJyORwb9TDw6ceS/L3yFPSMg8MRw3ZMpAL0do8R
-PT0VyP/hISj5EIicDtxY+7dmUwLHf+hOHbCOT/vG+ugpKgC4/6fRgdFXbUuXhtyS
-GzijoiOxRR9F5WGrpStBdAUh/FALgWfLNqo5CrBRRX84dguNAgMBAAGjggKgMIIC
-nDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHf5QI+B6jmxkv/q4mOFVch6PgjRMH4G
-A1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21t
-b24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGi
-ME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0
-aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNo
-dHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2Uv
-Y2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9p
-bmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNy
-bDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBC
-BggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDndpa2kuYnJvd24uZWR1MA0G
-CSqGSIb3DQEBBQUAA4IBAQBV+pfuvgvsgGLAaBpYmDuGb+BpmXKWF3iZFM07Vn1A
-YznQMF815R7uGbfVtm5apfKpb/+dMShqf9mJBuWsO/qQObCefDBhHWDP6sGNl5kP
-0E4035HhkMnYJ95QIRHOCJfkBqaoBtTAdBQbK73PUml9+I4pbwGAH9X9byJGLR9m
-V954AUVI4eRlwfDE9Lzu3M5bpwx93MSM/NcFqI/3TUflz3oFPtaAwdsxgpx/+IdQ
-thnb7Y7Xi/ai2Aaqh3BSDcDt3aexs6qh0w2NSekJpKpt2rxo56JnmM7giIXobOAZ
-tCsh88wUBm9yRylWyMiIbhT7HIPTMsL6UGutmvWu0nT6
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki.brown.edu/Shibboleth/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Brown University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Brown University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.brown.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Shibboleth Administrator</GivenName>
-    <EmailAddress>idm-shib-admin@brown.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-<EntityDescriptor entityID="https://wiki.cis-qas.brown.edu/shibboleth">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <KeyDescriptor>
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>wiki.cis-qas.brown.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 506, expires on Thu Mar 17 18:51:06 2011 GMT -->
-          <ds:X509Certificate>
-MIIFnTCCBIWgAwIBAgICAfowDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMxNjE4NTEwNloXDTExMDMx
-NzE4NTEwNlowITEfMB0GA1UEAxMWd2lraS5jaXMtcWFzLmJyb3duLmVkdTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr/QN0mj26T0MJ+QfxD3fDMsJgn
-UsME0F7BCIIC4P6P1npUE0kHpPeRK6tlJt9Nl4URAa3VIl1c0dsVubhBHXx+Nbn9
-QCyjdXZ9T67h7IgVey8BtrOWcLzBFWgIjG6BNDWggUcK6cyIGE+iySp8YxIgPfzY
-fet4pmIc/6gBL5YilwBhpi+dCx3vKob7pLZaHttvRnzGIVKuZblB2AInbbPtTfso
-rvvS3dKySbWUMkrDklqIA0AdYT2EoGmeZ9K7GrXRQHtLtfiInf3D6cxqWkVu7zdv
-pTaUpRw4v+2zXRaGXJWbV6gbVKRanCe2JbwsZjnKZJ1sF3G42t8jNzRhAIkCAwEA
-AaOCAqgwggKkMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUF6fKWsG+o/P187sTygD/
-nZuG2LMwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJ
-BgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQD
-EyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUH
-AQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYB
-BQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5
-aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9l
-ZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4j
-AQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZl
-ZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwIQYDVR0RBBowGIIWd2lraS5jaXMt
-cWFzLmJyb3duLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAlEUEHRyaRgTQRMQ24xBF
-vE/T9Zye2XMKb+gAC/h7I5YxoYdK389W8clJaTUa5sC+ugFcPkTeO61W3OUvfo+4
-jVYVzT0l0alt2Be84mdt0N/Ygq5NMLhOeBhPkA/a6iLL1Pzeg41isTLbMkKuxL6J
-WWvKiNpDuW7ecPTLeIiV+JD3S485/063u+bMHMKFBnNuDnymH4mCjo2v8zR7GRyY
-LvPwILvMzD8JfvtTZWf1n87rZNRXNpF34EWWVXn4KYaM8U5PFHTBk1RTyQWWBlyG
-AwLIsLiNDGOFFjNffdCuaX/HWKD8g6lue8QrlnzG51v3n1FPi2877HYOYJzAG6+w
-7A==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki.cis-qas.brown.edu/Shibboleth/SAML/POST" index="1"></AssertionConsumerService>
-  </SPSSODescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Brown University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Brown University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.brown.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Shibboleth Administrator</GivenName>
-    <EmailAddress>idm-shib-admin@brown.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Missouri System -->
-<EntityDescriptor entityID="urn:mace:incommon:umsystem.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umsystem.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib-idp.umsystem.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 491, expires on Sat Feb  5 16:22:23 2011 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICAeswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIwNDE2MjIyM1oXDTExMDIw
-NTE2MjIyM1owIDEeMBwGA1UEAxMVc2hpYi1pZHAudW1zeXN0ZW0uZWR1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxvpp/mFM+EtZ7LA5U2BkcK5UA0pngjvH1
-MGtk6qGZXN2fs8UWlJrW0fBuuvHewrEO7i4G8yZt52G0BMlYLfXhoqOJS+I5ZWQT
-vxMJNZUMZ7BNFtRW+Ci4/DITzDv0YJL08oY+kVTXeR6Cb2N+zQ7aEIKftEtnO8P/
-wkP88puBvQIDAQABo4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTKkqbJ
-RTBqg78wPi+bkUI9QwCR1jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAX
-ghVzaGliLWlkcC51bXN5c3RlbS5lZHUwDQYJKoZIhvcNAQEFBQADggEBACJs2yEL
-gfydcxcbwP2GacpzPt4B+LoHf8uzV9BvqmK1AhDKTC+46or23apHFdzeAg8LvS96
-hEI4NeOVQAUED9mBKZnbp9tR/+Jf4kNlH0HVlndHQxOsn4jy7RISsbwuv8BbtzZC
-clZ3PKpM6iDlXR62Fn+GF6TITwpvasHp/HwKsg9JE28kwozozms526FpkXVcQ+EG
-M9qFVLYYJ3NORvEr/ItRu1loDJpH/ps92uKPJ41AbGdItiJYe5EZN0Z6Uie213jy
-QCjiHr+PGzeRLvZnlwYdZXnWoBZtI5nh9CbvAhzFYd4IBBcB0OksSN2E77WRsKEz
-MuvF+PikKDzubzM=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib-idp.umsystem.edu/shibboleth-idp/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">umsystem.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib-idp.umsystem.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 491, expires on Sat Feb  5 16:22:23 2011 GMT -->
-          <ds:X509Certificate>
-MIIFFzCCA/+gAwIBAgICAeswDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIwNDE2MjIyM1oXDTExMDIw
-NTE2MjIyM1owIDEeMBwGA1UEAxMVc2hpYi1pZHAudW1zeXN0ZW0uZWR1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxvpp/mFM+EtZ7LA5U2BkcK5UA0pngjvH1
-MGtk6qGZXN2fs8UWlJrW0fBuuvHewrEO7i4G8yZt52G0BMlYLfXhoqOJS+I5ZWQT
-vxMJNZUMZ7BNFtRW+Ci4/DITzDv0YJL08oY+kVTXeR6Cb2N+zQ7aEIKftEtnO8P/
-wkP88puBvQIDAQABo4ICpzCCAqMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTKkqbJ
-RTBqg78wPi+bkUI9QwCR1jB+BgNVHSMEdzB1gBSTLchhGK1j45tls53djZO658pj
-RaFapFgwVjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRp
-b24xKTAnBgNVBAMTIEluQ29tbW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEA
-MIGyBggrBgEFBQcBAQSBpTCBojBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9u
-Y2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
-LnA3YjBPBggrBgEFBQcwAoZDaHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVk
-ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGF
-MIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIu
-aW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBV
-MFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNh
-LmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAgBgNVHREEGTAX
-ghVzaGliLWlkcC51bXN5c3RlbS5lZHUwDQYJKoZIhvcNAQEFBQADggEBACJs2yEL
-gfydcxcbwP2GacpzPt4B+LoHf8uzV9BvqmK1AhDKTC+46or23apHFdzeAg8LvS96
-hEI4NeOVQAUED9mBKZnbp9tR/+Jf4kNlH0HVlndHQxOsn4jy7RISsbwuv8BbtzZC
-clZ3PKpM6iDlXR62Fn+GF6TITwpvasHp/HwKsg9JE28kwozozms526FpkXVcQ+EG
-M9qFVLYYJ3NORvEr/ItRu1loDJpH/ps92uKPJ41AbGdItiJYe5EZN0Z6Uie213jy
-QCjiHr+PGzeRLvZnlwYdZXnWoBZtI5nh9CbvAhzFYd4IBBcB0OksSN2E77WRsKEz
