<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="https://idp.cta-observatory.org/idp/shibboleth" 
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" 
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" 
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

        <md:Extensions>
            <shibmd:Scope regexp="false">cta-observatory.org</shibmd:Scope>
            <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
                <mdui:DisplayName xml:lang="en">CTAO ERIC</mdui:DisplayName>
                <mdui:Description xml:lang="en">Identity Provider of CTAO ERIC</mdui:Description>
            </mdui:UIInfo>
        </md:Extensions>

        <md:KeyDescriptor use="signing">
            <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>

MIIERzCCAq+gAwIBAgIUUa0YeuvjE5uDJ5J8mmJKE+myWHUwDQYJKoZIhvcNAQEL
BQAwIjEgMB4GA1UEAwwXaWRwLmN0YS1vYnNlcnZhdG9yeS5vcmcwHhcNMjUwNTIy
MDgwODQwWhcNNDUwNTIyMDgwODQwWjAiMSAwHgYDVQQDDBdpZHAuY3RhLW9ic2Vy
dmF0b3J5Lm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJIskBmz
VVkEZSVjJYj7NXPT3FrCEQ7gxwe7ToLDbwWAplCCky/Dvoq5gXlBb9DFzyyRJrkl
qund7u9JgcuGxiw49+9IpONwMxjdg0dTwXRDaIw3MwNkllBKtp8YFPgvbjfQBFzp
MHahs+d12H/tW3VdcYbC85TOCMNJlyhXEOTu60Xz3cN3k7IzDnAC653mB7llyIxc
zr8WmaxobisFPdycT8eJtEUK/Sdvm2vpQA8PiHA918HGVfyRUAosEXSFiEUX/Zs4
4NzcAA8vq7dvfzIXFSHdqQ3utU0ZnlVBhENTLe7qcf1aZf9zfNWKx4WeJKan1t/6
UMEZuIahRD30+HgqmzptCOCsIOioP05ez79uu3HzKE5oGvjJbz/DCx79+97rXf5v
TClJUFmyYC9Z/WW54zQkl8btBJK9ROykJ80Fx2QgatoNslnqErdaQJoZ85tizz2E
fTlccRr69bAWcSxJ6IHArTJL5i5Ko52U3D8fcZ8q3Pt+0Hrd5eXuJezlYwIDAQAB
o3UwczAdBgNVHQ4EFgQUBfS3oMqbHgKtPw9jBXG2eMZz63kwUgYDVR0RBEswSYIX
aWRwLmN0YS1vYnNlcnZhdG9yeS5vcmeGLmh0dHBzOi8vaWRwLmN0YS1vYnNlcnZh
dG9yeS5vcmcvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggGBAIaNVQ19
Zf80UTBM8NsAsYJ+/zUiQO+BO/fddcF4SqQ39ahlaBg1IqhLjq1RUW/NgYAzarD9
UW3kyC2Nt98Yaq8LiBgtrAD8wZU4qcxh+3Za3rC8FWkqWrChGL+i9o2QAQvPEpH6
xDmJkN3RUyFMKiqZKqjY12BqRAjFKcPEJTxOwVRamdQveaSv+O2Z1Zo85vJneKux
pTF35ZFC4VATdOGkAFB7Pf5O1R/zPLi29EkH45Zs64RgOrQhh5ziNTXSan5uzTka
qj2kIpa1p07epwsxz/1JJRF3vRqSUAydTTx7FPf7QV6FswMm7oRTbvRxw1/mQF1O
dIatGFn24Kkbwg8VJwUll3XMe1U31eY2/6uKgFI+IbQkrbStYJ2X8AIQq/+ngHS4
iajcviquQEXc8QhEc2KFuejx9TzMzRTv2ZYvTB1NvxF1IHboasIXbYlvshKED65t
1eB38kRkdDzsYFruMS7apNVYECYSVqaGcQNrbMzvZynsSL8Ah6hd7ZYZSQ==

                        </ds:X509Certificate>
                    </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>

        <md:KeyDescriptor use="signing">
            <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>

