Sunday, May 11, 2014

OAM 11g R2 PS2 (11.1.2.2.0) Federation Setup

In this post I will cover the federation setup with in the oracle access manager latest version

Beginning with the 11g Release 2 (11.1.2), the Oracle Access Management Access Manager server (OAM Server) has been integrated with an Oracle Access Management Identity Federation server. All configuration for the Identity Federation server is performed using the Oracle Access Management Console.


Benefits of using the new Identity Federation 11g Release 2 (11.1.2.2) server integrated with Access Manager include:
  • Eliminating the need to install and maintain separate servers.
  • Simplifying post-install configuration of the federation features, particularly when accessing those features through the Oracle Access Management Console.
  • Improving the scalability of the two services working together.
  • Providing enhanced diagnostics and troubleshooting.

Enable Identity Federation within the Available Services.















Go to Configuration->Federation Settings

Click Export SAML 2.0 Metadata









Go to Service Provider Administration -> Click Create Identity Provider Partner

Create a IdP with the exported metadata file.





Click "Create Authentication Scheme and Module" 
This will create Authentication Scheme configured to be used with above IdP.


Similarly Go to Identity Provider Administration -> Click Create Service Provider Partner -> 





Referral Auth Scheme




























Referral Auth Module





Use the Authentication Scheme in the Authentication Policy of the Application Domain.

Go to App Domain -> Domain Name -> Authentication Policies -> Protected Resource Policy -> Change Authentication Scheme -> IdP1FederationScheme





Now we are ready to test

Access the protected resource



you will be redirected to identity provider SAML credential collector page





SAML GET Request




After Successful Login






SAML POST Response






Referral IdP and SP "https___Deepak-PC.mydomain.com_14101_oam_fed.xml" File :- 
It contains metadata for both IdP and SP


<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:enc="http://www.w3.org/2001/04/xmlenc#" xmlns:ns7="urn:oasis:names:tc:SAML:profiles:v1metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-0G95cJmk6LYZcGQEqYuHtrUHzJkKkXQCRCfamW-3" cacheDuration="P30DT0H0M0S" entityID="https://Deepak-PC.mydomain.com:14101/oam/fed" validUntil="2014-06-03T17:32:57Z">
   <dsig:Signature>
      <dsig:SignedInfo>
         <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
         <dsig:Reference URI="#id-0G95cJmk6LYZcGQEqYuHtrUHzJkKkXQCRCfamW-3">
            <dsig:Transforms>
               <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
               <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </dsig:Transforms>
            <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <dsig:DigestValue>xLWmnQkPI7hMhUFE784zWsj3Bo0=</dsig:DigestValue>
         </dsig:Reference>
      </dsig:SignedInfo>
      <dsig:SignatureValue>bKOcap2cBPpRAQs8YuBF0q4VTHgiXWZQP3ZOgACVc7eqxjOg08dHSAXSp1hrLuHUoCkmDRAJOi09uorb+YNvdtqAWUV+WUcjfm0Ge6jJaqJIrf6ADmzKY01ueGVelN2qS7SSviyug3uPmiDENYdCDIvM1UbPloaDpVPEiiq+O3g=</dsig:SignatureValue>
      <dsig:KeyInfo>
         <dsig:X509Data>
            <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
         </dsig:X509Data>
      </dsig:KeyInfo>
   </dsig:Signature>
   <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor use="signing">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
      </md:KeyDescriptor>
      <md:KeyDescriptor use="encryption">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      </md:KeyDescriptor>
      <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/soap" index="1" isDefault="true" />
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/soap" />
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />
   </md:IDPSSODescriptor>
   <md:AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor use="signing">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
      </md:KeyDescriptor>
      <md:KeyDescriptor use="encryption">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      </md:KeyDescriptor>
      <md:AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://Deepak-PC.mydomain.com:14101/oamfed/aa/soap" />
      <md:AttributeProfile>urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic</md:AttributeProfile>
   </md:AttributeAuthorityDescriptor>
   <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor use="signing">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
      </md:KeyDescriptor>
      <md:KeyDescriptor use="encryption">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      </md:KeyDescriptor>
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" />
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" />
      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://Deepak-PC.mydomain.com:14101/oam/server/fed/sp/sso" index="0" isDefault="true" />
      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oam/server/fed/sp/sso" index="1" />
   </md:SPSSODescriptor>
   <md:RoleDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor use="signing">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
      </md:KeyDescriptor>
      <md:KeyDescriptor use="encryption">
         <dsig:KeyInfo>
            <dsig:X509Data>
               <dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>
               <dsig:X509IssuerSerial>
                  <dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>
                  <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
               </dsig:X509IssuerSerial>
               <dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>
            </dsig:X509Data>
         </dsig:KeyInfo>
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      </md:KeyDescriptor>
   </md:RoleDescriptor>
</md:EntityDescriptor>