diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..60138693
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+# By default, ignore everything
+*
+# Add exception for the directories you actually want to include in the context
+!example
+!requirements.txt
+!oids.conf
+!build_spid_certs.sh
diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 8007ebe8..132636bb 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -72,11 +72,10 @@ jobs:
cd example
spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml
spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
- # TODO - PR WiP for CIE id integration
- # - name: spid-sp-test CIE id metadata
- # run: |
- # cd example
- # spid_sp_test --profile cie-sp-public --metadata-url https://localhost:10000/cieSaml2/metadata
+ - name: spid-sp-test CIE id metadata
+ run: |
+ cd example
+ spid_sp_test --profile cie-sp-public --metadata-url https://localhost:10000/cieSaml2/metadata
- name: spid-sp-test eIDAS FiCEP metadata
run: |
cd example
diff --git a/Dockerfile b/Dockerfile
index 00917a97..2cecd2f1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,19 +1,6 @@
-FROM alpine:3.12.3
-MAINTAINER Giuseppe De Marco
-
-RUN apk update
-RUN apk add xmlsec libffi-dev libressl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash
+FROM alpine:3.13.5
ENV BASEDIR="/satosa_proxy"
-COPY example/ $BASEDIR/
-COPY requirements.txt $BASEDIR/
-
-# demo certificates
-RUN mkdir $BASEDIR/pki/
-COPY oids.conf $BASEDIR/pki/
-COPY build_spid_certs.sh $BASEDIR/pki/
-WORKDIR $BASEDIR/pki/
-RUN chmod 755 $BASEDIR/pki/build_spid_certs.sh
ENV COMMON_NAME="SPID example proxy"
ENV LOCALITY_NAME="Roma"
@@ -24,24 +11,51 @@ ENV SPID_SECTOR="public"
ENV URI="https://spid.proxy.example.org"
ENV DAYS="7300"
-RUN $BASEDIR/pki/build_spid_certs.sh
+ENV SATOSA_DISCO_SRV="https://localhost:9999/disco.html"
-WORKDIR $BASEDIR/
-RUN pip3 install -r requirements.txt --ignore-installed
+RUN apk add --update --no-cache tzdata \
+ && cp /usr/share/zoneinfo/Europe/Rome /etc/localtime \
+ && echo "Europe/Rome" > /etc/timezone \
+ && apk del tzdata
-# Metadata
-RUN mkdir -p metadata/idp
-RUN mkdir -p metadata/sp
+COPY example/ $BASEDIR/
+COPY requirements.txt $BASEDIR/
+COPY oids.conf $BASEDIR/pki/
+COPY build_spid_certs.sh $BASEDIR/pki/
-# COPY Metadata
-ARG SP_METADATA_URL
-ARG IDP_METADATA_URL
-RUN wget $SP_METADATA_URL -O metadata/sp/my-sp.xml --no-check-certificate
-RUN wget $IDP_METADATA_URL -O metadata/idp/my-idp.xml --no-check-certificate
-RUN wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml
+RUN apk add --update xmlsec libffi-dev libressl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash jq \
+&& cd $BASEDIR/pki/ \
+&& chmod 755 $BASEDIR/pki/build_spid_certs.sh \
+&& $BASEDIR/pki/build_spid_certs.sh \
+&& cd $BASEDIR/ \
+&& pip3 install --upgrade pip \
+&& pip3 install yq \
+&& pip3 install -r requirements.txt --ignore-installed \
+&& wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml \
+&& adduser --disabled-password wert \
+&& chown -R wert . \
+&& chmod +x run.sh
+
+USER wert
-RUN adduser --disabled-password wert
-RUN chown -R wert .
+WORKDIR $BASEDIR/
-COPY demo-run.sh .
-CMD bash demo-run.sh
+CMD bash run.sh
+
+# Metadata params
+ARG BUILD_DATE
+ARG VERSION
+ARG VCS_URL="https://github.com/italia/Satosa-Saml2Spid.git"
+ARG VCS_REF
+ARG AUTHORS
+ARG VENDOR
+
+# Metadata : https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.authors=$AUTHORS \
+ org.opencontainers.image.vendor=$VENDOR \
+ org.opencontainers.image.title="Satosa-Saml2Spid" \
+ org.opencontainers.image.created=$BUILD_DATE \
+ org.opencontainers.image.version=$VERSION \
+ org.opencontainers.image.source=$VCS_URL \
+ org.opencontainers.image.revision=$VCS_REF \
+ org.opencontainers.image.description="Docker Image di Satosa-Saml2Spid."
diff --git a/README.md b/README.md
index eb1bd4d2..13a2854a 100644
--- a/README.md
+++ b/README.md
@@ -4,16 +4,17 @@ This is a SAML2/OIDC configuration for [SATOSA](https://github.com/IdentityPytho
that aims to setup a **SAML-to-SAML Proxy** and **OIDC-to-SAML** compatible with the **SPID - the Italian Digital Identity System**.
## Table of Contents
+
1. [Goal](#goal)
2. [Demo components](#demo-components)
-3. [Docker stack](#docker-compose)
-4. [Setup](#setup)
-5. [OIDC Frontend](#oidc)
-6. [Configure the Proxy](#configure-the-proxy)
+3. [Docker image](#docker-image)
+4. [docker-compose](#doker-compose)
+5. [MongoDB](./README.mongo.md)
+6. [Setup](#setup)
7. [Start the Proxy](#start-the-proxy)
-6. [Additional technical informations](#additional-technical-informations-for-developers)
-7. [Author](#author)
-8. [Credits](#credits)
+8. [Additional technical informations](#additional-technical-informations)
+9. [Author](#author)
+10. [Credits](#credits)
## General features
@@ -43,28 +44,26 @@ limitations, traditionally could not interact each other.
- **TargetRouting**, a SATOSA microservice for selecting the output backend to reach the endpoint (IdP) selected by the user
- **Discovery Service**, interface that allows users to select the authentication endpoint
-
## Demo components
The example project comes with the following demo pages, served
with the help of an additional webserver dedicated for static contents:
-
###### Discovery Service page
-![disco](gallery/disco.png)
+![disco](gallery/disco.png)
###### Generic error page
-![err_gen](gallery/error_page.png)
+![err_gen](gallery/error_page.png)
###### Saml2 Signature Error page
-![err1](gallery/error1.png)
+![err1](gallery/error1.png)
###### AgID SPID test #104
-![err2](gallery/error2.png)
+![err2](gallery/error2.png)
You can find these demo pages in `example/static` and edit at your taste.
To get redirection to these pages, or redirection to third-party services, consider the following configuration files:
@@ -74,42 +73,100 @@ To get redirection to these pages, or redirection to third-party services, consi
Remember to edit and customize all the values like `"CHANGE_ME!"` in the configuration files, in `proxy_conf.yaml` and in plugins configurations.
+## Docker image
+
+![Docker image design](gallery/docker-design.svg)
+
+the official Satosa-Saml2SPID docker immage is available at [italia/satosa-saml2spid](https://ghcr.io/italia/satosa-saml2spid)
+
+To install the docker image from docker hub: `docker pull ghcr.io/italia/satosa-saml2spid:latest`
+
+### Configuration for production
+
+Satosa-Saml2SPID image is built with production ready logic, but some configurations are needed:
+
+#### NGINX
+
+A valid ssl certificate is needed, to add your certificate you shoud override the /etc/nginx/certs directory with your valid certificates.
+
+#### Satosa
+
+* You should set the $HOSTNAME environment with the production DNS name
+* You should set all key and salt with your secret key ($SATOSA_ENCRYPTION_KEY, $SATOSA_SALT)
+* You should set a new mongodb password ($MONGODB_USERNAME, $MONGODB_PASSWORD)
+* You should set a new certificate for SAML / SPID ($SATOSA_PUBLIC_KEYS, $SATOSA_PRIVATE_KEYS)
+* You should add valid data for metadata, read [Configurations by environments](#configuration-by-environments)
+
+### Configuration by environments
+
+* *$SATOSA_BASE* base url of satosa server, default: "https://$HOSTNAME"
+
+* *$SATOSA_ENCRYPTION_KEY* encription key for state, default: "CHANGE_ME!"
+
+* *$SATOSA_SALT* encription salt, default: "CHANGE_ME!"
+
+* *$SATOSA_DISCO_SRV* Descovery page URL for all backends, default: "https://$HOSTNAME/static/disco.html"
+
+* *$SATOSA_PRIVATE_KEYS* private key for SAML2 / SPID backends
+
+* *$SATOSA_PUBLIC_KEYS* public key for SAML2 / SPID backends
+
+* *$MONGODB_USERNAME* MongoDB username for oidc_op frontend, default from .env file in compose-Satosa-Saml2Spid
+
+* *$MONGODB_PASSWORD* MongoDB password for oidc_op frontend, default from .env file in compose-Satosa-Saml2Spid
+
+* *$SATOSA_UNKNOW_ERROR_REDIRECT_PAGE* redirect page for unknow erros, default: "https://$HOSTNAME/static/error_page.html"
+
+* *$SATOSA_ORGANIZATION_DISPLAY_NAME_EN* Metadata English organization display name
+
+* *$SATOSA_ORGANIZATION_NAME_EN* Metadata English full organization name
+
+* *$SATOSA_ORGANIZATION_URL_EN* Metadata English organization url
+
+* *$SATOSA_ORGANIZATION_DISPLAY_NAME_IT* Metadata Italian Organization display name
+
+* *$SATOSA_ORGANIZATION_NAME_IT* Metadata Italian full organization
+
+* *$SATOSA_ORGANIZATION_URL_IT* Metadata Italian organization url
+
+* *$SATOSA_CONTACT_PERSON_GIVEN_NAME* Metadata Contact person name
+
+* *$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS* Metadata Contact person email
+
+* *$SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER* Metadata Contact person telephone number for SPID / CIE Backend
+
+* *$SATOSA_CONTACT_PERSON_FISCALCODE* Metadata Contact person fiscal code for SPID / CIE Backend
+
+* *$SATOSA_UI_DISPLAY_NAME_EN* Metadata English ui display name
+
+* *$SATOSA_UI_DISPLAY_NAME_IT* Metadata Italian ui display name
+
+* *$SATOSA_UI_DESCRIPTION_EN* Metadata English ui description
+
+* *$SATOSA_UI_DESCRIPTION_IT* Metadata Italian ui description
+
+* *$SATOSA_UI_INFORMATION_URL_EN* Metadata English ui information URL
+
+* *$SATOSA_UI_INFORMATION_URL_IT* Metadata Italian ui information URL
+
+* *$SATOSA_UI_PRIVACY_URL_EN* Metadata English ui privacy URL
+
+* *$SATOSA_UI_PRIVACY_URL_IT* Metadata Italian ui privacy URL
+
+* *$SATOSA_UI_LOGO_URL* Metadata Logo url for
+
+* *$SATOSA_UI_LOGO_WIDTH* Metadata Logo width
+
+* *$SATOSA_UI_LOGO_HEIGHT* Metadata logo height
+
+* *$SATOSA_SAML2_REQUESTED_ATTRIBUTES* SAML2 required attributes, default: name, surname
+
+* *$SATOSA_SPID_REQUESTED_ATTRIBUTES* SPID required attributes, default: spidCode, name, familyName, fiscalNumber, email
+
## Docker compose
-````
-apt install jq
-pip install docker-compose
-````
-
-Create your project folder, starting from our example project
-````
-cp -R example project
-# do your customizations in project/
-````
-
-Create volumes
-````
-docker volume create --name=satosa-saml2saml_certs
-docker volume create --name=satosa-saml2saml_conf
-docker volume create --name=satosa-saml2saml_statics
-docker volume create --name=satosa-saml2saml_logs
-````
-
-Where the data are
-`docker volume ls`
-
-Copy files in destination volumes
-````
-cp project/pki/*pem `docker volume inspect satosa-saml2saml_certs | jq .[0].Mountpoint | sed 's/"//g'`
-cp -R project/* `docker volume inspect satosa-saml2saml_conf | jq .[0].Mountpoint | sed 's/"//g'`
-cp -R project/static/* `docker volume inspect satosa-saml2saml_statics | jq .[0].Mountpoint | sed 's/"//g'`
-````
-
-Run the stack
-````
-docker-compose up
-````
-
-See [mongo readme](./mongo) to have some example of demo data.
+A detailed instruction for make your docker-compose image is in [compose-Satosa-Saml2Spid](compose-Satosa-Saml2Spid) directory.