-MuvF+PikKDzubzM=
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib-idp.umsystem.edu:8443/shibboleth-idp/AA"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Missouri System</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Missouri System</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.system.missouri.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="administrative">
-    <GivenName>Clark, Hank</GivenName>
-    <EmailAddress>clarkc@missouri.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="technical">
-    <GivenName>Dourty, Brian R.</GivenName>
-    <EmailAddress>DourtyB@mssouri.edu</EmailAddress>
-  </ContactPerson>
-  <ContactPerson contactType="support">
-    <GivenName>Hancock Jr, Denis C.</GivenName>
-    <EmailAddress>HancockDC@missouri.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- North Carolina State University -->
-<EntityDescriptor entityID="urn:mace:incommon:ncsu.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ncsu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.ncsu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 484, expires on Sun Jan 16 20:15:19 2011 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAeQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDExNTIwMTUxOVoXDTExMDEx
-NjIwMTUxOVowGDEWMBQGA1UEAxMNc2hpYi5uY3N1LmVkdTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALTnJzLSRt2QQkY5unH3Y1zd2fVXIJts+Pc++MW9
-dKq9/Fba3yP3i+SI5ldeO8+PU/vBl263MMkli8yZArbh7dIuLBzuNTRbHBmi8How
-6HAQYqWa/J4mv7gi111k7e0yxjVagfj0PyKP72JVQ5prDVGYi/YlBaic5mVtdRta
-WUgoudmAcpN10cqkX018UF9LVas8HAVQMWKKzxmix9ICAIilVrep0qXJdfLKJ4Qr
-HXY6jVWrhcco+nKx44ggEs2cOFs6ej+LCRGq2WBYicAcOPEkYzAgcJXoBoSgyQzh
-xPMbypWTupI7uxRlSM3j0N44skhF/HyZCujcvCk59qbdEFECAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUd0bT0fZn8kzZVApw511MXYuf5kkwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INc2hpYi5uY3N1LmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEATElENKovoVxVQCoqGGxpsFjUsGMpsJ8ULW2giOftj4kA
-QqHhVumwzwSGoRzBAKlQ0Q7uBL8RZKhFgTbswYm6o7hNNlOrSXLTB9bGkUz+jgpq
-JaW7IImQmHlo0/Yh7eUD0DiAkR4QV15LG8xsck6x0wGL2OAdijAioMiwlQWLYeNR
-MV9Kav/8CbtEF2NGdEEfNlfo6LfMSfNw+HqijfpXBhSZK3QNO2QTDWwv3+/aaEBh
-LhL+R1JUcV9w4jJZ7/W/s1EDuHWA8PCDN4/qPAyFPUeG/2sJEP71LdyZ0/oyb78x
-4cgsQim3WAL+C0b61QXcAtXaZ7agxbVSzRZUh+eZBA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.ncsu.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.ncsu.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ncsu.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>shib.ncsu.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 484, expires on Sun Jan 16 20:15:19 2011 GMT -->
-          <ds:X509Certificate>
-MIIFizCCBHOgAwIBAgICAeQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDExNTIwMTUxOVoXDTExMDEx
-NjIwMTUxOVowGDEWMBQGA1UEAxMNc2hpYi5uY3N1LmVkdTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALTnJzLSRt2QQkY5unH3Y1zd2fVXIJts+Pc++MW9
-dKq9/Fba3yP3i+SI5ldeO8+PU/vBl263MMkli8yZArbh7dIuLBzuNTRbHBmi8How
-6HAQYqWa/J4mv7gi111k7e0yxjVagfj0PyKP72JVQ5prDVGYi/YlBaic5mVtdRta
-WUgoudmAcpN10cqkX018UF9LVas8HAVQMWKKzxmix9ICAIilVrep0qXJdfLKJ4Qr
-HXY6jVWrhcco+nKx44ggEs2cOFs6ej+LCRGq2WBYicAcOPEkYzAgcJXoBoSgyQzh
-xPMbypWTupI7uxRlSM3j0N44skhF/HyZCujcvCk59qbdEFECAwEAAaOCAp8wggKb
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUd0bT0fZn8kzZVApw511MXYuf5kkwfgYD
-VR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1v
-biBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUwgaIw
-TwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKGQ2h0
-dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9j
-ZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2lu
-Y29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3Js
-MD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlvbi5v
-cmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBEMEIG
-CCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INc2hpYi5uY3N1LmVkdTANBgkq
-hkiG9w0BAQUFAAOCAQEATElENKovoVxVQCoqGGxpsFjUsGMpsJ8ULW2giOftj4kA
-QqHhVumwzwSGoRzBAKlQ0Q7uBL8RZKhFgTbswYm6o7hNNlOrSXLTB9bGkUz+jgpq
-JaW7IImQmHlo0/Yh7eUD0DiAkR4QV15LG8xsck6x0wGL2OAdijAioMiwlQWLYeNR
-MV9Kav/8CbtEF2NGdEEfNlfo6LfMSfNw+HqijfpXBhSZK3QNO2QTDWwv3+/aaEBh
-LhL+R1JUcV9w4jJZ7/W/s1EDuHWA8PCDN4/qPAyFPUeG/2sJEP71LdyZ0/oyb78x
-4cgsQim3WAL+C0b61QXcAtXaZ7agxbVSzRZUh+eZBA==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.ncsu.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">North Carolina State University</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">North Carolina State University</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ncsu.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Charles Brabec</GivenName>
-    <EmailAddress>brabec@ncsu.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- Ramapo College of New Jersey -->
-<EntityDescriptor entityID="urn:mace:incommon:ramapo.edu">
-  <IDPSSODescriptor errorURL="https://idp.ramapo.edu/support.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ramapo.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.ramapo.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 492, expires on Sun Feb  6 20:43:35 2011 GMT -->
-          <ds:X509Certificate>
-MIIFCTCCA/GgAwIBAgICAewwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIwNTIwNDMzNVoXDTExMDIw
-NjIwNDMzNVowGTEXMBUGA1UEAxMOaWRwLnJhbWFwby5lZHUwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAKmSTYhLPiOKhfUhNaGBPHVJygcs2hjCM29VuQn4yneS
-Wqocllu9UyRQFT3Q62vL2TaJzqKEfPPGbgvR3uqOVeXrTEGHAuXHLaUUifhuyM8a
-mLgGYeqkRNp/nH+JGwt2hSl8i1jaD1auc2tViZA6rIB1IHLbGCd4ZXBK1UrBDLXd
-AgMBAAGjggKgMIICnDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFSg7+h9EKe/AOUg
-tJW5pKeMYuNbMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBW
-MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcG
-A1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsG
-AQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDmlkcC5y
-YW1hcG8uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCgjLUtnrdonc0Z/mSpiT3FFcD6
-KeOg0JF2mmu0GwDuMT0ODVRywExXeh270HAT4n4F0Kv5IcbH1mjCafKffY49v5bW
-NzmziquxDll7PIjl6qjLQvJTz08cxXuh0TlLfEwzfoKwy7blct9evj+0LqnALPK8
-EObBF1k67Jdoky9Myu5PfRUjBV7qDX41lU14i/AFAENjw5vjh3onnd1507ibB1of
-1ypOIbJYwneXANsYUgScu/udiazRy6bHJrwD/U46Nr6flJMyy+Zp54pUyYybQR8m
-6/q8IBmeZLqcjiZIHgaHSFVekGug0my30N6R3Z1a6RqWkb/zdv+2918DtBPC
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.ramapo.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.ramapo.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ramapo.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>idp.ramapo.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 492, expires on Sun Feb  6 20:43:35 2011 GMT -->
-          <ds:X509Certificate>
-MIIFCTCCA/GgAwIBAgICAewwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIwNTIwNDMzNVoXDTExMDIw
-NjIwNDMzNVowGTEXMBUGA1UEAxMOaWRwLnJhbWFwby5lZHUwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAKmSTYhLPiOKhfUhNaGBPHVJygcs2hjCM29VuQn4yneS
-Wqocllu9UyRQFT3Q62vL2TaJzqKEfPPGbgvR3uqOVeXrTEGHAuXHLaUUifhuyM8a
-mLgGYeqkRNp/nH+JGwt2hSl8i1jaD1auc2tViZA6rIB1IHLbGCd4ZXBK1UrBDLXd
-AgMBAAGjggKgMIICnDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFSg7+h9EKe/AOUg
-tJW5pKeMYuNbMH4GA1UdIwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBW
-MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcG
-A1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsG
-AQUFBwEBBIGlMIGiME8GCCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5j
-b21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9
-oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9j
-cmwvZWVjcmxzLmNybDA/oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYB
-BAGuIwEEAQEwRDBCBggrBgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21t
-b25mZWRlcmF0aW9uLm9yZy9wcmFjdGljZXMucGRmMBkGA1UdEQQSMBCCDmlkcC5y
-YW1hcG8uZWR1MA0GCSqGSIb3DQEBBQUAA4IBAQCgjLUtnrdonc0Z/mSpiT3FFcD6
-KeOg0JF2mmu0GwDuMT0ODVRywExXeh270HAT4n4F0Kv5IcbH1mjCafKffY49v5bW
-NzmziquxDll7PIjl6qjLQvJTz08cxXuh0TlLfEwzfoKwy7blct9evj+0LqnALPK8
-EObBF1k67Jdoky9Myu5PfRUjBV7qDX41lU14i/AFAENjw5vjh3onnd1507ibB1of
-1ypOIbJYwneXANsYUgScu/udiazRy6bHJrwD/U46Nr6flJMyy+Zp54pUyYybQR8m
-6/q8IBmeZLqcjiZIHgaHSFVekGug0my30N6R3Z1a6RqWkb/zdv+2918DtBPC
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.ramapo.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">Ramapo College of New Jersey</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">Ramapo College of New Jersey</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.ramapo.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Michael Skafida</GivenName>
-    <EmailAddress>mskafida@ramapo.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of North Carolina at Chapel Hill -->
-<EntityDescriptor entityID="urn:mace:incommon:unc.edu">
-  <IDPSSODescriptor errorURL="https://sso.unc.edu/idp/error.jsp" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">unc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sso.unc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 495, expires on Sat Feb 26 20:09:58 2011 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAe8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIyNTIwMDk1OFoXDTExMDIy
-NjIwMDk1OFowFjEUMBIGA1UEAxMLc3NvLnVuYy5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCu1p/809RspIbkBHMOAhfjOms1j6yhKSoqKMrQeX05
-Wh0acNGG5SYM5TIXlThOqxWY52m2HwnOEa0umRnLjEQgKK1lnRqOs2LQNo5iRLab
-B+pqpd4m1zgVkp1u1LRb0F/qE0TXE0l2DkJrNCGoIhamvNgBoxTwVcs9f2bKy8RD
-rPx/tyh5XYd8/X4nRw7bUXUXBFCF6GNTAhYpKGMdUHsbpfuXM+sVyXVZO0cxnGA7
-/AcWMp4BHNdilRX54uJ4ioAwECh4Dxw60VZeeENYjDW9JsARgoGuda0FLrrZfOex
-AMfZXGrvUDbko16TccPwZWiXyylbMuBuzo2sq+J6aK5tAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFPKCIKxtSzTD/XZx+QLN/i085COsMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC3Nzby51bmMuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQA3DbkUR0xEze5txCdposWIn+RBWLkpTq+hYK6EayBG76vynije
-VC8tXemkNTinFPcW/cuUulWsJgBtT55ajBkUP2L4/kH27WvvMUzW0nrLRdBppd7F
-YKFassxm8UU1jqmWUIAynubusA9dJ2Ws4/OSrdqSL904yGLKbK06sOjdo239FOHg
-QJk1vexQtA7TDBWatsFTJTVCLU+/AlAsP/DLu5IMU4CmerxdB/WiZ/rdkZftkIMJ
-4Np5f2XpRKMi8ON4d1zN8lNOfFtVbR4dOrLCkuFdJlPiyku4ZBZaWie7e0H6vGll
-G/XQk8xkLEawJyH2ctbDT/xkaichJRXE2eQO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://sso.unc.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">unc.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>sso.unc.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 495, expires on Sat Feb 26 20:09:58 2011 GMT -->
-          <ds:X509Certificate>
-MIIFhzCCBG+gAwIBAgICAe8wDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIyNTIwMDk1OFoXDTExMDIy
-NjIwMDk1OFowFjEUMBIGA1UEAxMLc3NvLnVuYy5lZHUwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCu1p/809RspIbkBHMOAhfjOms1j6yhKSoqKMrQeX05
-Wh0acNGG5SYM5TIXlThOqxWY52m2HwnOEa0umRnLjEQgKK1lnRqOs2LQNo5iRLab
-B+pqpd4m1zgVkp1u1LRb0F/qE0TXE0l2DkJrNCGoIhamvNgBoxTwVcs9f2bKy8RD
-rPx/tyh5XYd8/X4nRw7bUXUXBFCF6GNTAhYpKGMdUHsbpfuXM+sVyXVZO0cxnGA7
-/AcWMp4BHNdilRX54uJ4ioAwECh4Dxw60VZeeENYjDW9JsARgoGuda0FLrrZfOex
-AMfZXGrvUDbko16TccPwZWiXyylbMuBuzo2sq+J6aK5tAgMBAAGjggKdMIICmTAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwHQYDVR0OBBYEFPKCIKxtSzTD/XZx+QLN/i085COsMH4GA1Ud
-IwR3MHWAFJMtyGEYrWPjm2Wznd2Nk7rnymNFoVqkWDBWMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwgbIGCCsGAQUFBwEBBIGlMIGiME8G
-CCsGAQUFBzAChkNodHRwOi8vaW5jb21tb25jYTEuaW5jb21tb25mZWRlcmF0aW9u
-Lm9yZy9icmlkZ2UvY2VydHMvY2EtY2VydHMucDdiME8GCCsGAQUFBzAChkNodHRw
-Oi8vaW5jb21tb25jYTIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9icmlkZ2UvY2Vy
-dHMvY2EtY2VydHMucDdiMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6Ly9pbmNv
-bW1vbmNybDEuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDA/
-oD2gO4Y5aHR0cDovL2luY29tbW9uY3JsMi5pbmNvbW1vbmZlZGVyYXRpb24ub3Jn
-L2NybC9lZWNybHMuY3JsMF4GA1UdIARXMFUwUwYLKwYBBAGuIwEEAQEwRDBCBggr
-BgEFBQcCARY2aHR0cDovL2luY29tbW9uY2EuaW5jb21tb25mZWRlcmF0aW9uLm9y
-Zy9wcmFjdGljZXMucGRmMBYGA1UdEQQPMA2CC3Nzby51bmMuZWR1MA0GCSqGSIb3
-DQEBBQUAA4IBAQA3DbkUR0xEze5txCdposWIn+RBWLkpTq+hYK6EayBG76vynije
-VC8tXemkNTinFPcW/cuUulWsJgBtT55ajBkUP2L4/kH27WvvMUzW0nrLRdBppd7F
-YKFassxm8UU1jqmWUIAynubusA9dJ2Ws4/OSrdqSL904yGLKbK06sOjdo239FOHg
-QJk1vexQtA7TDBWatsFTJTVCLU+/AlAsP/DLu5IMU4CmerxdB/WiZ/rdkZftkIMJ
-4Np5f2XpRKMi8ON4d1zN8lNOfFtVbR4dOrLCkuFdJlPiyku4ZBZaWie7e0H6vGll
-G/XQk8xkLEawJyH2ctbDT/xkaichJRXE2eQO
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://sso.unc.edu:7443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of North Carolina at Chapel Hill</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of North Carolina at Chapel Hill</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.unc.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Karsten Huneycutt</GivenName>
-    <EmailAddress>kph@unc.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Northwestern Ohio -->
-<EntityDescriptor entityID="urn:mace:incommon:unoh.edu">
-  <IDPSSODescriptor errorURL="https://webauth.unoh.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">unoh.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.unoh.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 496, expires on Mon Feb 28 20:07:02 2011 GMT -->
-          <ds:X509Certificate>
-MIIFkTCCBHmgAwIBAgICAfAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIyNzIwMDcwMloXDTExMDIy
-ODIwMDcwMlowGzEZMBcGA1UEAxMQd2ViYXV0aC51bm9oLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMdN3P1mhuwTWEziQUNexDCNaZGGDcFhfT0b
-lhrDDgwmwDuh2EGk52opAZdOyH3pTYqXgPVcYRoY/hKpQQ84i9xumAwdR8ZJDIx1
-Ih0+L0e4j394siUGnqdTsFqxZmCwPF4Z0a0/azFxp2t4A3nvAa2E1LaCie/aBN/M
-4Bj6ARmfyJHUIWaoFkRG5oWHRMgY7EoKj/P85ZW1K4yRZjKQwbP/cLEcGw3m5imG
-pRX87QJefl+BCvDe0gJyubSr9gzAUtG5ZyennYziqiBl7l6P1yksxVvVdLOzMNyA
-vX6J/PiIFD7OTWvXBdxTZ9zlr2cQspfXCML+FlHX6KrVpGhSTOUCAwEAAaOCAqIw
-ggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUef6YQm61uuMRKMaVTWtAJNOANnIw
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUw
-gaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKG
-Q2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRn
-ZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBE
-MEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQd2ViYXV0aC51bm9oLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAWRhgFaHNZt8hkAUPUBQHim5nF58DSu9Xpub/
-8V4hnnKUurppdrIjZwBLnlyS5JdA2NpDZ4m2nIYpLdm+zZxbyN3Dywl30TgTp7nd
-DD9F1CkhRKR7O1oT4IdTlw/49cGxQGXa1nOAs11Amu5Z9IsKPZhQ62GX1u3xTaHG
-6CyHN3Y11bAfykNVJZBmmTj0q1sMqvwsWxnsEJ17IFTS/pjEMCKVfu21EE1Vv/sY
-qSO0u+cmWMSEWPX5FQRAzcWrbLHJlAImp3wjA8IM7i2yMy2P7U+ri9ONH4uJYeu7
-7EWE++2XBp6fWWiY2pYYxuclbdi1ipoqLPxhmH/RCSmmW0Z14g==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.unoh.edu:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.unoh.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">unoh.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>webauth.unoh.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 496, expires on Mon Feb 28 20:07:02 2011 GMT -->