MIIESDCCArCgAwIBAgIVAOTQtITvAqCjVZyOTNRt9PRylasLMA0GCSqGSIb3DQEB
CwUAMCIxIDAeBgNVBAMMF2lkcC5jdGEtb2JzZXJ2YXRvcnkub3JnMB4XDTI1MDUy
MjA4MDgzNloXDTQ1MDUyMjA4MDgzNlowIjEgMB4GA1UEAwwXaWRwLmN0YS1vYnNl
cnZhdG9yeS5vcmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCgqdQH
sfoWNQ4kH0YqHtmWCkV5JxV2qh2OhMbeSRVO52Rrn8FXr/jrED1k5NrEY1p7JfBH
KS0DR/dDgK6JOOfXl1mjejXWj3k18t13vwO15/aXMLYYroI74C/E7IS5uTQnvHBe
LdCaDHKLtQFR9bNLTaa7xO9W7/K8RG2SWQeWSCqt8//d4KpHzxqMw2xc0GNS7V53
EeJ3+ihH2SyA2gYFUwC2jgyXNst20f0qTc23Gn2Ln7pTQH4ORgFzgHKSmLBQQBru
bCDiLliyK0k56MxW3iRlMDZI8khowZ6BaUvCQQn5zuXcntRRWy/aAzOLIUTq+PYL
+YDo2ZCVAp+gT4pMVf/OxuAI+cDKOu0QeL4qsqhu4aVmXE8/vsx395autfPonLSO
kS+dRvxMhRrMWYQBPm8UHBXR1Ccbx7uFPqGiHHuXKzC7G0aIttWOgTWCiSi6AMXQ
l3Rcr+SVHWzpAdCuXncQwFs4jQXF266sWyCj9Q6S/SQuKh08BpOFgsl3+GkCAwEA
AaN1MHMwHQYDVR0OBBYEFLi31/x2LNwNm2laX15eRXv6lmtDMFIGA1UdEQRLMEmC
F2lkcC5jdGEtb2JzZXJ2YXRvcnkub3Jnhi5odHRwczovL2lkcC5jdGEtb2JzZXJ2
YXRvcnkub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBgQAxlRPh
yihfu4HQp+yrrSZEQzpcufSbDtfamaWsYXEYlm3+NaUdUWa6Foj3L8+YKmGNktxo
yvSlwJE9YPLVHpPvKJnSndil/BLMjtY75spEyLtFiuTfJUO7qWI4B+/XBF++t498
ktGDY097fHcmrJnOCmj0B8HL8rUxqHEoFmspBwCrPND091k5e23PdxX3ZbXx9trb
5n+2qt0QkBZG+NifYLy0/xfQAh+4gfuRgYEOPqt8iC9vYYIcN3blYPmpixtxBNxi
Tcfwixz99r2i70WZXGZuKAl/mdcKeJXFnYfjcabztRwpfxPSkiEJALjMeOMIBjkQ
W0wFevzVBHL+1N0Jykgh63Iic4CZ+j7C5U4Cn4cr2v3KCfzXwyNU+Wf7+ZaZjZl4
5BVkw/9fMnxteiF/F8Kff16vZdeFYKxLIlBJ49vSsm5KRdO9ucalao+bjOK7b40l
kKLy7NXhA6Y8Mxlu/LkvjoNCsWZv8jCS3YBkJAJ9DB009Cu2HPSMj9R0lys=

                        </ds:X509Certificate>
                    </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>

        <md:KeyDescriptor use="encryption">
            <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>