+
+The docker compose uses same [enviromets](#configuration-by-environments) with the official docker image
## OIDC
@@ -118,26 +175,28 @@ Comment/uncomment the following statement in the proxy_configuration to enable i
https://github.com/italia/Satosa-Saml2Spid/blob/oidcop/example/proxy_conf.yaml#L32
-
## Setup
###### Prepare environment
-````
+
+```
mkdir satosa_proxy && cd satosa_proxy
virtualenv -ppython3 satosa.env
source satosa.env/bin/activate
-````
+```
###### Dependencies Ubuntu
-````
+
+```
sudo apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev
git clone https://github.com/italia/Satosa-Saml2Spid.git repository
pip install -r repository/requirements.txt
-````
+```
###### Dependencies Centos/RHEL
-````
+
+```
sudo yum install -y libffi-devel openssl-devel python3-pip xmlsec1 procps pcre pcre-devel
pip install --upgrade pip
sudo yum groupinstall "Development Tools"
@@ -146,7 +205,7 @@ sudo yum install -y python3-wheel python3-devel
git clone https://github.com/italia/Satosa-Saml2Spid.git repository
pip install -r repository/requirements.txt
-````
+```
## Configure the Proxy
@@ -161,32 +220,31 @@ These are the configuration files:
- `plugins/frontend/saml2_frontend.yaml`
- `plugins/frontend/oidc_op_frontend.yaml` (optional to enable OIDC Provider)
-
## Saml2 Metadata
If you want to handle metadata file manually, as this example purpose as demostration,
create `metadata/idp` and `metadata/sp` folders, then copy metadata:
-````
+```
mkdir -p metadata/idp metadata/sp
wget https://localhost:8080/metadata.xml -O metadata/idp/spid-saml-check.xml
wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml
-````
+```
Copy your SP metadata to your Proxy
-````
+
+```
wget https://sp.fqdn.org/saml2/metadata -O metadata/sp/my-sp.xml
-````
+```
Otherwise the best method would be enabling a MDQ server in each frontend and backend configuration file.
See `example/plugins/{backends,frontends}/$filename` as example.
-
## Start the Proxy
**Warning**: these examples must be intended only for test purpose, for a demo run. Please remember that the following examples wouldn't be intended for a real production environment! If you need some example for a production environment please take a look at `example/uwsgi_setup/` folder.
-````
+```
export SATOSA_APP=$VIRTUAL_ENV/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa
# only https with satosa, because its Cookie only if "secure" would be sent
@@ -194,22 +252,23 @@ uwsgi --wsgi-file $SATOSA_APP/wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pk
# additional static serve for the demo Discovery Service with Spid button
uwsgi --https 0.0.0.0:9999,./pki/cert.pem,./pki/privkey.pem --check-static-docroot --check-static ./static/ --static-index disco.html
-````
+```
### Get SPID backend metadata
The proxy backend exposes its SPID metadata at the following url (customizable):
-````
-https://localhost:10000/spidSaml2/metadata
-````
+```
+https://localhost:10000/spidSaml2/metadata
+```
#### Get Proxy Metadata for your SP
The Proxy metadata must be configured in your SP. Your SP is an entity that's external from this Proxy, eg: shibboleth sp, djangosaml2, another ...
-````
+
+```
wget https://localhost:10000/Saml2IDP/metadata -O path/to/your/sp/metadata/satosa-spid.xml --no-check-certificate
-````
+```
Then start an authentication from your SP.
@@ -228,12 +287,11 @@ http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata
IF you're going to test Satosa-Saml2Spid with spid-sp-test, take a look to
its CI, [here](.github/workflows/python-app.yml),
-
## Trouble shooting
That's the stdout log of a working instance of SATOSA in uwsgi
-````
+```
*** Starting uWSGI 2.0.19.1 (64bit) on [Tue Mar 30 17:08:49 2021] ***
compiled with version: 9.3.0 on 11 September 2020 23:11:42
os: Linux-5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021
@@ -268,13 +326,12 @@ mapped 72920 bytes (71 KB) for 1 cores
WSGI app 0 (mountpoint='') ready in 2 seconds on interpreter 0x55f744576790 pid: 28675 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI worker 1 (and the only) (pid: 28675, cores: 8)
-````
+```
## Additional resources for newcomers
- [Satosa-Saml2Spid installation tutorial](https://github.com/aslbat/Satosa-SPID-Proxy).
-
## Additional technical informations for Developers
#### SPID technical Requirements
@@ -283,10 +340,10 @@ The SaToSa **SPID** backend contained in this project adopt specialized forks of
read [this](README.idpy.forks.mngmnt.md) for any further explaination about how to patch by hands.
All the patches and features are currently merged and available with the following releases:
+
- [pysaml2](https://github.com/peppelinux/pysaml2/tree/pplnx-v7.0.1-1)
- [SATOSA](https://github.com/peppelinux/SATOSA/tree/oidcop-v8.0.0)
-
#### Pending contributions to idpy
These are mandatory only for getting Spid SAML2 working, these are not needed for any other traditional SAML2 deployment:
@@ -297,8 +354,8 @@ These are mandatory only for getting Spid SAML2 working, these are not needed fo
- [SATOSA unknow error handling](https://github.com/IdentityPython/SATOSA/pull/324)
- [SATOSA redirect page on error](https://github.com/IdentityPython/SATOSA/pull/325)
-
#### Warnings
+
Here something that you should know before start.
- You must enable more than a single IdP (multiple metadata or single metadata with multiple entities) to get *Discovery Service* working.
@@ -309,21 +366,19 @@ Here something that you should know before start.
An additional "hack" have been made in `example/attributes-maps/satosa_spid_uri_hybrid.py`, where I adopted a hybrid mapping that works for
both *URI* and *BASIC* formats. Feel free to customized or decouple these format in different files and per SP.
-
## References
SATOSA Official Documentation is available at the following links, make sure you've taken a
look to these to understand the potential of this platform:
+
- [SaToSa Saml2Saml Documentation](https://github.com/IdentityPython/SATOSA/blob/master/doc/one-to-many.md)
- [Use cases](https://github.com/IdentityPython/SATOSA/wiki#use-cases)
-
Account Linking
- [pyMultiLDAP SaToSa MS](https://github.com/peppelinux/pyMultiLDAP/tree/master/multildap/satosa)
- Attributes Processing with [SATOSA-uniext](https://github.com/UniversitaDellaCalabria/SATOSA-uniExt/blob/master/satosa_uniext/processors/unical_attribute_processor.py)
-
Additional resources:
- [satosa-eidas-ansible](https://github.com/grnet/satosa-eidas-ansible)
@@ -339,7 +394,6 @@ Additional resources:
Giuseppe De Marco
-
## Credits
- Andrea Ranaldi and his Team in ISPRA Ambiente
diff --git a/README.mongo.md b/README.mongo.md
new file mode 100644
index 00000000..c40bca1a
--- /dev/null
+++ b/README.mongo.md
@@ -0,0 +1,113 @@
+# Setup
+
+## Table of Contents
+1. [Install and configure](#install-and-configure)
+2. [Using Docker](#using-docker)
+
+## Install and configure
+
+````
+wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
+echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
+sudo apt update
+sudo apt install -y mongodb-org
+sudo apt install mongosh
+````
+
+#### Connect to MongoDB
+````
+mongosh mongodb://root:example@172.21.0.3:27017
+````
+
+#### create satosa user grants
+````
+use oidcop
+db.createUser(
+ {
+ user: "satosa",
+ pwd: "thatpassword",
+ roles: [
+ { role: "readWrite", db: "oidcop" }
+ ]
+ }
+)
+
+exit
+````
+
+#### make client_id unique
+
+````
+db.client.createIndex( { "client_id": 1 }, { unique: true } )
+db.client.createIndex( { "registration_access_token": 1 }, { unique: true } )
+````
+
+#### make access_token and sid unique
+
+````
+db.session.createIndex( { "sid": 1 }, { unique: true } )
+````
+
+#### create expired session deletion
+
+Prune all the expired sessions automatically, keeping only the last two entries.
+
+````
+db.session.createIndex(
+ { expires_at: 1 },
+ { expireAfterSeconds: 0, partialFilterExpression: { count: { $gt: 2 } } }
+);
+````
+
+#### insert a test client like this
+
+````
+db.client.insertOne(
+ {"client_id": "jbxedfmfyc", "client_name": "ciro", "client_salt": "6flfsj0Z", "registration_access_token": "z3PCMmC1HZ1QmXeXGOQMJpWQNQynM4xY", "registration_client_uri": "https://localhost:10000/registration_api?client_id=jbxedfmfyc", "client_id_issued_at": 1630952311.410208, "client_secret": "19cc69b70d0108f630e52f72f7a3bd37ba4e11678ad1a7434e9818e1", "client_secret_expires_at": 1662488311.410214, "application_type": "web", "contacts": ["ops@example.com"], "token_endpoint_auth_method": "client_secret_basic", "redirect_uris": [["https://localhost:8090/authz_cb/satosa", {}]], "post_logout_redirect_uris": [["https://localhost:8090/session_logout/satosa", null]], "response_types": ["code"], "grant_types": ["authorization_code"], "allowed_scopes": ["openid", "profile", "email", "offline_access"]}
+)
+````
+
+### Using Docker
+
+When using docker-compose in [compose-Satosa-Saml2Spid](./compose-Satosa-Saml2Spid) all operations described in section [Install and configure](#install-and-configure) are executed by the init script [init-mongo.sh](./compose-Satosa-Saml2Spid/init-mongo.sh) at the first start o the container.
+
+#### set environment in .env
+
+- MONGO_DBUSER : user admin of oidcop DB in Mongo;
+- MONGO_DBPASSWORD : password of user MONGO_DBUSER;
+
+This two environment variable are used in 3 of our container.
+
+#### docker-compose.yml environments for MONGODB
+
+##### satosa-mongo
+
+````
+ environment:
+ MONGO_INITDB_DATABASE: oidcop
+ MONGO_INITDB_ROOT_USERNAME: "${MONGO_DBUSER}"
+ MONGO_INITDB_ROOT_PASSWORD: "${MONGO_DBPASSWORD}"
+````
+
+- MONGO_INITDB_DATABASE : name of a database to be used for creation scripts;
+- MONGO_INITDB_ROOT_USERNAME : name of the user created which have the role of 'root' (superuser role);
+- MONGO_INITDB_ROOT_PASSWORD : password off the MONGO_INITDB_ROOT_USERNAME.
+
+##### satosa-mongo-express
+
+````
+ environment:
+ ME_CONFIG_BASICAUTH_USERNAME: satosauser
+ ME_CONFIG_BASICAUTH_PASSWORD: satosapw
+ ME_CONFIG_MONGODB_ADMINUSERNAME: "${MONGO_DBUSER}"
+ ME_CONFIG_MONGODB_ADMINPASSWORD: "${MONGO_DBPASSWORD}"
+ ME_CONFIG_MONGODB_URL: mongodb://${MONGO_DBUSER}:${MONGO_DBPASSWORD}@satosa-mongo:27017/
+````
+
+- ME_CONFIG_BASICAUTH_USERNAME : mongo-express web username;
+- ME_CONFIG_BASICAUTH_PASSWORD : mongo-express web password;
+- ME_CONFIG_MONGODB_ADMINUSERNAME : MongoDB admin username;
+- ME_CONFIG_MONGODB_ADMINPASSWORD : MongoDB admin password;
+- ME_CONFIG_MONGODB_URL : MongoDB connection URL.
+
+
diff --git a/compose-Satosa-Saml2Spid/.env b/compose-Satosa-Saml2Spid/.env
new file mode 100644
index 00000000..f025a248
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/.env
@@ -0,0 +1,3 @@
+MONGO_DBUSER=satosa
+MONGO_DBPASSWORD=thatpassword
+HOSTNAME=localhost
diff --git a/compose-Satosa-Saml2Spid/README.md b/compose-Satosa-Saml2Spid/README.md
new file mode 100644
index 00000000..d8dd34fa
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/README.md
@@ -0,0 +1,176 @@
+# compose-Satosa-Saml2Spid
+
+## Table of Contents
+
+1. [What do you need?](#what-do-you-need?)
+2. [Run the composition](#run-the-composition)
+3. [Stop the composition](#stop-the-composition)
+4. [Remove/Delete volumes](#remove/delete-volumes)
+5. [Demo data](#demo-data)
+6. [Env file](#env-file)
+7. [docker-compose.yml](#docker-compose.yml)
+
+## What do you need?
+
+In order to execute the run script you need:
+
+* jq
+* docker-compose
+
+Installation example in Ubuntu:
+
+```
+apt install jq docker-compose
+```
+
+For docker-compose you can also [see here](https://docs.docker.com/compose/install/other/).
+
+## Run the composition
+
+### Required at least on first run!
+
+Execute the run script for the first time:
+
+```
+./run-docker-compose.sh
+```
+
+The following docker volumes are created, if they do not exist:
+
+* satosa-saml2spid_metadata
+* satosa-saml2spid_certs
+* satosa-saml2spid_static
+* satosa-saml2spid_nginx_certs
+* satosa-saml2spid_mongodata
+
+The first four are populated with sample data, respectively:
+
+* satosa-saml2spid_metadata with data from ../example/metadata/
+* satosa-saml2spid_certs with data from ../example/pki/
+* satosa-saml2spid_static with data from ../example/static/
+* satosa-saml2spid_nginx_certs with data from nginx/certs/
+
+While the last one (*satosa-saml2spid_mongodata*) is populated by the MongoDB container on its first run.