-          <ds:X509Certificate>
-MIIFkTCCBHmgAwIBAgICAfAwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDIyNzIwMDcwMloXDTExMDIy
-ODIwMDcwMlowGzEZMBcGA1UEAxMQd2ViYXV0aC51bm9oLmVkdTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMdN3P1mhuwTWEziQUNexDCNaZGGDcFhfT0b
-lhrDDgwmwDuh2EGk52opAZdOyH3pTYqXgPVcYRoY/hKpQQ84i9xumAwdR8ZJDIx1
-Ih0+L0e4j394siUGnqdTsFqxZmCwPF4Z0a0/azFxp2t4A3nvAa2E1LaCie/aBN/M
-4Bj6ARmfyJHUIWaoFkRG5oWHRMgY7EoKj/P85ZW1K4yRZjKQwbP/cLEcGw3m5imG
-pRX87QJefl+BCvDe0gJyubSr9gzAUtG5ZyennYziqiBl7l6P1yksxVvVdLOzMNyA
-vX6J/PiIFD7OTWvXBdxTZ9zlr2cQspfXCML+FlHX6KrVpGhSTOUCAwEAAaOCAqIw
-ggKeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUef6YQm61uuMRKMaVTWtAJNOANnIw
-fgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYT
-AlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNv
-bW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYBBQUHAQEEgaUw
-gaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNvbW1vbmZlZGVy
-YXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYIKwYBBQUHMAKG
-Q2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2JyaWRn
-ZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDov
-L2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2NybC9lZWNybHMu
-Y3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9uZmVkZXJhdGlv
-bi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEEAa4jAQQBATBE
-MEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1vbmZlZGVyYXRp
-b24ub3JnL3ByYWN0aWNlcy5wZGYwGwYDVR0RBBQwEoIQd2ViYXV0aC51bm9oLmVk
-dTANBgkqhkiG9w0BAQUFAAOCAQEAWRhgFaHNZt8hkAUPUBQHim5nF58DSu9Xpub/
-8V4hnnKUurppdrIjZwBLnlyS5JdA2NpDZ4m2nIYpLdm+zZxbyN3Dywl30TgTp7nd
-DD9F1CkhRKR7O1oT4IdTlw/49cGxQGXa1nOAs11Amu5Z9IsKPZhQ62GX1u3xTaHG
-6CyHN3Y11bAfykNVJZBmmTj0q1sMqvwsWxnsEJ17IFTS/pjEMCKVfu21EE1Vv/sY
-qSO0u+cmWMSEWPX5FQRAzcWrbLHJlAImp3wjA8IM7i2yMy2P7U+ri9ONH4uJYeu7
-7EWE++2XBp6fWWiY2pYYxuclbdi1ipoqLPxhmH/RCSmmW0Z14g==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.unoh.edu:8443/idp/profile/SAML2/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Northwestern Ohio</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Northwestern Ohio</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://unoh.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>Jeremy Brinkman</GivenName>
-    <EmailAddress>jbrinkman@unoh.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-
-<!-- University of Vermont -->
-<EntityDescriptor entityID="urn:mace:incommon:uvm.edu">
-  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uvm.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.uvm.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 500, expires on Mon Mar 14 19:21:00 2011 GMT -->
-          <ds:X509Certificate>
-MIIFBzCCA++gAwIBAgICAfQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMxMzE5MjEwMFoXDTExMDMx
-NDE5MjEwMFowGDEWMBQGA1UEAxMNbG9naW4udXZtLmVkdTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAsjX6U+8dwzcs10r6RsoD6TiNqUNlE/aLJl4PZ6B41tGU
-/csNfSK62LLyLglHflpaRAKQQqM9Bs4WV4NI+RFnU6bRIxwSiQ9+XEAiA9IYY0ve
-8W9pgbGiNZ0k5bH6Y0RRKRQSEtvmLil+7/x1YV9mafx3gqDruQjD3BgKde9/K/EC
-AwEAAaOCAp8wggKbMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUMYZ2ClvWgMh5aou0
-ieTn+0e0X7YwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYB
-BQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYI
-KwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEE
-Aa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INbG9naW4u
-dXZtLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAO2zhQ5es23ej2+5TxICnSf4zEUFs
-Fh0Cz4d6viMkSPNQIoZZjCFzfZw0Z02M2zl8mn9MEDz+/eYSujx0Myp79mvn37I4
-KI2+I85TrJqNhdf607pDpgWJRvR5PFeoAnsSySxtH4yxMkoTwCrMQW0wcUSoE1be
-DKmaW+zJx+cZY3nflFoWYSh0D6xM2xcis/WGo1XeSX0u/MPeKz7zvmD9o6LmoHjM
-0K63/igH1JnB0mz9slQkd6RJHpJAaRkVM3viLomNTH27cPs3m5B98TA9PmJ1Q804
-J66gQ1C3t+Q8k7aNbyr0xNatn4qWWYOXARcbE0MEzgCnqHEIi6UauKIsNQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.uvm.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"></ArtifactResolutionService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-    <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://login.uvm.edu/idp/profile/Shibboleth/SSO"></SingleSignOnService>
-  </IDPSSODescriptor>
-  <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-    <Extensions>
-      <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uvm.edu</shibmd:Scope>
-    </Extensions>
-    <KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>login.uvm.edu</ds:KeyName>
-        <ds:X509Data>
-          <!-- Serial No. 500, expires on Mon Mar 14 19:21:00 2011 GMT -->
-          <ds:X509Certificate>
-MIIFBzCCA++gAwIBAgICAfQwDQYJKoZIhvcNAQEFBQAwVjELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0luQ29tbW9uIEZlZGVyYXRpb24xKTAnBgNVBAMTIEluQ29tbW9u
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDMxMzE5MjEwMFoXDTExMDMx
-NDE5MjEwMFowGDEWMBQGA1UEAxMNbG9naW4udXZtLmVkdTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAsjX6U+8dwzcs10r6RsoD6TiNqUNlE/aLJl4PZ6B41tGU
-/csNfSK62LLyLglHflpaRAKQQqM9Bs4WV4NI+RFnU6bRIxwSiQ9+XEAiA9IYY0ve
-8W9pgbGiNZ0k5bH6Y0RRKRQSEtvmLil+7/x1YV9mafx3gqDruQjD3BgKde9/K/EC
-AwEAAaOCAp8wggKbMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUMYZ2ClvWgMh5aou0
-ieTn+0e0X7YwfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYx
-CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYD
-VQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBsgYIKwYB
-BQUHAQEEgaUwgaIwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMS5pbmNv
-bW1vbmZlZGVyYXRpb24ub3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwTwYI
-KwYBBQUHMAKGQ2h0dHA6Ly9pbmNvbW1vbmNhMi5pbmNvbW1vbmZlZGVyYXRpb24u
-b3JnL2JyaWRnZS9jZXJ0cy9jYS1jZXJ0cy5wN2IwgY0GA1UdHwSBhTCBgjA/oD2g
-O4Y5aHR0cDovL2luY29tbW9uY3JsMS5pbmNvbW1vbmZlZGVyYXRpb24ub3JnL2Ny
-bC9lZWNybHMuY3JsMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwyLmluY29tbW9u
-ZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwXgYDVR0gBFcwVTBTBgsrBgEE
-Aa4jAQQBATBEMEIGCCsGAQUFBwIBFjZodHRwOi8vaW5jb21tb25jYS5pbmNvbW1v
-bmZlZGVyYXRpb24ub3JnL3ByYWN0aWNlcy5wZGYwGAYDVR0RBBEwD4INbG9naW4u
-dXZtLmVkdTANBgkqhkiG9w0BAQUFAAOCAQEAO2zhQ5es23ej2+5TxICnSf4zEUFs
-Fh0Cz4d6viMkSPNQIoZZjCFzfZw0Z02M2zl8mn9MEDz+/eYSujx0Myp79mvn37I4
-KI2+I85TrJqNhdf607pDpgWJRvR5PFeoAnsSySxtH4yxMkoTwCrMQW0wcUSoE1be
-DKmaW+zJx+cZY3nflFoWYSh0D6xM2xcis/WGo1XeSX0u/MPeKz7zvmD9o6LmoHjM
-0K63/igH1JnB0mz9slQkd6RJHpJAaRkVM3viLomNTH27cPs3m5B98TA9PmJ1Q804
-J66gQ1C3t+Q8k7aNbyr0xNatn4qWWYOXARcbE0MEzgCnqHEIi6UauKIsNQ==
-          </ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </KeyDescriptor>
-    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://login.uvm.edu:8443/idp/profile/SAML1/SOAP/AttributeQuery"></AttributeService>
-    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-  </AttributeAuthorityDescriptor>
-  <Organization>
-    <OrganizationName xml:lang="en">University of Vermont</OrganizationName>
-    <OrganizationDisplayName xml:lang="en">University of Vermont</OrganizationDisplayName>
-    <OrganizationURL xml:lang="en">http://www.uvm.edu/</OrganizationURL>
-  </Organization>
-  <ContactPerson contactType="technical">
-    <GivenName>SAA</GivenName>
-    <EmailAddress>saa@uvm.edu</EmailAddress>
-  </ContactPerson>
-</EntityDescriptor>
-</EntitiesDescriptor>
\ No newline at end of file
+<!-- To run tests, download from http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml -->
\ No newline at end of file