MIIESDCCArCgAwIBAgIVAIxgqUtxTBRek+PoT1yS5bVPMQEXMA0GCSqGSIb3DQEB
CwUAMCIxIDAeBgNVBAMMF2lkcC5jdGEtb2JzZXJ2YXRvcnkub3JnMB4XDTI1MDUy
MjA4MDgzOVoXDTQ1MDUyMjA4MDgzOVowIjEgMB4GA1UEAwwXaWRwLmN0YS1vYnNl
cnZhdG9yeS5vcmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDEgzHn
LiwTjm6T6s28p9Hz/L/NOSKPK45TsMQklQOYVCE5HlqhMrZQH1qPuvZs6/GujhTb
vOyWpnZGNPeChDn2wNk8dRYBTVfb3+8qAiq0t+nm+3Cm/s3l5pWNIe9BQ3He1b20
jUG3oYWmzsRq0ZDOGRmoj2p3xVnBFJFPtYhdLZOKgJI8qbSyc+ZaHPP04lPcQz26
rrF5Qho0sBOYxwFr0GCtCD9pXxisvnWBHAAqZaiPC6FrFBDxeb9XHIigBakx09cF
VjStup+H0gtCBO4ZfG6u1FPZcEHsPB6b1YFmbU2Vhz4V2UjR8u6uaABSinl2DY1u
dYVB+5EVEWdisb0PrciZhLRYwquyEE7EhSCfLgn9Eyb1cKO90P8QT+fNjrEn1FhY
PXwNOThrnEcce7LrW/KtE0zqKz0XoHg58I9CYgNBy5ZArmMacPY2szd3mgd7Kg8g
EGsUuWxlXAn0Frxs29Ga9KrA4OyZM9Lk/QUXB+bV4CgEWNCSOIyc4Rr9GPcCAwEA
AaN1MHMwHQYDVR0OBBYEFGGJzulLrQaSNc41x+NJSx7+rnpzMFIGA1UdEQRLMEmC
F2lkcC5jdGEtb2JzZXJ2YXRvcnkub3Jnhi5odHRwczovL2lkcC5jdGEtb2JzZXJ2
YXRvcnkub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBgQAdcHJG
NM9jfW6Ylr6ecEZUa3qMh9Kj5iEI4vvnrpZbqTKCrESRfDQ9AJmwVABaneCrZoMN
9tt0EdP4j8niZWRX9dEShBWXf8K0WSE4SJaQyurtKDz6MVmCfyB3R2PPvAX0Q1cn
jSpDdfgcbRAXCgQr/8bytOMwbTpNz9LK+bRznF65ReoueNcfpyQPMxWoCp11isiG
Xegp6IvM+11UwlXYs6e5TxFj2ueUTqvAVgp7ksvJN9ujlYhh1rJUZYb7VJgOq8cm
qJxaN/XGc3F9hNS1ZH2Whundg8PRk2PvHM/4dy8n7+AGq+1W9enPBK7qWIErISAk
DBWFTChLcX7ZoT787m3WemmQvkeixaRgi1BfYoN58wStxDCztOoqPl45jYRoUTNa
eSg9XM9OvxWDiXOCUsoNmlxDgn8XcKXAZouEfR8Jx36KhpsZheHtH/wO1988XBfi
hs1+i0pjmafrkpCI2tfcD4dH/QOP2rFOiZTUMf7prZV9QV/dx8uLF11UqHs=

                        </ds:X509Certificate>
                    </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>

        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.cta-observatory.org/idp/profile/SAML2/SOAP/SLO"/>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.cta-observatory.org/idp/profile/SAML2/Redirect/SLO"/>

        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>

        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.cta-observatory.org/idp/profile/SAML2/POST/SSO"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.cta-observatory.org/idp/profile/SAML2/POST-SimpleSign/SSO"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.cta-observatory.org/idp/profile/SAML2/Redirect/SSO"/>
    </md:IDPSSODescriptor>
    <md:Organization>
        <md:OrganizationName xml:lang="en">CTAO ERIC</md:OrganizationName>
        <md:OrganizationDisplayName xml:lang="en">CTAO ERIC</md:OrganizationDisplayName>
        <md:OrganizationURL xml:lang="en">https://www.ctao.org</md:OrganizationURL>
    </md:Organization>
    <md:ContactPerson contactType="technical">
        <md:EmailAddress>mailto:sso-support@cta-observatory.org</md:EmailAddress>
    </md:ContactPerson>
</md:EntityDescriptor>