+
+After these steps, the images of the containers are downloaded and then the containers of the composition are started.
+
+Finally you are warned you can run the following command to check composition start and status:
+
+```
+docker-compose -f docker-compose.yml logs -f
+```
+
+### Where is your data?
+
+Command:
+
+```
+docker volume ls
+```
+
+Output:
+
+```
+DRIVER VOLUME NAME
+local satosa-saml2spid_certs
+local satosa-saml2spid_metadata
+local satosa-saml2spid_mongodata
+local satosa-saml2spid_nginx_certs
+local satosa-saml2spid_static
+```
+
+In RedHat and Ubuntu based OS the Docker volumes directory is at:
+
+```
+# ls -1 /var/lib/docker/volumes/
+satosa-saml2spid_certs
+satosa-saml2spid_metadata
+satosa-saml2spid_mongodata
+satosa-saml2spid_nginx_certs
+satosa-saml2spid_static
+```
+
+### NOT at first run or after volumes deletion!
+
+After first run you can start the composition with the run script or by this commands:
+
+```
+docker-compose pull; docker-compose down -v; docker-compose up -d;docker-compose logs -f
+```
+
+## Stop the composition
+
+```
+./stop-docker-compose.sh
+```
+
+This script stops all containers of the composition and detaches the volumes, but keeps the data on the persistent volumes.
+
+## Remove/Delete volumes
+
+If you want to start from scratch, or just clear all persistent data, just run the following script:
+
+```
+./rm-persistent-volumes.sh
+```
+
+First, the containers of the composition are stopped and the volumes are detached.
+
+Then you are asked if you want to delete the volumes and if you answer yes, you have to confirm volume by volume whether it should be deleted or not.
+
+## Demo data
+
+Demo data for a test client are inserted into the DB during the first run of the composition.
+
+See [mongo readme](../README.mongo.md) to have some example of demo data.
+
+## Env file
+
+```
+# cat .env
+MONGO_DBUSER=satosa
+MONGO_DBPASSWORD=thatpassword
+HOSTNAME=localhost
+```
+
+See [mongo readme](../README.mongo.md) for explanation of environment variables of MongoDB.
+
+## docker-compose.yml
+In the [project readme](../README.md#configuration-by-environments) is present a detailed list with each environment and his function
+```
+ environment:
+ - SATOSA_BY_DOCKER=1
+
+ - SATOSA_BASE=https://$HOSTNAME
+ # - SATOSA_CONTACT_PERSON_EMAIL_ADDRESS=support.example@organization.org
+ # - SATOSA_CONTACT_PERSON_FISCALCODE=01234567890
+ # - SATOSA_CONTACT_PERSON_GIVEN_NAME=Name
+ # - SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER=06123456789
+ - SATOSA_DISCO_SRV=https://$HOSTNAME/static/disco.html
+ # - SATOSA_ENCRYPTION_KEY=
+ - MONGODB_PASSWORD=${MONGO_DBPASSWORD}
+ - MONGODB_USERNAME=${MONGO_DBUSER}
+ # - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_URL_EN=https://example_organization.org
+ # - SATOSA_ORGANIZATION_URL_IT=https://example_organization.org
+ # - SATOSA_PRIVATE_KEYS=
+ # - SATOSA_PUBLIC_KEY=
+ # - SATOSA_SALT=
+ # - SATOSA_STATE_ENCRYPTION_KEY
+ # - SATOSA_UI_DESCRIPTION_EN=Resource description
+ # - SATOSA_UI_DESCRIPTION_IT=Resource description
+ # - SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name
+ # - SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name
+ # - SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en
+ # - SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en
+ # - SATOSA_UI_LOGO_HEIGHT=60
+ # - SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png
+ # - SATOSA_UI_LOGO_WIDTH=80
+ # - SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en
+ # - SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en
+ - SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://$HOSTNAME/static/error_page.html
+ # - SATOSA_USER_ID_HASH_SALT
+```
diff --git a/compose-Satosa-Saml2Spid/docker-compose.yml b/compose-Satosa-Saml2Spid/docker-compose.yml
new file mode 100644
index 00000000..df36d701
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/docker-compose.yml
@@ -0,0 +1,126 @@
+version: '3'
+services:
+
+ satosa-mongo:
+ image: mongo
+ container_name: satosa-mongo
+ restart: always
+ environment:
+ MONGO_INITDB_DATABASE: oidcop
+ MONGO_INITDB_ROOT_USERNAME: "${MONGO_DBUSER}"
+ MONGO_INITDB_ROOT_PASSWORD: "${MONGO_DBPASSWORD}"
+ volumes:
+ - mongodata:/data/db
+ - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
+ - ./mongo/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh
+ ports:
+ - '27017-27019:27017-27019'
+
+ satosa-mongo-express:
+ image: mongo-express
+ container_name: satosa-mongo-express
+ restart: always
+ ports:
+ - 8082:8081
+ environment:
+ ME_CONFIG_BASICAUTH_USERNAME: satosauser
+ ME_CONFIG_BASICAUTH_PASSWORD: satosapw
+ ME_CONFIG_MONGODB_ADMINUSERNAME: "${MONGO_DBUSER}"
+ ME_CONFIG_MONGODB_ADMINPASSWORD: "${MONGO_DBPASSWORD}"
+ ME_CONFIG_MONGODB_URL: mongodb://${MONGO_DBUSER}:${MONGO_DBPASSWORD}@satosa-mongo:27017/
+
+ satosa-saml2spid:
+ image: ghcr.io/italia/satosa-saml2spid:latest
+ container_name: satosa-saml2spid
+ depends_on:
+ - satosa-mongo
+ environment:
+ - SATOSA_BY_DOCKER=1
+
+ - SATOSA_BASE=https://$HOSTNAME
+ # - SATOSA_CONTACT_PERSON_EMAIL_ADDRESS=support.example@organization.org
+ # - SATOSA_CONTACT_PERSON_FISCALCODE=01234567890
+ # - SATOSA_CONTACT_PERSON_GIVEN_NAME=Name
+ # - SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER=06123456789
+ - SATOSA_DISCO_SRV=https://$HOSTNAME/static/disco.html
+ # - SATOSA_ENCRYPTION_KEY=
+ - MONGODB_PASSWORD=${MONGO_DBPASSWORD}
+ - MONGODB_USERNAME=${MONGO_DBUSER}
+ # - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization
+ # - SATOSA_ORGANIZATION_URL_EN=https://example_organization.org
+ # - SATOSA_ORGANIZATION_URL_IT=https://example_organization.org
+ # - SATOSA_PRIVATE_KEYS=
+ # - SATOSA_PUBLIC_KEY=
+ # - SATOSA_SALT=
+ # - SATOSA_STATE_ENCRYPTION_KEY
+ # - SATOSA_UI_DESCRIPTION_EN=Resource description
+ # - SATOSA_UI_DESCRIPTION_IT=Resource description
+ # - SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name
+ # - SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name
+ # - SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en
+ # - SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en
+ # - SATOSA_UI_LOGO_HEIGHT=60
+ # - SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png
+ # - SATOSA_UI_LOGO_WIDTH=80
+ # - SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en
+ # - SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en
+ - SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://$HOSTNAME/static/error_page.html
+ # - SATOSA_USER_ID_HASH_SALT
+ expose:
+ - 10000
+ - 9999
+ ports:
+ - "10000:10000"
+ - "9999:9999"
+ volumes:
+ - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
+ - satosa_metadata:/satosa_proxy/metadata
+ - satosa_static:/satosa_proxy/static
+ - satosa_certs:/satosa_proxy/pki
+
+ satosa-nginx:
+ image: nginx:alpine
+ container_name: satosa-nginx
+ depends_on:
+ - satosa-saml2spid
+ ports:
+ - "80:80"
+ - "443:443"
+ volumes:
+ - ./nginx/nginx.conf_uwsgi_pass:/etc/nginx/nginx.conf:ro
+ - ./nginx/50x.html:/usr/share/nginx/html/50x.html:ro
+ - ./nginx/404.html:/usr/share/nginx/html/404.html:ro
+ - ./nginx/403.html:/usr/share/nginx/html/403.html:ro
+ - nginx_certs:/etc/nginx/certs:ro
+ - satosa_static:/var/www/html
+
+volumes:
+
+ mongodata:
+ external:
+ name: satosa-saml2spid_mongodata
+
+ nginx_certs:
+ external:
+ name: satosa-saml2spid_nginx_certs
+
+ satosa_static:
+ external:
+ name: satosa-saml2spid_static
+
+ satosa_metadata:
+ external:
+ name: satosa-saml2spid_metadata
+
+ satosa_certs:
+ external:
+ name: satosa-saml2spid_certs
+
+# nginx_conf:
+# driver_opts:
+# type: none
+# device: $PWD/nginx/
+# o: bind
diff --git a/mongo/README.md b/compose-Satosa-Saml2Spid/mongo/init-mongo.sh
old mode 100644
new mode 100755
similarity index 55%
rename from mongo/README.md
rename to compose-Satosa-Saml2Spid/mongo/init-mongo.sh
index 7e29cc58..bbe90d02
--- a/mongo/README.md
+++ b/compose-Satosa-Saml2Spid/mongo/init-mongo.sh
@@ -1,62 +1,44 @@
-## Setup
-
-````
-wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
-echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
-sudo apt update
-sudo apt install -y mongodb-org
-sudo apt install mongosh
-````
-
-#### using docker compose
-````
-mongosh mongodb://root:example@172.21.0.3:27017
-````
-
-#### create satosa user grants
-````
-use oidcop
+#!/usr/bin/env bash
+
+mongosh -- "$MONGO_INITDB_DATABASE"<
+
+
+Forbidden
+
+
+
+403
+Forbidden
+You don't have permission to access.
+
+Faithfully yours, nginx.
+
+
diff --git a/compose-Satosa-Saml2Spid/nginx/404.html b/compose-Satosa-Saml2Spid/nginx/404.html
new file mode 100644
index 00000000..d1497709
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/nginx/404.html
@@ -0,0 +1,38 @@
+
+
+
+Page not found
+
+
+
+404
+Page not found
+Sorry, the page you are looking doesn't exist,
+or other error occured.
+If you are the system administrator of this resource then you should check
+the error log for details.
+Pagina non trovata
+La pagina che stava cercando non esiste su questo server,
+oppure e' occorso un'altro tipo di errore.
+Se sei l'amministratore di questa risorsa magari puoi
+trovare dettagli interessanti nei log.
+
+Faithfully yours, nginx.
+
+
diff --git a/compose-Satosa-Saml2Spid/nginx/50x.html b/compose-Satosa-Saml2Spid/nginx/50x.html
new file mode 100644
index 00000000..a57c2f93
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/nginx/50x.html
@@ -0,0 +1,19 @@
+
+
+
+Error
+
+
+
+An error occurred.
+Sorry, the page you are looking for is currently unavailable.
+Please try again later.
+If you are the system administrator of this resource then you should check
+the error log for details.
+Faithfully yours, nginx.