diff --git a/samltest/encryption/EncryptedAssertionTest.h b/samltest/encryption/EncryptedAssertionTest.h
index 33d701b..43eb34c 100644 (file)
--- a/samltest/encryption/EncryptedAssertionTest.h
+++ b/samltest/encryption/EncryptedAssertionTest.h
@@ -29,6 +29,7 @@
 #include <saml/saml2/metadata/MetadataCredentialContext.h>
 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
 #include <xmltooling/security/Credential.h>
+#include <xsec/dsig/DSIGConstants.hpp>
 
 using namespace opensaml::saml2md;
 using namespace opensaml::saml2;
@@ -125,8 +126,12 @@ public:
         vector< pair<const MetadataProvider*,MetadataCredentialCriteria*> > recipients(
             1, pair<const MetadataProvider*,MetadataCredentialCriteria*>(m_metadata, &mcc)
             );
+#ifdef XSEC_OPENSSL_HAVE_GCM
+        encrypted->encrypt(*assertion.get(), recipients, false, DSIGConstants::s_unicodeStrURIAES256_GCM);
+#else
         encrypted->encrypt(*assertion.get(), recipients);
-        
+#endif
+
         // Roundtrip it.
         string buf;
         XMLHelper::serialize(encrypted->marshall(), buf);