+
+
diff --git a/compose-Satosa-Saml2Spid/nginx/certs/proxy_local.key b/compose-Satosa-Saml2Spid/nginx/certs/proxy_local.key
new file mode 100644
index 00000000..23d4877e
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/nginx/certs/proxy_local.key
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDfp/056ZMdAd1Q
+BDNhxsLUK3Vn+z7PdZ5HTUtF7mOupXC5mN39IKNGHhT53ACHI5yAgm4KJEqNk9yR
+OrFP7Hr9unZfEM4qrdHy8N0cAAZUPBfdS+uogcQKgX6b5u4pVircQVOneVpLO24C
+zMIqF/0GXKjV+LE2jJwJssoWUjRW2Z1S4VoRf40n9bSdDSP7SmMvA1VTZE2JTthU
+fEe2e+yKVreNRoQp4Xls8kbBm1SPuSSd9i/cehFD08e7lsYxfZXKQJ2/hPBATmsU
+0GvA5KgkmrsD1Ihnq0tD8y9Ej6aDlpLtSYoxKNFbB/geUbfBY8sXruSxi+Hvu+hh
+qRpWuqZUmiiJISeBhgJVUScraEn2r5nyFBGUbQADifZ+UR/QNUN7Q54/Yb2mgCGo
+00CXNVs+HHqhjvmAtW2TCuBEblmZs45XwL49Iggf5xanLvnE+8flQvy8kUMq9SaC
+y2yCBkwC3TbUbGC5LurnZnwl352uDTzTC2GYHTnD3JZsZuONqiUCAwEAAQKCAYAp
+OL4cYWeC7igLKmsJ92dLUaM3AgCmnggJHj7kabanpshq/LjVgaF2N+8nyhuyzKZ4
+rRF4/w1aoMkDX2z0zSIyB57vkJpfFWBfxXMLSRnhhp3jZK3PhfNK+GkMdPiqV75Y
+kBXKBTzWJuL00yZqObeh54wau9Z1tl7ADtreWFJbO4qajvxZw0eR+OBMHfLmyuQS
+8ytTzmXYC9clYy6YfKixKqB0Am4zheIqaVEPOADS6I3OK2TQ3xK1jKAAfB6VWo7b
+3qHdszrj+aHJyUwiI+1DHS8XYmvShUN8cEW1faHW9oqAMvWNW3EAyB6T2AvB6O2I
+ZG7uRvyCMKKPgMUpvjMCH4ufnTYOVwHd5MP0Kj8yx1D+trbt4o3WRSBvMIsDxhux
+oEMo90jyTuxHpmnQwwfggk0maWGSQyaxvynk9c6ZAGZtDOgzGLKukQJpWbmTkr/s
+DSdunfViT8doWjCJsleKjUrX1Sgzpy3Am9gjkcIU2WmBye4Bohr9yp09xKryrZUC
+gcEA8AnpCQaNVeM+L4RMq1Fz2y1cfcEB23RfHqNaWsjCTaFk2zEswZATTbyDAYxZ
+7IDjlqW270YCF5yQ310AP8zCyGZcULa3FRndsAUhEfnOKfZHytxB8F0hPcy9+2Wb
+y/8l1hL/ri5Yqtm9B7aUZTYGwmWhq3gtNrIoRj1GFanCF2KC4J7XM+5EkCBShBbG
+9PRnsqNsU6v0UYOf1wM9eiB7u+gwJiQXYb/gSOQJiHEI60NBprq/7HOJvRNcRISa
+I13zAoHBAO6HNKGzVlJ9iMMRSgN+1BZXN6RqOZ2Mm96y/pBlOS9xc1vXAjCb2amo
++mapGjlqTVrNjcBzuJxaVFkhw4XvSvzgyXY4bcM7HhPk4HXqxw7xkvaVmexNKyib
+6QyTAYpocPFMPU3Q83pDuTOhnIzxehdAd1PW1eBTPGEsY3qVor7uUKHk/HZ6yf+6
+ia1L5EiCOcx9HSmlJ4IJaCYvSz4CD1S8lCAoHRJa5hXnH6dU5s95PxLk8zvMr8DP
+/L/NliElhwKBwQDmStvEyQB4UlirBeb4xmC8+zwteirp/S/1GQvq5YllKV613Ovv
+mOasQhv+NEVh3hZ7xelIjoYbWR607Wj7zNtjoLEYzvO/zt0drw4XTO862wnt2nt4
+vCDURcZPlyBuCxCl3fxnhBeVcukkqUqd/8NkZlVBST83pp11JfxDdGa+QMkH79zP
++dzV2ezQxXmEMaf7f0bCz8rLGdkUVAt7TAbqNM1dCmtUYN4xkHaE7M19yT0HVUwk
+8oRHXne7VOz82XkCgcEA3n/Ws6ODOU2KXlPpU5tiITjYWZERD4rS9wjG91DE6CGO
+9zN4AnnOrzlF4q+JG9eyMqqduND5ezeziLU7GtudeogAxTtcAApMQ0hzrOsFJkZn
+zYa9XzSYtrfAy47xl/dWq29vm//2rq0vvB7b1omGVtw2s0kqlqduIkLyxK2Cc1IA
+exQMAEUH2nlZ5gJt/skjO0HWCzvYv68grMXfDQeE34lNLzXb8HxENlgzKbbD2vMB
+yBEzZyvHIjehUBVpHqBPAoHAKOFB7fE1xx7qMnUepPE9p3r2YpK9LDcYpH6tsTY2
+hq4QAWbabRINdAAtIc+sMsus8kM9EEBReCmeKnbY9nA5e3rEJX7xfoxMkPihUmvZ
+aCMHPz7Kzya8licYLmoGdrip5kbZanCIcnfgkUbYhyoiVswJDldlfo/bfoK/g0SA
+1rRs8/ALwgBmHzQJWK+lzLWWEEr0JGoufvv5/h7YDqUkY2GTpcznbtWbf+EQzydw
+twoBbKbPgrk81FRvWlbED4KS
+-----END PRIVATE KEY-----
diff --git a/compose-Satosa-Saml2Spid/nginx/certs/proxy_local.pem b/compose-Satosa-Saml2Spid/nginx/certs/proxy_local.pem
new file mode 100644
index 00000000..c20dd44c
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/nginx/certs/proxy_local.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEOzCCAqOgAwIBAgIUY9ahQ83SrrLiwxjxyYqPra4jVywwDQYJKoZIhvcNAQEL
+BQAwLTELMAkGA1UEBhMCSVQxHjAcBgNVBAMMFWxvY2FsaG9zdC5sb2NhbGRvbWFp
+bjAeFw0yMjA2MjcxNzUyNTJaFw0zMjA2MjQxNzUyNTJaMC0xCzAJBgNVBAYTAklU
+MR4wHAYDVQQDDBVsb2NhbGhvc3QubG9jYWxkb21haW4wggGiMA0GCSqGSIb3DQEB
+AQUAA4IBjwAwggGKAoIBgQDfp/056ZMdAd1QBDNhxsLUK3Vn+z7PdZ5HTUtF7mOu
+pXC5mN39IKNGHhT53ACHI5yAgm4KJEqNk9yROrFP7Hr9unZfEM4qrdHy8N0cAAZU
+PBfdS+uogcQKgX6b5u4pVircQVOneVpLO24CzMIqF/0GXKjV+LE2jJwJssoWUjRW
+2Z1S4VoRf40n9bSdDSP7SmMvA1VTZE2JTthUfEe2e+yKVreNRoQp4Xls8kbBm1SP
+uSSd9i/cehFD08e7lsYxfZXKQJ2/hPBATmsU0GvA5KgkmrsD1Ihnq0tD8y9Ej6aD
+lpLtSYoxKNFbB/geUbfBY8sXruSxi+Hvu+hhqRpWuqZUmiiJISeBhgJVUScraEn2
+r5nyFBGUbQADifZ+UR/QNUN7Q54/Yb2mgCGo00CXNVs+HHqhjvmAtW2TCuBEblmZ
+s45XwL49Iggf5xanLvnE+8flQvy8kUMq9SaCy2yCBkwC3TbUbGC5LurnZnwl352u
+DTzTC2GYHTnD3JZsZuONqiUCAwEAAaNTMFEwHQYDVR0OBBYEFGwfzOMAaAlxntMM
+nQXR06l5NshKMB8GA1UdIwQYMBaAFGwfzOMAaAlxntMMnQXR06l5NshKMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBABhp78swT2TQn6QtzKIVBjfb
+Ycflq5WdPcL1w075y4PGHoEVN62NJfb5pyCMkPQS6vlJCBmpyn1/kwvVFGC4gWJ2
+z0NGf7KT9gVo2E9t1kRH0DeILW88pfWNFKFkn3Ln1dGg76MWZNWZlxEJ2zshQ2fk
++AwvUS+Y8cmGoG+0Z/xvz92PsJNWgbZuuZfsIhUTrByE6CTcDkXYyDkVs2mSsRIp
+VnBtom7IZJFByKziCg47JCfgzBLAhZTYL678AYevGwuOtUA8P04heKWbHtWUIVQ0
+JpCJwZ6dt24jcdQ1SqSYxNSpAWqFSt/CTqMe2jA8GLrkwoOs/kKyqhs8rp88NBGz
+cHO58zqLlOIsT022JT6ckAaLpB9IEf6UpVYW+xSzBpGvKuyTcQc9Qq5AZkHy7Wep
+B4psJF3J6ZxW83cJXuYJNiylgN1pXc3mHl0C59tnK/ogrGwgOirmXRgv6cNGjriV
+i4MQ779cskAULJA/fWjBaupd8PdRQskwdPDK7AJKTg==
+-----END CERTIFICATE-----
diff --git a/compose-Satosa-Saml2Spid/nginx/nginx.conf_uwsgi_pass b/compose-Satosa-Saml2Spid/nginx/nginx.conf_uwsgi_pass
new file mode 100644
index 00000000..c4f6209a
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/nginx/nginx.conf_uwsgi_pass
@@ -0,0 +1,111 @@
+user nginx;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ sendfile on;
+ keepalive_timeout 240s;
+ send_timeout 240s;
+ client_max_body_size 3300m;
+
+ log_format main '$http_x_forwarded_for - $remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent"' ;
+
+# the upstream component nginx needs to connect to
+upstream satosa-saml2 {
+ server satosa-saml2spid:10000;
+}
+
+# configuration of the server
+server {
+ listen 80;
+ server_name proxy.local;
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log error;
+ return 301 https://$host$request_uri;
+}
+
+server {
+ server_name proxy.local;
+ listen 443 ssl;
+
+ ssl_certificate /etc/nginx/certs/proxy_local.pem;
+ ssl_certificate_key /etc/nginx/certs/proxy_local.key;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log error;
+
+ # max upload size
+ client_max_body_size 10m;
+
+ # very long url for delega ticket
+ large_client_header_buffers 4 16k;
+
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+ ssl_session_timeout 10m;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_tickets off; # Requires nginx >= 1.5.9
+ ssl_stapling on; # Requires nginx >= 1.3.7
+ ssl_stapling_verify on; # Requires nginx => 1.3.7
+
+ # Enable HTTP Strict Transport Security with a 2 year duration
+ add_header Strict-Transport-Security "max-age=63072000; ";
+
+ # deny iFrame
+ add_header X-Frame-Options "DENY";
+
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Robots-Tag none;
+
+ location /static {
+ alias /var/www/html;
+ autoindex off;
+ }
+
+ location / {
+ include /etc/nginx/uwsgi_params;
+
+ uwsgi_pass satosa-saml2;
+ uwsgi_param Host $host;
+ uwsgi_param X-Real-IP $remote_addr;
+ uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
+ uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
+ uwsgi_param HTTP_X_FORWARDED_PROTOCOL https;
+
+ uwsgi_connect_timeout 75s;
+ uwsgi_read_timeout 40;
+ uwsgi_buffer_size 128k;
+ uwsgi_buffers 4 256k;
+ uwsgi_busy_buffers_size 256k;
+ uwsgi_param SERVER_ADDR $server_addr;
+
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ error_page 404 /404.html;
+ location = /404.html {
+ root /usr/share/nginx/html;
+ }
+
+ error_page 403 /403.html;
+ location = /403.html {
+ root /usr/share/nginx/html;
+ }
+
+}
+}
diff --git a/compose-Satosa-Saml2Spid/rm-persistent-volumes.sh b/compose-Satosa-Saml2Spid/rm-persistent-volumes.sh
new file mode 100755
index 00000000..cf6809af
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/rm-persistent-volumes.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+function delete-volume {
+ if [ ! "$(docker volume ls -q -f name=$1)" ]
+ then
+ echo -e "Il volume $1 non esiste, quindi non faccio nulla! \n"
+ else
+ read -p "Il volume $1 esiste. Lo cancello?(y/n):" ELIMINA_VOLUME
+ ELIMINA_VOLUME=${ELIMINA_VOLUME:-"n"}
+ export ELIMINA_VOLUME
+ if [ $ELIMINA_VOLUME = "y" ]
+ then
+ docker volume rm $1
+ echo -e "Eliminato $1 !!! \n"
+ else
+ echo -e "Non ho eliminato $1 !!! \n"
+ fi
+ fi
+}
+
+echo -e "\n"
+
+echo -e "Inizio le procedure per fare il down della composizione e poi CANCELLARE i volumi persistenti! \n"
+
+echo -e "Fermo la composizione! \n"
+docker-compose -f docker-compose.yml down -v;
+
+echo -e "\n"
+
+read -p "Volete veramente procedere con la cancellazione dei volumi persistenti? Tutti i dati andranno persi! Procedo ? (y/n) :" ELIMINA_DATI_PERSISTENTI
+ELIMINA_DATI_PERSISTENTI=${ELIMINA_DATI_PERSISTENTI:-"n"}
+export ELIMINA_DATI_PERSISTENTI
+if [ $ELIMINA_DATI_PERSISTENTI != "y" ]
+then
+ echo -e "\n"
+ echo -e "Non elimino nulla ed esco!!! \n"
+ exit 0
+else
+
+echo -e "Procedo ... \n"
+
+echo -e "\n"
+
+delete-volume satosa-saml2spid_metadata
+delete-volume satosa-saml2spid_certs
+delete-volume satosa-saml2spid_static
+delete-volume satosa-saml2spid_nginx_certs
+delete-volume satosa-saml2spid_mongodata
+
+fi
+
+exit 0
diff --git a/compose-Satosa-Saml2Spid/run-docker-compose.sh b/compose-Satosa-Saml2Spid/run-docker-compose.sh
new file mode 100755
index 00000000..5e9227ff
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/run-docker-compose.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+function create-volume {
+ if [ ! "$(docker volume ls -q -f name=$1)" ]
+ then
+ echo -e "Il volume $1 non esiste, lo creo! \n"
+ docker volume create --name=$1
+ echo -e "\n"
+ if [[ ! -z "$2" ]]
+ then
+ echo -e "Ho creato il volume e ci copio i dati da $2 \n"
+ sudo cp -R $2* `docker volume inspect $1 | jq .[0].Mountpoint | sed 's/"//g'`
+ fi
+ else
+ echo -e "Il volume $1 esiste, non faccio nulla! \n"
+ fi
+}
+
+create-volume satosa-saml2spid_metadata ../example/metadata/
+create-volume satosa-saml2spid_certs ../example/pki/
+create-volume satosa-saml2spid_static ../example/static/
+create-volume satosa-saml2spid_nginx_certs nginx/certs/
+create-volume satosa-saml2spid_mongodata
+
+echo -e "\n"
+
+echo -e "Provo a scaricare le nuove versioni. \n"
+
+docker-compose -f docker-compose.yml pull
+
+echo -e "\n"
+
+echo -e "Provo a fare il down della composizione. \n"
+
+docker-compose -f docker-compose.yml down -v
+
+echo -e "\n"
+
+echo -e "Tiro su la composizione, in caso, con le nuove versioni delle immagini. \n"
+
+docker-compose -f docker-compose.yml up -d
+
+echo -e "\n"
+
+echo -e "Ho Completato! \n"
+echo -e "Se volete vedere il log live potete lanciare il comando: 'docker-compose -f docker-compose.yml logs -f' \n"
+
+exit 0
diff --git a/compose-Satosa-Saml2Spid/stop-docker-compose.sh b/compose-Satosa-Saml2Spid/stop-docker-compose.sh
new file mode 100755
index 00000000..97d05ea8
--- /dev/null
+++ b/compose-Satosa-Saml2Spid/stop-docker-compose.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+echo -e "\n"
+
+echo -e "Eseguo il down della composizione. \n"
+
+docker-compose -f docker-compose.yml down -v
+
+exit 0
diff --git a/demo-run.sh b/demo-run.sh
deleted file mode 100644
index e0ffe595..00000000
--- a/demo-run.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-SATOSA_APP=/usr/lib/python3.8/site-packages/satosa
-uwsgi --uid 1000 --https 0.0.0.0:9999,$BASEDIR/pki/cert.pem,$BASEDIR/pki/privkey.pem --check-static-docroot --check-static $BASEDIR/static/ --static-index disco.html &
-P1=$!
-uwsgi --uid 1000 --wsgi-file $SATOSA_APP/wsgi.py --https 0.0.0.0:10000,$BASEDIR/pki/cert.pem,$BASEDIR/pki/privkey.pem --callable app -b 32648
-P2=$!
-wait $P1 $P2
diff --git a/docker-compose.yml b/docker-compose.yml
deleted file mode 100644
index f7908e40..00000000
--- a/docker-compose.yml
+++ /dev/null
@@ -1,124 +0,0 @@
-version: "3"
-
-services:
- # if needed
- #spid-certs:
- #image: psmiraglia/spid-compliant-certificates
- #volumes:
- #- ./project/pki:/tmp/certs:rw
- #entrypoint: |
- #spid-compliant-certificates generator
- #--key-size 3072
- #--common-name "A.C.M.E"
- #--days 365
- #--entity-id https://spid.acme.it
- #--locality-name Roma
- #--org-id "PA:IT-c_h501"
- #--org-name "A Company Making Everything"
- #--sector public
- #--key-out /tmp/certs/privkey.pem
- #--crt-out /tmp/certs/cert.pem
-
- satosa-mongo:
- image: mongo
- restart: always
- environment:
- MONGO_INITDB_ROOT_USERNAME: satosa
- MONGO_INITDB_ROOT_PASSWORD: thatpassword
- ports:
- - 27017:27017
- volumes:
- - mongodbdata:/data/db
- networks:
- - satosa
-
- satosa-mongo-express:
- image: mongo-express
- restart: always
- ports:
- - 8082:8081
- environment:
- ME_CONFIG_BASICAUTH_USERNAME: satosa
- ME_CONFIG_BASICAUTH_PASSWORD: thatpassword
- ME_CONFIG_MONGODB_ADMINUSERNAME: satosa
- ME_CONFIG_MONGODB_ADMINPASSWORD: thatpassword
- ME_CONFIG_MONGODB_URL: mongodb://satosa:thatpassword@satosa-mongo:27017/
- networks:
- - satosa
-
- # remove if use a nginx frontend
- satosa-statics:
- build:
- context: .
- dockerfile: ./docker/satosa-statics/Dockerfile
- expose:
- - 9999
- ports:
- - "9999:9999"
- volumes:
- - satosa-saml2saml_certs:/satosa_pki
- - satosa-saml2saml_statics:/satosa_statics
- networks:
- - satosa
-
- satosa-saml2spid:
- build:
- context: .
- dockerfile: ./docker/satosa-saml2spid/Dockerfile
- depends_on:
- - satosa-mongo
- environment:
- - THAT=thing
- expose:
- - 10000
- ports:
- - "10000:10000"
- networks:
- - satosa
- volumes:
- - satosa-saml2saml_certs:/satosa_pki
- - satosa-saml2saml_conf:/satosa_proxy
- - satosa-saml2saml_logs:/satosa_logs
-
- # TODO
- #satosa-nginx:
- #image: nginx:1.19-alpine
- #ports:
- #- "80:80"
- #- "443:443"
- #volumes:
- #- ./docker/gateway/satosa.conf:/etc/nginx/conf.d/default.conf
- #- satosa-saml2saml_statics:/satosa/static
- #- ./docker/gateway/example.key:/etc/nginx/certs/certificate.key
- #- ./docker/gateway/example.crt:/etc/nginx/certs/certificate.crt
- #depends_on:
- #- satosa-front
- #- satosa-back
- #networks:
- #- satosa
-
- # uncomment if needed
- spid-saml-check:
- image: italia/spid-saml-check:v.1.8.1
- ports:
- - "8080:8080"
- networks:
- - satosa
- #volumes:
- #- "./docker/spid-saml-check-config/idp.json:/spid-saml-check/spid-validator/config/idp.json:ro"
- #- "./docker/spid-saml-check-config/idp_demo.json:/spid-saml-check/spid-validator/config/idp_demo.json:ro"
- #- "./docker/spid-saml-check-config/server.json:/spid-saml-check/spid-validator/config/server.json:ro"
-
-volumes:
- mongodbdata:
- satosa-saml2saml_certs:
- external: true
- satosa-saml2saml_statics:
- external: true
- satosa-saml2saml_conf:
- external: true
- satosa-saml2saml_logs:
- external: true
-
-networks:
- satosa:
diff --git a/docker/satosa-saml2spid/Dockerfile b/docker/satosa-saml2spid/Dockerfile
deleted file mode 100644
index 9df1f20d..00000000
--- a/docker/satosa-saml2spid/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-FROM debian:buster-slim
-MAINTAINER Giuseppe De Marco
-
-# for alpine 13
-#RUN apk update
-#RUN apk add xmlsec libffi-dev libressl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash cargo musl-dev
-
-RUN apt update
-RUN apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev git bash
-
-ENV BASEDIR="/satosa_proxy"
-COPY ./requirements.txt .
-RUN pip3 install --upgrade pip
-RUN pip3 install -r requirements.txt --ignore-installed
-
-WORKDIR $BASEDIR/
-# COPY ./project $BASEDIR
-RUN ls .
-ENTRYPOINT uwsgi --wsgi satosa.wsgi --https 0.0.0.0:10000,/satosa_pki/cert.pem,/satosa_pki/privkey.pem --callable app -b 32648
diff --git a/docker/satosa-statics/Dockerfile b/docker/satosa-statics/Dockerfile
deleted file mode 100644
index ae0cfcfa..00000000
--- a/docker/satosa-statics/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM debian:buster-slim
-MAINTAINER Giuseppe De Marco
-
-RUN apt update
-RUN apt install -y libffi-dev libssl-dev python3-pip libpcre3 libpcre3-dev
-
-RUN pip3 install uwsgi
-ENV BASEDIR=/satosa_statics/
-WORKDIR $BASEDIR
-ENTRYPOINT uwsgi --uid 1000 --https 0.0.0.0:9999,/satosa_pki/cert.pem,/satosa_pki/privkey.pem --check-static-docroot --check-static $BASEDIR --static-index disco.html
diff --git a/example/backends/ciesaml2.py b/example/backends/ciesaml2.py
new file mode 100644
index 00000000..f3558d16
--- /dev/null
+++ b/example/backends/ciesaml2.py
@@ -0,0 +1,516 @@
+import json
+import logging
+import re
+import saml2
+import satosa.util as util
+
+from jinja2 import Environment, FileSystemLoader, select_autoescape
+from saml2.response import StatusAuthnFailed
+from saml2.authn_context import requested_authn_context
+from saml2.metadata import entity_descriptor, sign_entity_descriptor
+from saml2.saml import NAMEID_FORMAT_TRANSIENT
+from saml2.sigver import security_context, SignatureError
+from saml2.validate import valid_instance
+from satosa.backends.saml2 import SAMLBackend
+from satosa.context import Context
+from satosa.exception import SATOSAAuthenticationError
+from satosa.response import Response
+from satosa.saml_util import make_saml_response
+from six import text_type
+
+from .spidsaml2_validator import Saml2ResponseValidator
+
+logger = logging.getLogger(__name__)
+
+
+#
+# Messaggi di Errore SPID
+#
+# Ref: https://docs.italia.it/italia/spid/spid-regole-tecniche/it/stabile/messaggi-errore.html
+#
+SPID_ANOMALIES = {
+ 19: {
+ "message": "Autenticazione fallita per ripetuta sottomissione di credenziali errate",
+ "troubleshoot": "Inserire credenziali corrette",
+ },
+ 20: {
+ "message": (
+ "Utente privo di credenziali compatibili con "
+ "il livello di autenticazione richiesto"
+ ),
+ "troubleshoot": "Acquisire credenziali di livello idoneo all'accesso al servizio",
+ },
+ 21: {
+ "message": "Timeout durante l'autenticazione utente",
+ "troubleshoot": (
+ "Si ricorda che l'operazione di autenticazione deve "
+ "essere completata entro un determinato periodo di tempo"
+ ),
+ },
+ 22: {
+ "message": "L'utente nega il consenso all'invio di dati al fornitore del servizio",
+ "troubleshoot": "È necessario dare il consenso per poter accedere al servizio",
+ },
+ 23: {"message": "Utente con identità sospesa/revocata o con credenziali bloccate"},
+ 25: {"message": "Processo di autenticazione annullato dall'utente"},
+ 30: {
+ "message": "L'identità digitale utilizzata non è un'identità digitale del tipo atteso",
+ "troubleshoot": (
+ "È necessario eseguire l'autenticazione con le credenziali "
+ "del corretto tipo di identità digitale richiesto"
+ ),
+ },
+}
+
+_TROUBLESHOOT_MSG = (
+ "È stato riscontrato un problema di validazione "
+ "della risposta proveniente dal "
+ "Provider di Identità. "
+ " Contattare il supporto tecnico per eventuali chiarimenti"
+)
+
+
+class CieSAMLBackend(SAMLBackend):
+ """
+ A saml2 backend module (acting as a CIE SP).