diff --git a/samltest/internal.h b/samltest/internal.h
index f1abd88..2389848 100644 (file)
--- a/samltest/internal.h
+++ b/samltest/internal.h
@@ -105,10 +105,9 @@ protected:
     }
 
     void assertEquals(DOMDocument* expectedDOM, XMLObject* xmlObject, bool canMarshall=true) {
-        assertEquals("Marshalled DOM was not the same as the expected DOM", expectedDOM, xmlObject, canMarshall);
-        // Test a clone operation before destroying the original.
         xmlObject->releaseThisAndChildrenDOM();
-        delete xmlObject->clone();
+        auto_ptr<XMLObject> cloned(xmlObject->clone());
+        assertEquals("Marshalled DOM was not the same as the expected DOM", expectedDOM, cloned.get(), canMarshall);
         delete xmlObject;
     }
 

diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h
index 7567297..b5946b8 100644 (file)
--- a/samltest/saml1/binding/SAML1ArtifactTest.h
+++ b/samltest/saml1/binding/SAML1ArtifactTest.h
@@ -45,7 +45,7 @@ public:
     void testSAML1Artifact() {
         try {
             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
+            SecurityPolicy policy(m_metadata.get(), &idprole, m_trust.get(), false);
             policy.getRules().assign(m_rules.begin(), m_rules.end());
 
             // Read message to use from file.
@@ -60,17 +60,17 @@ public:
 
             CredentialCriteria cc;
             cc.setUsage(Credential::SIGNING_CREDENTIAL);
-            Locker clocker(m_creds);
+            Locker clocker(m_creds.get());
             const Credential* cred = m_creds->resolve(&cc);
             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
 
             // Encode message.
-            auto_ptr<MessageEncoder> encoder(
+            boost::scoped_ptr<MessageEncoder> encoder(
                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
                     samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
-            Locker locker(m_metadata);
+            Locker locker(m_metadata.get());
             encoder->encode(
                 *this,
                 toSend.get(),
@@ -84,13 +84,13 @@ public:
             
             // Decode message.
             string relayState;
-            auto_ptr<MessageDecoder> decoder(
+            boost::scoped_ptr<MessageDecoder> decoder(
                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
                     samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
             decoder->setArtifactResolver(this);
-            auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
+            boost::scoped_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state");
@@ -133,7 +133,7 @@ public:
         TSM_ASSERT("Not an assertion.", assertion!=nullptr);
         auto_ptr<Response> response(ResponseBuilder::buildResponse());
         response->getAssertions().push_back(assertion);
-        Status* status = StatusBuilder::buildStatus();
+        saml1p::Status* status = StatusBuilder::buildStatus();
         response->setStatus(status);
         StatusCode* sc = StatusCodeBuilder::buildStatusCode();
         status->setStatusCode(sc);
@@ -142,7 +142,7 @@ public:
         vector<Signature*> sigs(1,response->getSignature());
         CredentialCriteria cc;
         cc.setUsage(Credential::SIGNING_CREDENTIAL);
-        Locker clocker(m_creds);
+        Locker clocker(m_creds.get());
         const Credential* cred = m_creds->resolve(&cc);
         TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
         response->marshall((DOMDocument*)nullptr,&sigs,cred);

diff --git a/samltest/saml1/binding/SAML1POSTTest.h b/samltest/saml1/binding/SAML1POSTTest.h
index ad87a35..87bad33 100644 (file)
--- a/samltest/saml1/binding/SAML1POSTTest.h
+++ b/samltest/saml1/binding/SAML1POSTTest.h
@@ -38,7 +38,7 @@ public:
     void testSAML1POST() {
         try {
             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
+            SecurityPolicy policy(m_metadata.get(), &idprole, m_trust.get(), false);
             policy.getRules().assign(m_rules.begin(), m_rules.end());
 