+ """
+
+ _authn_context = "https://www.spid.gov.it/SpidL1"
+
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+
+ # error pages handler
+ self.template_loader = Environment(
+ loader=FileSystemLoader(searchpath=self.config["template_folder"]),
+ autoescape=select_autoescape(["html"]),
+ )
+ _static_url = (
+ self.config["static_storage_url"]
+ if self.config["static_storage_url"][-1] == "/"
+ else self.config["static_storage_url"] + "/"
+ )
+ self.template_loader.globals.update(
+ {
+ "static": _static_url,
+ }
+ )
+ self.error_page = self.template_loader.get_template(
+ self.config["error_template"]
+ )
+
+ def _metadata_contact_person(self, metadata, conf):
+ ##############
+ # avviso 29 v3
+ #
+ # https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf
+ # Avviso 29v3
+ SPID_PREFIXES = dict(
+ cie="https://www.cartaidentita.interno.gov.it/saml-extensions",
+ spid="https://spid.gov.it/saml-extensions",
+ fpa="https://spid.gov.it/invoicing-extensions",
+ )
+ saml2.md.SamlBase.register_prefix(SPID_PREFIXES)
+ metadata.contact_person = []
+ contact_map = conf.contact_person
+
+ for contact in contact_map:
+ cie_contact = saml2.md.ContactPerson()
+ cie_contact.contact_type = contact["contact_type"]
+
+ cie_contact.loadd({
+ "email_address": contact["email_address"],
+ "telephone_number": contact["telephone_number"],
+ "company": contact['company']
+ })
+
+
+ #contact_kwargs = contact["std_info"]
+ spid_extensions = saml2.ExtensionElement(
+ "Extensions", namespace="urn:oasis:names:tc:SAML:2.0:metadata"
+ )
+ #breakpoint()
+
+ # cie_contact.loadd(contact_kwargs)
+ for k, v in contact['cie_info'].items():
+ ext = saml2.ExtensionElement(
+ k, namespace=SPID_PREFIXES["cie"], text=v
+ )
+ spid_extensions.children.append(ext)
+
+ cie_contact.extensions = spid_extensions
+ metadata.contact_person.append(cie_contact)
+ #
+ # fine avviso 29v3
+ ###################
+
+ def _metadata_endpoint(self, context):
+ """
+ Endpoint for retrieving the backend metadata
+ :type context: satosa.context.Context
+ :rtype: satosa.response.Response
+
+ :param context: The current context
+ :return: response with metadata
+ """
+ logger.debug("Sending metadata response")
+ conf = self.sp.config
+
+ metadata = entity_descriptor(conf)
+
+ # configurare gli attribute_consuming_service
+ metadata.spsso_descriptor.attribute_consuming_service[0].index = '0'
+ metadata.spsso_descriptor.attribute_consuming_service[0].service_name[0].lang = "it"
+ metadata.spsso_descriptor.attribute_consuming_service[0].service_name[0].text = metadata.entity_id
+ for reqattr in metadata.spsso_descriptor.attribute_consuming_service[0].requested_attribute:
+ reqattr.name_format = None
+ reqattr.friendly_name = None
+
+ metadata.spsso_descriptor.assertion_consumer_service[0].index = '0'
+ metadata.spsso_descriptor.assertion_consumer_service[0].is_default = 'true'
+
+ # load ContactPerson Extensions
+ self._metadata_contact_person(metadata, conf)
+
+ # metadata signature
+ secc = security_context(conf)
+ #
+ sign_dig_algs = self.get_kwargs_sign_dig_algs()
+ eid, xmldoc = sign_entity_descriptor(
+ metadata, None, secc, **sign_dig_algs)
+
+ valid_instance(eid)
+ return Response(
+ text_type(xmldoc).encode("utf-8"), content="text/xml; charset=utf8"
+ )
+
+ def get_kwargs_sign_dig_algs(self):
+ kwargs = {}
+ # backend support for selectable sign/digest algs
+ alg_dict = dict(signing_algorithm="sign_alg",
+ digest_algorithm="digest_alg")
+ for alg in alg_dict:
+ selected_alg = self.config["sp_config"]["service"]["sp"].get(alg)
+ if not selected_alg:
+ continue
+ kwargs[alg_dict[alg]] = selected_alg
+ return kwargs
+
+ def check_blacklist(self, context, entity_id):
+ # If IDP blacklisting is enabled and the selected IDP is blacklisted,
+ # stop here
+ if self.idp_blacklist_file:
+ with open(self.idp_blacklist_file) as blacklist_file:
+ blacklist_array = json.load(blacklist_file)["blacklist"]
+ if entity_id in blacklist_array:
+ logger.debug(
+ "IdP with EntityID {} is blacklisted".format(entity_id)
+ )
+ raise SATOSAAuthenticationError(
+ context.state, "Selected IdP is blacklisted for this backend"
+ )
+
+ def authn_request(self, context, entity_id):
+ """
+ Do an authorization request on idp with given entity id.
+ This is the start of the authorization.
+
+ :type context: satosa.context.Context
+ :type entity_id: str
+ :rtype: satosa.response.Response
+
+ :param context: The current context
+ :param entity_id: Target IDP entity id
+ :return: response to the user agent
+ """
+ self.check_blacklist(context, entity_id)
+
+ kwargs = {}
+ # fetch additional kwargs
+ kwargs.update(self.get_kwargs_sign_dig_algs())
+
+ authn_context = self.construct_requested_authn_context(entity_id)
+ req_authn_context = authn_context or requested_authn_context(
+ class_ref=self._authn_context
+ )
+ req_authn_context.comparison = self.config.get("spid_acr_comparison", "minimum")
+
+ # force_auth = true only if SpidL >= 2
+ if "SpidL1" in authn_context.authn_context_class_ref[0].text:
+ force_authn = "false"
+ else:
+ force_authn = "true"
+
+ try:
+ binding = saml2.BINDING_HTTP_POST
+ destination = context.internal_data.get("target_entity_id", entity_id)
+ # SPID CUSTOMIZATION
+ # client = saml2.client.Saml2Client(conf)
+ client = self.sp
+
+ logger.debug(f"binding: {binding}, destination: {destination}")
+
+ # acs_endp, response_binding = self.sp.config.getattr("endpoints", "sp")["assertion_consumer_service"][0]
+ # req_id, req = self.sp.create_authn_request(
+ # destination, binding=response_binding, **kwargs)
+
+ logger.debug(f"Redirecting user to the IdP via {binding} binding.")
+ # use the html provided by pysaml2 if no template was specified or it didn't exist
+
+ # SPID want the fqdn of the IDP as entityID, not the SSO endpoint
+ # 'http://idpspid.testunical.it:8088'
+ # dovrebbe essere destination ma nel caso di spid-testenv2 è entityid...
+ # binding, destination = self.sp.pick_binding("single_sign_on_service", None, "idpsso", entity_id=entity_id)
+ location = client.sso_location(destination, binding)
+ # location = client.sso_location(entity_id, binding)
+
+ # not used anymore thanks to avviso 11
+ # location_fixed = destination # entity_id
+ # ...hope to see the SSO endpoint soon in spid-testenv2
+ # returns 'http://idpspid.testunical.it:8088/sso'
+ # fixed: https://github.com/italia/spid-testenv2/commit/6041b986ec87ab8515dd0d43fed3619ab4eebbe9
+
+ # verificare qui
+ # acs_endp, response_binding = self.sp.config.getattr("endpoints", "sp")["assertion_consumer_service"][0]
+
+ authn_req = saml2.samlp.AuthnRequest()
+ authn_req.force_authn = force_authn
+ authn_req.destination = location
+ # spid-testenv2 preleva l'attribute consumer service dalla authnRequest
+ # (anche se questo sta già nei metadati...)
+ authn_req.attribute_consuming_service_index = "0"
+
+ issuer = saml2.saml.Issuer()
+ issuer.name_qualifier = client.config.entityid
+ issuer.text = client.config.entityid
+ issuer.format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
+ authn_req.issuer = issuer
+
+ # message id
+ authn_req.id = saml2.s_utils.sid()
+ authn_req.version = saml2.VERSION # "2.0"
+ authn_req.issue_instant = saml2.time_util.instant()
+
+ name_id_policy = saml2.samlp.NameIDPolicy()
+ # del(name_id_policy.allow_create)
+ name_id_policy.format = NAMEID_FORMAT_TRANSIENT
+ authn_req.name_id_policy = name_id_policy
+
+ # TODO: use a parameter instead
+ authn_req.requested_authn_context = req_authn_context
+ authn_req.protocol_binding = binding
+
+ assertion_consumer_service_url = client.config._sp_endpoints[
+ "assertion_consumer_service"
+ ][0][0]
+ authn_req.assertion_consumer_service_url = (
+ assertion_consumer_service_url # 'http://sp-fqdn/saml2/acs/'
+ )
+
+ authn_req_signed = client.sign(
+ authn_req,
+ sign_prepare=False,
+ sign_alg=kwargs["sign_alg"],
+ digest_alg=kwargs["digest_alg"],
+ )
+ authn_req.id
+
+ _req_str = authn_req_signed
+ logger.debug(f"AuthRequest to {destination}: {_req_str}")
+
+ relay_state = util.rndstr()
+ ht_args = client.apply_binding(
+ binding,
+ _req_str,
+ location,
+ sign=True,
+ sigalg=kwargs["sign_alg"],
+ relay_state=relay_state,
+ )
+
+ if self.sp.config.getattr("allow_unsolicited", "sp") is False:
+ if authn_req.id in self.outstanding_queries:
+ errmsg = "Request with duplicate id {}".format(
+ authn_req.id)
+ logger.debug(errmsg)
+ raise SATOSAAuthenticationError(context.state, errmsg)
+ self.outstanding_queries[authn_req.id] = authn_req_signed
+
+ context.state[self.name] = {"relay_state": relay_state}
+ # these will give the way to check compliances between the req and resp
+ context.state["req_args"] = {"id": authn_req.id}
+
+ logger.info(f"SAMLRequest: {ht_args}")
+ return make_saml_response(binding, ht_args)
+
+ except Exception as exc:
+ logger.debug("Failed to construct the AuthnRequest for state")
+ raise SATOSAAuthenticationError(
+ context.state, "Failed to construct the AuthnRequest"
+ ) from exc
+
+ def handle_error(
+ self,
+ message: str,
+ troubleshoot: str = "",
+ err="",
+ template_path="templates",
+ error_template="spid_login_error.html",
+ ):
+ """
+ Todo: Jinja2 tempalte loader and rendering :)
+ """
+ logger.error(f"Failed to parse authn request: {message} {err}")
+ result = self.error_page.render(
+ {"message": message, "troubleshoot": troubleshoot}
+ )
+ # the raw way :)
+ # msg = (
+ # f'{message} '
+ # f'{troubleshoot}'
+ # )
+ # result = text_type(msg).encode('utf-8')
+ return Response(result, content="text/html; charset=utf8", status="403")
+
+ def handle_spid_anomaly(self, err_number, err):
+ return self.handle_error(**SPID_ANOMALIES[int(err_number)])
+
+ def authn_response(self, context, binding):
+ """
+ Endpoint for the idp response
+ :type context: satosa.context,Context
+ :type binding: str
+ :rtype: satosa.response.Response
+
+ :param context: The current context
+ :param binding: The saml binding type
+ :return: response
+ """
+ if not context.request["SAMLResponse"]:
+ logger.debug("Missing Response for state")
+ raise SATOSAAuthenticationError(context.state, "Missing Response")
+
+ try:
+ authn_response = self.sp.parse_authn_request_response(
+ context.request["SAMLResponse"],
+ binding,
+ outstanding=self.outstanding_queries,
+ )
+ except StatusAuthnFailed as err:
+ erdict = re.search(r"ErrorCode nr(?P\d+)", str(err))
+ if erdict:
+ return self.handle_spid_anomaly(erdict.groupdict()["err_code"], err)
+ else:
+ return self.handle_error(
+ **{
+ "err": err,
+ "message": "Autenticazione fallita",
+ "troubleshoot": (
+ "Anomalia riscontrata durante la fase di Autenticazione. "
+ f"{_TROUBLESHOOT_MSG}"
+ ),
+ }
+ )
+ except SignatureError as err:
+ return self.handle_error(
+ **{
+ "err": err,
+ "message": "Autenticazione fallita",
+ "troubleshoot": (
+ "La firma digitale della risposta ottenuta "
+ f"non risulta essere corretta. {_TROUBLESHOOT_MSG}"
+ ),
+ }
+ )
+ except Exception as err:
+ return self.handle_error(
+ **{
+ "err": err,
+ "message": "Anomalia riscontrata nel processo di Autenticazione",
+ "troubleshoot": _TROUBLESHOOT_MSG,
+ }
+ )
+
+ if self.sp.config.getattr("allow_unsolicited", "sp") is False:
+ req_id = authn_response.in_response_to
+ if req_id not in self.outstanding_queries:
+ errmsg = ("No request with id: {}".format(req_id),)
+ logger.debug(errmsg)
+ return self.handle_error(
+ **{"message": errmsg, "troubleshoot": _TROUBLESHOOT_MSG}
+ )
+ del self.outstanding_queries[req_id]
+
+ # Context validation
+ if not context.state.get(self.name):
+ _msg = f"context.state[self.name] KeyError: where self.name is {self.name}"
+ logger.error(_msg)
+ return self.handle_error(
+ **{"message": _msg, "troubleshoot": _TROUBLESHOOT_MSG}
+ )
+ # check if the relay_state matches the cookie state
+ if context.state[self.name]["relay_state"] != context.request["RelayState"]:
+ _msg = "State did not match relay state for state"
+ return self.handle_error(
+ **{"message": _msg, "troubleshoot": _TROUBLESHOOT_MSG}
+ )
+
+ # Spid and SAML2 additional tests
+ _sp_config = self.config["sp_config"]
+ accepted_time_diff = _sp_config["accepted_time_diff"]
+ recipient = _sp_config["service"]["sp"]["endpoints"][
+ "assertion_consumer_service"
+ ][0][0]
+ authn_context_classref = self.config["acr_mapping"][""]
+
+ issuer = authn_response.response.issuer
+
+ # this will get the entity name in state
+ if len(context.state.keys()) < 2:
+ _msg = "Inconsistent context.state"
+ return self.handle_error(
+ **{"message": _msg, "troubleshoot": _TROUBLESHOOT_MSG}
+ )
+
+ list(context.state.keys())[1]
+ # deprecated
+ # if not context.state.get('Saml2IDP'):
+ # _msg = "context.state['Saml2IDP'] KeyError"
+ # logger.error(_msg)
+ # raise SATOSAStateError(context.state, "State without Saml2IDP")
+ in_response_to = context.state["req_args"]["id"]
+
+ # some debug
+ if authn_response.ava:
+ logging.debug(
+ f"Attributes to {authn_response.return_addrs} "
+ f"in_response_to {authn_response.in_response_to}: "
+ f'{",".join(authn_response.ava.keys())}'
+ )
+
+ validator = Saml2ResponseValidator(
+ authn_response=authn_response.xmlstr,
+ recipient=recipient,
+ in_response_to=in_response_to,
+ accepted_time_diff=accepted_time_diff,
+ authn_context_class_ref=authn_context_classref,
+ return_addrs=authn_response.return_addrs,
+ allowed_acrs=self.config["spid_allowed_acrs"],
+ )
+ try:
+ validator.run()
+ except Exception as e:
+ logger.error(e)
+ return self.handle_error(e)
+
+ context.decorate(Context.KEY_BACKEND_METADATA_STORE, self.sp.metadata)
+ if self.config.get(SAMLBackend.KEY_MEMORIZE_IDP):
+ issuer = authn_response.response.issuer.text.strip()
+ context.state[Context.KEY_MEMORIZED_IDP] = issuer
+ context.state.pop(self.name, None)
+ context.state.pop(Context.KEY_FORCE_AUTHN, None)
+
+ logger.info(f"SAMLResponse{authn_response.xmlstr}")
+ return self.auth_callback_func(
+ context, self._translate_response(authn_response, context.state)
+ )
diff --git a/example/metadata/idp/cie-production.xml b/example/metadata/idp/cie-production.xml
new file mode 100644
index 00000000..82de355f
--- /dev/null
+++ b/example/metadata/idp/cie-production.xml
@@ -0,0 +1,168 @@
+
+
+
+
+
+
+
+ gov.it
+
+
+
+
+
+
+
+MIIDdTCCAl2gAwIBAgIUU79XEfveueyClDtLkqUlSPZ2o8owDQYJKoZIhvcNAQEL
+BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+dDAeFw0xODEwMTkwODM1MDVaFw0zODEwMTkwODM1MDVaMC0xKzApBgNVBAMMImlk
+c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDHraj3iOTCIILTlOzicSEuFt03kKvQDqGWRd5o7s1W
+7SP2EtcTmg3xron/sbrLEL/eMUQV/Biz6J4pEGoFpMZQHGxOVypmO7Nc8pkFot7y
+UTApr6Ikuy4cUtbx0g5fkQLNb3upIg0Vg1jSnRXEvUCygr/9EeKCUOi/2ptmOVSL
+ad+dT7TiRsZTwY3FvRWcleDfyYwcIMgz5dLSNLMZqwzQZK1DzvWeD6aGtBKCYPRf
+tacHoESD+6bhukHZ6w95foRMJLOaBpkp+XfugFQioYvrM0AB1YQZ5DCQRhhc8jej
+wdY+bOB3eZ1lJY7Oannfu6XPW2fcknelyPt7PGf22rNfAgMBAAGjgYwwgYkwHQYD
+VR0OBBYEFK3Ah+Do3/zB9XjZ66i4biDpUEbAMGgGA1UdEQRhMF+CImlkc2VydmVy
+LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+AQsFAAOCAQEAVtpn/s+lYVf42pAtdgJnGTaSIy8KxHeZobKNYNFEY/XTaZEt9QeV
+5efUMBVVhxKTTHN0046DR96WFYXs4PJ9Fpyq6Hmy3k/oUdmHJ1c2bwWF/nZ82CwO
+O081Yg0GBcfPEmKLUGOBK8T55ncW+RSZadvWTyhTtQhLUtLKcWyzKB5aS3kEE5LS
+zR8sw3owln9P41Mz+QtL3WeNESRHW0qoQkFotYXXW6Rvh69+GyzJLxvq2qd7D1qo
+JgOMrarshBKKPk+ABaLYoEf/cru4e0RDIp2mD0jkGOGDkn9XUl+3ddALq/osTki6
+CEawkhiZEo6ABEAjEWNkH9W3/ZzvJnWo6Q==
+
+
+
+
+
+
+
+
+
+MIIDdTCCAl2gAwIBAgIUegfFpjtEsLaV0IL3qBEa0u81rGkwDQYJKoZIhvcNAQEL
+BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+dDAeFw0xODEwMTkwODM1MDZaFw0zODEwMTkwODM1MDZaMC0xKzApBgNVBAMMImlk
+c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCe9W63GohPUaNbsoluWsVWfmtIyAIufqpmzYS4TiBv
+E6l9LlDITsmShVBpiLPU4IDdvoPPBlDqgotofCnSjQxRhGky7tiy+pBObo13lN6d
+03GgXNPZqZ+vKJinf8AmNe2UZ1ZbuvUtgS6+vx6P52/KNKx6YuDNmR3lLDhKZVDb
+2wwR5qfsdnJIAORbJVWd8kI6GGhmrsmha7zARd0W+ueDtd/WLuAg3G7QWRocHPlP
+TN/dPUbKS4O0cnJx0M5UERQ12PIdy641ps6P1v2OatpfSmZp/IlDLKJj9O9V49LM
+nxF3VBJkTep2UQsQUc3rlelN2rYAlhURQQzRwpWO5WJvAgMBAAGjgYwwgYkwHQYD
+VR0OBBYEFAQDr+o8YMapC4lje9upfeiwmFdtMGgGA1UdEQRhMF+CImlkc2VydmVy
+LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+AQsFAAOCAQEAb7gRYzTPEMQjQKiwI4/NdhzzaoKQjp2tu3UPZwsUHruyCbI+B/0k
+C2SaSBaAKGT66yN9bPY2Vj4FuxtYmLSZZnatydF19hSu+lExCySKt16GBJ+D5HN7
+OmVizRvJNE4+RF0bajpeXnMottLrcL5Ry/BivpxdnIQ9th2sMc7ev0IZtIGYCxGg
+c5SAJCz4zuCcNiPANHDPdoxYEQ9EV9PNAUx8q9tjAhoRRiT2ovqT+Dowqax0AVOP
+hRY5rA8WMccWAedO8iSSO8DTWomtoOKS9vjWrQxnsHaT8GXohC2OYgSdKsBchvjS
+i1RIVkrqHoSHIK2XQapkl8YmD75JjrGNNA==
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ gov.it
+
+
+
+
+
+
+
+MIIDdTCCAl2gAwIBAgIUU79XEfveueyClDtLkqUlSPZ2o8owDQYJKoZIhvcNAQEL
+BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+dDAeFw0xODEwMTkwODM1MDVaFw0zODEwMTkwODM1MDVaMC0xKzApBgNVBAMMImlk
+c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDHraj3iOTCIILTlOzicSEuFt03kKvQDqGWRd5o7s1W
+7SP2EtcTmg3xron/sbrLEL/eMUQV/Biz6J4pEGoFpMZQHGxOVypmO7Nc8pkFot7y
+UTApr6Ikuy4cUtbx0g5fkQLNb3upIg0Vg1jSnRXEvUCygr/9EeKCUOi/2ptmOVSL
+ad+dT7TiRsZTwY3FvRWcleDfyYwcIMgz5dLSNLMZqwzQZK1DzvWeD6aGtBKCYPRf
+tacHoESD+6bhukHZ6w95foRMJLOaBpkp+XfugFQioYvrM0AB1YQZ5DCQRhhc8jej
+wdY+bOB3eZ1lJY7Oannfu6XPW2fcknelyPt7PGf22rNfAgMBAAGjgYwwgYkwHQYD
+VR0OBBYEFK3Ah+Do3/zB9XjZ66i4biDpUEbAMGgGA1UdEQRhMF+CImlkc2VydmVy
+LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+AQsFAAOCAQEAVtpn/s+lYVf42pAtdgJnGTaSIy8KxHeZobKNYNFEY/XTaZEt9QeV