             // Read message to use from file.
@@ -53,7 +53,7 @@ public:
 
             CredentialCriteria cc;
             cc.setUsage(Credential::SIGNING_CREDENTIAL);
-            Locker clocker(m_creds);
+            Locker clocker(m_creds.get());
             const Credential* cred = m_creds->resolve(&cc);
             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
 
@@ -70,13 +70,13 @@ public:
             XercesJanitor<DOMDocument> janitor2(encoder_config);
             encoder_config->appendChild(encoder_config->createElementNS(nullptr,lit1.get()));
             encoder_config->getDocumentElement()->setAttributeNS(nullptr,lit2.get(),lit3.get());
-            auto_ptr<MessageEncoder> encoder(
+            boost::scoped_ptr<MessageEncoder> encoder(
                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
                     samlconstants::SAML1_PROFILE_BROWSER_POST, pair<const DOMElement*,const XMLCh*>(encoder_config->getDocumentElement(),nullptr)
                     )
                 );
 
-            Locker locker(m_metadata);
+            Locker locker(m_metadata.get());
             encoder->encode(
                 *this,
                 toSend.get(),
@@ -90,12 +90,12 @@ public:
             
             // Decode message.
             string relayState;
-            auto_ptr<MessageDecoder> decoder(
+            boost::scoped_ptr<MessageDecoder> decoder(
                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
                     samlconstants::SAML1_PROFILE_BROWSER_POST, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
-            auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
+            boost::scoped_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state");

diff --git a/samltest/saml2/binding/SAML2ArtifactTest.h b/samltest/saml2/binding/SAML2ArtifactTest.h
index 0996ce9..96f80e6 100644 (file)
--- a/samltest/saml2/binding/SAML2ArtifactTest.h
+++ b/samltest/saml2/binding/SAML2ArtifactTest.h
@@ -43,7 +43,7 @@ public:
     void testSAML2Artifact() {
         try {
             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
+            SecurityPolicy policy(m_metadata.get(), &idprole, m_trust.get(), false);
             policy.getRules().assign(m_rules.begin(), m_rules.end());
 
             // Read message to use from file.
@@ -58,7 +58,7 @@ public:
 
             CredentialCriteria cc;
             cc.setUsage(Credential::SIGNING_CREDENTIAL);
-            Locker clocker(m_creds);
+            Locker clocker(m_creds.get());
             const Credential* cred = m_creds->resolve(&cc);
             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
 
@@ -66,12 +66,12 @@ public:
             toSend->setIssueInstant(time(nullptr));
 
             // Encode message.
-            auto_ptr<MessageEncoder> encoder(
+            boost::scoped_ptr<MessageEncoder> encoder(
                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_ARTIFACT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
-            Locker locker(m_metadata);
+            Locker locker(m_metadata.get());
             encoder->encode(
                 *this,
                 toSend.get(),
@@ -85,13 +85,13 @@ public:
             
             // Decode message.
             string relayState;
-            auto_ptr<MessageDecoder> decoder(
+            boost::scoped_ptr<MessageDecoder> decoder(
                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_ARTIFACT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
             decoder->setArtifactResolver(this);
-            auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
+            boost::scoped_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
@@ -142,7 +142,7 @@ public:
 
         auto_ptr<ArtifactResponse> response(ArtifactResponseBuilder::buildArtifactResponse());
         response->setPayload(payload);
-        Status* status = StatusBuilder::buildStatus();
+        saml2p::Status* status = StatusBuilder::buildStatus();
         response->setStatus(status);
         StatusCode* sc = StatusCodeBuilder::buildStatusCode();
         status->setStatusCode(sc);

diff --git a/samltest/saml2/binding/SAML2POSTTest.h b/samltest/saml2/binding/SAML2POSTTest.h
index 24d7bc5..87c9a75 100644 (file)
--- a/samltest/saml2/binding/SAML2POSTTest.h
+++ b/samltest/saml2/binding/SAML2POSTTest.h
@@ -38,7 +38,7 @@ public:
     void testSAML2POST() {
         try {
             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
+            SecurityPolicy policy(m_metadata.get(), &idprole, m_trust.get(), false);
             policy.getRules().assign(m_rules.begin(), m_rules.end());
 
             // Read message to use from file.
@@ -53,7 +53,7 @@ public:
 
             CredentialCriteria cc;
             cc.setUsage(Credential::SIGNING_CREDENTIAL);
-            Locker clocker(m_creds);
+            Locker clocker(m_creds.get());
             const Credential* cred = m_creds->resolve(&cc);
             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
 
@@ -70,12 +70,12 @@ public:
             XercesJanitor<DOMDocument> janitor2(encoder_config);
             encoder_config->appendChild(encoder_config->createElementNS(nullptr,lit1.get()));
             encoder_config->getDocumentElement()->setAttributeNS(nullptr,lit2.get(),lit3.get());
-            auto_ptr<MessageEncoder> encoder(
+            boost::scoped_ptr<MessageEncoder> encoder(
                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_POST, pair<const DOMElement*,const XMLCh*>(encoder_config->getDocumentElement(), nullptr)
                     )
                 );
-            Locker locker(m_metadata);
+            Locker locker(m_metadata.get());
             encoder->encode(
                 *this,
                 toSend.get(),
@@ -89,12 +89,12 @@ public:
             
             // Decode message.
             string relayState;
-            auto_ptr<MessageDecoder> decoder(
+            boost::scoped_ptr<MessageDecoder> decoder(
                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_POST, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
-            auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
+            boost::scoped_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
@@ -117,7 +117,7 @@ public:
     void testSAML2POSTSimpleSign() {
         try {
             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
+            SecurityPolicy policy(m_metadata.get(), &idprole, m_trust.get(), false);
             policy.getRules().assign(m_rules.begin(), m_rules.end());
 
             // Read message to use from file.
@@ -132,7 +132,7 @@ public:
 
             CredentialCriteria cc;
             cc.setUsage(Credential::SIGNING_CREDENTIAL);
-            Locker clocker(m_creds);
+            Locker clocker(m_creds.get());
             const Credential* cred = m_creds->resolve(&cc);
             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
 
@@ -149,12 +149,12 @@ public:
             XercesJanitor<DOMDocument> janitor2(encoder_config);
             encoder_config->appendChild(encoder_config->createElementNS(nullptr,lit1.get()));
             encoder_config->getDocumentElement()->setAttributeNS(nullptr,lit2.get(),lit3.get());
-            auto_ptr<MessageEncoder> encoder(
+            boost::scoped_ptr<MessageEncoder> encoder(
                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, pair<const DOMElement*,const XMLCh*>(encoder_config->getDocumentElement(),nullptr)
                     )
                 );
-            Locker locker(m_metadata);
+            Locker locker(m_metadata.get());
             encoder->encode(
                 *this,
                 toSend.get(),
@@ -168,12 +168,12 @@ public:
             
             // Decode message.
             string relayState;
-            auto_ptr<MessageDecoder> decoder(
+            boost::scoped_ptr<MessageDecoder> decoder(
                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
-            auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
+            boost::scoped_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");

diff --git a/samltest/saml2/binding/SAML2RedirectTest.h b/samltest/saml2/binding/SAML2RedirectTest.h
index f495978..bbbb8da 100644 (file)
--- a/samltest/saml2/binding/SAML2RedirectTest.h
+++ b/samltest/saml2/binding/SAML2RedirectTest.h
@@ -38,7 +38,7 @@ public:
     void testSAML2Redirect() {
         try {
             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
+            SecurityPolicy policy(m_metadata.get(), &idprole, m_trust.get(), false);
             policy.getRules().assign(m_rules.begin(), m_rules.end());
 
             // Read message to use from file.
@@ -53,7 +53,7 @@ public:
 
             CredentialCriteria cc;
             cc.setUsage(Credential::SIGNING_CREDENTIAL);
-            Locker clocker(m_creds);
+            Locker clocker(m_creds.get());
             const Credential* cred = m_creds->resolve(&cc);
             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
 
@@ -62,12 +62,12 @@ public:
             toSend->setID(nullptr);
     
             // Encode message.
-            auto_ptr<MessageEncoder> encoder(
+            boost::scoped_ptr<MessageEncoder> encoder(
                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_REDIRECT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
-            Locker locker(m_metadata);
+            Locker locker(m_metadata.get());
             encoder->encode(
                 *this,
                 toSend.get(),
@@ -81,12 +81,12 @@ public:
             
             // Decode message.
             string relayState;
-            auto_ptr<MessageDecoder> decoder(
+            boost::scoped_ptr<MessageDecoder> decoder(
                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
                     samlconstants::SAML20_BINDING_HTTP_REDIRECT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
                     )
                 );
-            auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
+            boost::scoped_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");

diff --git a/samltest/saml2/metadata/XMLMetadataProviderTest.h b/samltest/saml2/metadata/XMLMetadataProviderTest.h
index d180971..a666732 100644 (file)
--- a/samltest/saml2/metadata/XMLMetadataProviderTest.h
+++ b/samltest/saml2/metadata/XMLMetadataProviderTest.h
@@ -38,7 +38,7 @@ class XMLMetadataProviderTest : public CxxTest::TestSuite, public SAMLObjectBase
 public:
     void setUp() {
         entityID=XMLString::transcode("urn:mace:incommon:washington.edu");
-        entityID2=XMLString::transcode("urn:mace:incommon:rochester.edu");
+        entityID2=XMLString::transcode("urn:mace:incommon:psu.edu");
         supportedProtocol=XMLString::transcode("urn:oasis:names:tc:SAML:1.1:protocol");
         supportedProtocol2=XMLString::transcode("urn:mace:shibboleth:1.0");
         SAMLObjectBaseTestCase::setUp();

diff --git a/samltest/samltest.vcxproj b/samltest/samltest.vcxproj
index 8784bdb..690f6dc 100644 (file)
--- a/samltest/samltest.vcxproj
+++ b/samltest/samltest.vcxproj
@@ -22,7 +22,7 @@
     <ProjectGuid>{8BBB3B12-DBA1-4533-9C36-2CA95F1F1659}</ProjectGuid>\r
     <RootNamespace>samltest</RootNamespace>\r
     <Keyword>Win32Proj</Keyword>\r
-    <CxxTestRoot>..\..\..\..\cxxtest\</CxxTestRoot>\r
+    <CxxTestRoot>..\..\..\cxxtest\</CxxTestRoot>\r
   </PropertyGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">\r
@@ -1510,4 +1510,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
   <ImportGroup Label="ExtensionTargets">\r
   </ImportGroup>\r
-</Project>
\ No newline at end of file
+</Project>\r

diff --git a/schemas/Makefile.am b/schemas/Makefile.am
index 072b0bc..f860967 100644 (file)
--- a/schemas/Makefile.am
+++ b/schemas/Makefile.am
@@ -50,7 +50,8 @@ schemafiles = \
        sstc-saml-metadata-ui-v1.0.xsd \
        sstc-saml-idp-discovery.xsd \
        sstc-request-initiation.xsd \
-       sstc-saml-protocol-ext-thirdparty.xsd
+       sstc-saml-protocol-ext-thirdparty.xsd \
+       saml-async-slo-v1.0.xsd
 
 pkgxml_DATA = \
        saml20-catalog.xml \

diff --git a/schemas/saml-async-slo-v1.0.xsd b/schemas/saml-async-slo-v1.0.xsd
new file mode 100644 (file)
index 0000000..2a64b89
--- /dev/null
+++ b/schemas/saml-async-slo-v1.0.xsd
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<schema xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo" 
+        xmlns="http://www.w3.org/2001/XMLSchema"  
+        targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"
+        elementFormDefault="qualified">
+    
+    <element name="Asynchronous" type="aslo:AsynchronousType" />
+    <complexType name="AsynchronousType" />
+
+    <attribute name="supportsAsynchronous" type="boolean"/>
+    
+</schema>

diff --git a/schemas/saml20-catalog.xml.in b/schemas/saml20-catalog.xml.in
index b5ef6d3..e480f57 100644 (file)
--- a/schemas/saml20-catalog.xml.in
+++ b/schemas/saml20-catalog.xml.in
@@ -18,4 +18,5 @@
     <system systemId="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" uri="@-PKGXMLDIR-@/sstc-saml-idp-discovery.xsd"/>
     <system systemId="urn:oasis:names:tc:SAML:profiles:SSO:request-init" uri="@-PKGXMLDIR-@/sstc-request-initiation.xsd"/>
     <system systemId="urn:oasis:names:tc:SAML:protocol:ext:third-party" uri="@-PKGXMLDIR-@/sstc-saml-protocol-ext-thirdparty.xsd"/>
+    <system systemId="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo" uri="@-PKGXMLDIR-@/saml-async-slo-v1.0.xsd"/>
 </catalog>