+5efUMBVVhxKTTHN0046DR96WFYXs4PJ9Fpyq6Hmy3k/oUdmHJ1c2bwWF/nZ82CwO
+O081Yg0GBcfPEmKLUGOBK8T55ncW+RSZadvWTyhTtQhLUtLKcWyzKB5aS3kEE5LS
+zR8sw3owln9P41Mz+QtL3WeNESRHW0qoQkFotYXXW6Rvh69+GyzJLxvq2qd7D1qo
+JgOMrarshBKKPk+ABaLYoEf/cru4e0RDIp2mD0jkGOGDkn9XUl+3ddALq/osTki6
+CEawkhiZEo6ABEAjEWNkH9W3/ZzvJnWo6Q==
+
+
+
+
+
+
+
+
+
+MIIDdTCCAl2gAwIBAgIUegfFpjtEsLaV0IL3qBEa0u81rGkwDQYJKoZIhvcNAQEL
+BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+dDAeFw0xODEwMTkwODM1MDZaFw0zODEwMTkwODM1MDZaMC0xKzApBgNVBAMMImlk
+c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCe9W63GohPUaNbsoluWsVWfmtIyAIufqpmzYS4TiBv
+E6l9LlDITsmShVBpiLPU4IDdvoPPBlDqgotofCnSjQxRhGky7tiy+pBObo13lN6d
+03GgXNPZqZ+vKJinf8AmNe2UZ1ZbuvUtgS6+vx6P52/KNKx6YuDNmR3lLDhKZVDb
+2wwR5qfsdnJIAORbJVWd8kI6GGhmrsmha7zARd0W+ueDtd/WLuAg3G7QWRocHPlP
+TN/dPUbKS4O0cnJx0M5UERQ12PIdy641ps6P1v2OatpfSmZp/IlDLKJj9O9V49LM
+nxF3VBJkTep2UQsQUc3rlelN2rYAlhURQQzRwpWO5WJvAgMBAAGjgYwwgYkwHQYD
+VR0OBBYEFAQDr+o8YMapC4lje9upfeiwmFdtMGgGA1UdEQRhMF+CImlkc2VydmVy
+LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+AQsFAAOCAQEAb7gRYzTPEMQjQKiwI4/NdhzzaoKQjp2tu3UPZwsUHruyCbI+B/0k
+C2SaSBaAKGT66yN9bPY2Vj4FuxtYmLSZZnatydF19hSu+lExCySKt16GBJ+D5HN7
+OmVizRvJNE4+RF0bajpeXnMottLrcL5Ry/BivpxdnIQ9th2sMc7ev0IZtIGYCxGg
+c5SAJCz4zuCcNiPANHDPdoxYEQ9EV9PNAUx8q9tjAhoRRiT2ovqT+Dowqax0AVOP
+hRY5rA8WMccWAedO8iSSO8DTWomtoOKS9vjWrQxnsHaT8GXohC2OYgSdKsBchvjS
+i1RIVkrqHoSHIK2XQapkl8YmD75JjrGNNA==
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/example/metadata/idp/cie-test.xml b/example/metadata/idp/cie-test.xml
new file mode 100644
index 00000000..80d601b7
--- /dev/null
+++ b/example/metadata/idp/cie-test.xml
@@ -0,0 +1,170 @@
+
+
+
+
+
+
+
+ gov.it
+
+
+
+
+
+
+
+ MIIDdTCCAl2gAwIBAgIUU79XEfveueyClDtLkqUlSPZ2o8owDQYJKoZIhvcNAQEL
+ BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+ dDAeFw0xODEwMTkwODM1MDVaFw0zODEwMTkwODM1MDVaMC0xKzApBgNVBAMMImlk
+ c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+ AQUAA4IBDwAwggEKAoIBAQDHraj3iOTCIILTlOzicSEuFt03kKvQDqGWRd5o7s1W
+ 7SP2EtcTmg3xron/sbrLEL/eMUQV/Biz6J4pEGoFpMZQHGxOVypmO7Nc8pkFot7y
+ UTApr6Ikuy4cUtbx0g5fkQLNb3upIg0Vg1jSnRXEvUCygr/9EeKCUOi/2ptmOVSL
+ ad+dT7TiRsZTwY3FvRWcleDfyYwcIMgz5dLSNLMZqwzQZK1DzvWeD6aGtBKCYPRf
+ tacHoESD+6bhukHZ6w95foRMJLOaBpkp+XfugFQioYvrM0AB1YQZ5DCQRhhc8jej
+ wdY+bOB3eZ1lJY7Oannfu6XPW2fcknelyPt7PGf22rNfAgMBAAGjgYwwgYkwHQYD
+ VR0OBBYEFK3Ah+Do3/zB9XjZ66i4biDpUEbAMGgGA1UdEQRhMF+CImlkc2VydmVy
+ LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+ dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+ AQsFAAOCAQEAVtpn/s+lYVf42pAtdgJnGTaSIy8KxHeZobKNYNFEY/XTaZEt9QeV
+ 5efUMBVVhxKTTHN0046DR96WFYXs4PJ9Fpyq6Hmy3k/oUdmHJ1c2bwWF/nZ82CwO
+ O081Yg0GBcfPEmKLUGOBK8T55ncW+RSZadvWTyhTtQhLUtLKcWyzKB5aS3kEE5LS
+ zR8sw3owln9P41Mz+QtL3WeNESRHW0qoQkFotYXXW6Rvh69+GyzJLxvq2qd7D1qo
+ JgOMrarshBKKPk+ABaLYoEf/cru4e0RDIp2mD0jkGOGDkn9XUl+3ddALq/osTki6
+ CEawkhiZEo6ABEAjEWNkH9W3/ZzvJnWo6Q==
+
+
+
+
+
+
+
+
+
+ MIIDdTCCAl2gAwIBAgIUegfFpjtEsLaV0IL3qBEa0u81rGkwDQYJKoZIhvcNAQEL
+ BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+ dDAeFw0xODEwMTkwODM1MDZaFw0zODEwMTkwODM1MDZaMC0xKzApBgNVBAMMImlk
+ c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+ AQUAA4IBDwAwggEKAoIBAQCe9W63GohPUaNbsoluWsVWfmtIyAIufqpmzYS4TiBv
+ E6l9LlDITsmShVBpiLPU4IDdvoPPBlDqgotofCnSjQxRhGky7tiy+pBObo13lN6d
+ 03GgXNPZqZ+vKJinf8AmNe2UZ1ZbuvUtgS6+vx6P52/KNKx6YuDNmR3lLDhKZVDb
+ 2wwR5qfsdnJIAORbJVWd8kI6GGhmrsmha7zARd0W+ueDtd/WLuAg3G7QWRocHPlP
+ TN/dPUbKS4O0cnJx0M5UERQ12PIdy641ps6P1v2OatpfSmZp/IlDLKJj9O9V49LM
+ nxF3VBJkTep2UQsQUc3rlelN2rYAlhURQQzRwpWO5WJvAgMBAAGjgYwwgYkwHQYD
+ VR0OBBYEFAQDr+o8YMapC4lje9upfeiwmFdtMGgGA1UdEQRhMF+CImlkc2VydmVy
+ LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+ dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+ AQsFAAOCAQEAb7gRYzTPEMQjQKiwI4/NdhzzaoKQjp2tu3UPZwsUHruyCbI+B/0k
+ C2SaSBaAKGT66yN9bPY2Vj4FuxtYmLSZZnatydF19hSu+lExCySKt16GBJ+D5HN7
+ OmVizRvJNE4+RF0bajpeXnMottLrcL5Ry/BivpxdnIQ9th2sMc7ev0IZtIGYCxGg
+ c5SAJCz4zuCcNiPANHDPdoxYEQ9EV9PNAUx8q9tjAhoRRiT2ovqT+Dowqax0AVOP
+ hRY5rA8WMccWAedO8iSSO8DTWomtoOKS9vjWrQxnsHaT8GXohC2OYgSdKsBchvjS
+ i1RIVkrqHoSHIK2XQapkl8YmD75JjrGNNA==
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ gov.it
+
+
+
+
+
+
+
+ MIIDdTCCAl2gAwIBAgIUU79XEfveueyClDtLkqUlSPZ2o8owDQYJKoZIhvcNAQEL
+ BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+ dDAeFw0xODEwMTkwODM1MDVaFw0zODEwMTkwODM1MDVaMC0xKzApBgNVBAMMImlk
+ c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+ AQUAA4IBDwAwggEKAoIBAQDHraj3iOTCIILTlOzicSEuFt03kKvQDqGWRd5o7s1W
+ 7SP2EtcTmg3xron/sbrLEL/eMUQV/Biz6J4pEGoFpMZQHGxOVypmO7Nc8pkFot7y
+ UTApr6Ikuy4cUtbx0g5fkQLNb3upIg0Vg1jSnRXEvUCygr/9EeKCUOi/2ptmOVSL
+ ad+dT7TiRsZTwY3FvRWcleDfyYwcIMgz5dLSNLMZqwzQZK1DzvWeD6aGtBKCYPRf
+ tacHoESD+6bhukHZ6w95foRMJLOaBpkp+XfugFQioYvrM0AB1YQZ5DCQRhhc8jej
+ wdY+bOB3eZ1lJY7Oannfu6XPW2fcknelyPt7PGf22rNfAgMBAAGjgYwwgYkwHQYD
+ VR0OBBYEFK3Ah+Do3/zB9XjZ66i4biDpUEbAMGgGA1UdEQRhMF+CImlkc2VydmVy
+ LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+ dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+ AQsFAAOCAQEAVtpn/s+lYVf42pAtdgJnGTaSIy8KxHeZobKNYNFEY/XTaZEt9QeV
+ 5efUMBVVhxKTTHN0046DR96WFYXs4PJ9Fpyq6Hmy3k/oUdmHJ1c2bwWF/nZ82CwO
+ O081Yg0GBcfPEmKLUGOBK8T55ncW+RSZadvWTyhTtQhLUtLKcWyzKB5aS3kEE5LS
+ zR8sw3owln9P41Mz+QtL3WeNESRHW0qoQkFotYXXW6Rvh69+GyzJLxvq2qd7D1qo
+ JgOMrarshBKKPk+ABaLYoEf/cru4e0RDIp2mD0jkGOGDkn9XUl+3ddALq/osTki6
+ CEawkhiZEo6ABEAjEWNkH9W3/ZzvJnWo6Q==
+
+
+
+
+
+
+
+
+
+ MIIDdTCCAl2gAwIBAgIUegfFpjtEsLaV0IL3qBEa0u81rGkwDQYJKoZIhvcNAQEL
+ BQAwLTErMCkGA1UEAwwiaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5p
+ dDAeFw0xODEwMTkwODM1MDZaFw0zODEwMTkwODM1MDZaMC0xKzApBgNVBAMMImlk
+ c2VydmVyLnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQwggEiMA0GCSqGSIb3DQEB
+ AQUAA4IBDwAwggEKAoIBAQCe9W63GohPUaNbsoluWsVWfmtIyAIufqpmzYS4TiBv
+ E6l9LlDITsmShVBpiLPU4IDdvoPPBlDqgotofCnSjQxRhGky7tiy+pBObo13lN6d
+ 03GgXNPZqZ+vKJinf8AmNe2UZ1ZbuvUtgS6+vx6P52/KNKx6YuDNmR3lLDhKZVDb
+ 2wwR5qfsdnJIAORbJVWd8kI6GGhmrsmha7zARd0W+ueDtd/WLuAg3G7QWRocHPlP
+ TN/dPUbKS4O0cnJx0M5UERQ12PIdy641ps6P1v2OatpfSmZp/IlDLKJj9O9V49LM
+ nxF3VBJkTep2UQsQUc3rlelN2rYAlhURQQzRwpWO5WJvAgMBAAGjgYwwgYkwHQYD
+ VR0OBBYEFAQDr+o8YMapC4lje9upfeiwmFdtMGgGA1UdEQRhMF+CImlkc2VydmVy
+ LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXSGOWh0dHBzOi8vaWRzZXJ2ZXIuc2Vy
+ dml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0B
+ AQsFAAOCAQEAb7gRYzTPEMQjQKiwI4/NdhzzaoKQjp2tu3UPZwsUHruyCbI+B/0k
+ C2SaSBaAKGT66yN9bPY2Vj4FuxtYmLSZZnatydF19hSu+lExCySKt16GBJ+D5HN7
+ OmVizRvJNE4+RF0bajpeXnMottLrcL5Ry/BivpxdnIQ9th2sMc7ev0IZtIGYCxGg
+ c5SAJCz4zuCcNiPANHDPdoxYEQ9EV9PNAUx8q9tjAhoRRiT2ovqT+Dowqax0AVOP
+ hRY5rA8WMccWAedO8iSSO8DTWomtoOKS9vjWrQxnsHaT8GXohC2OYgSdKsBchvjS
+ i1RIVkrqHoSHIK2XQapkl8YmD75JjrGNNA==
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/example/metadata/idp/spid-entities-idps.xml b/example/metadata/idp/spid-entities-idps.xml
index 7a18c3aa..8ca7ddc6 100644
--- a/example/metadata/idp/spid-entities-idps.xml
+++ b/example/metadata/idp/spid-entities-idps.xml
@@ -1,580 +1,637 @@
-
-
-
-
-
-
-
-
-
-
-
-
- 51XpGIPUTLp04RQNldwbz/mP/hRo5pNRtGbbsin5V2E=
-
-
- Lrk2gefTNfk5vnM8U3AyidG0R7cyKTM8zjPcxqtp0fA2sQVzxca/wIq0wAvNrFYO
-38y54GXxLD4owHObOOakzQj6WXzE0sE47+y+JUODDDcluWWyESVs7myV3azxbzmV
-/xtiS5XrqETHZwaRafuVO9X0A+x6Dl1RbYtcxQScQ7wsR7NoHVeTlmfeR3rFEI1E
-yC1cFRIpHd8oUFgp3NXNve2tqDg7uT0OXFbKHQLwOhxbTmzuJq+wrvaMDk2bLaAH
-QPrvUIRdZbphcRakT+jRRLOIOequWzQ5FdjhJIl6wNTiHud+/icCJe1L+EwNDqKF
-W/5u6Bo9PvHQYsZnjvi2wzrzO/s6cmOP69GM/Dj5umZq1mUbHRqHuGOMfexMiIiA
-dqySbaovs6MH2C/kNLQJBFiFVJ++iSVPg4z3dZlFX8yZ4jUDzM+G7JKGlfM+YPev
-9qNN1towY+VHX21uM+8ID2H/P13M4IOMZBe63k3ab6UyQqwiuqBJfWj5hcOVyo5f
-yXqD0OC15xOyFZ+ohPcvpACqsnSRidUIIrqF7FsG0GLmA3DcH7whrI7L3f5RGN4n
-GPZj4aBVc8hLFhbIpgA1+5cIJz2EZI+Y4AFH7kE9zgpiiohXXkJWvWU9Yi2b9pB2
-PRUr6rrM8DY9vJWX7QAxl2MjVVpvj2Pt533e7tpn4cU=
-
-
+DGqBFTE2vXevvnEALfWuMhgUFHF9rHamOm6NZOxwpEc= Gt574bHNDgGK6akH8VNEthrOcDVFUr25ET0Xq6G2dYSDy7zGelcdi7QWI+h+ExKbovW0oRNaixOcpTl/X790gQXLD2xzX4q+oxk77tHEjKFD/leJySS4MaP2kz1PZ1EZsBgY9r/rXV9MWozOvS1YrMMwqSTI1G4AkMGJVLWCkQ0lfHo/1eudI5rfFwcLUV/oaynK05lATJy8qVXmKrVqer1Y6R1PLXHmla1iCt9xMkeql+gWqjK5RjePP/G6q2mhAELNejN/Y2E+X12DLnh2JavHyDv24l5OPIkOUTrqnwoUvgtxJe34dLD9EsmPviJ9LwNMCh1eIdLKmUa0n5/Y9ZKceSfW/OuxzAkTvPmtbk8NlOVtgagKniD4VX8j2u9YTwJNgUwGCra1B+WEKv4mLJuwGSX081GZA3BPw0QHLygSuYwz4dEB/8D3g2LpcG2MMPBIHnEp3Lsfvh3twOSb1aomyT/R8j8HfaSzL5pjYP6HJ0zQZlIMX7AFC7c32N9seHrp1PfMJ9GRMLi5cFVF1WUp+uceqD6WHO5cwsZW3WP+jMlSLmooeHosjbzjJuLiJ1sxnqy5hGi0BTe0FcF/F6T48/03ukCxm8fxTot50D2fZzN2g/0NZi67mxFHEdz0hXWJRDYRrdPgVDI8Y061atMqHJn88u+xOCfKuMisU08= MIIHtjCCBZ6gAwIBAgIIbaXtgRcActMwDQYJKoZIhvcNAQENBQAwgcwxCzAJBgNVBAYTAklUMQ0wCwYDVQQHDARSb21lMSYwJAYDVQQKDB1BZ2VuemlhIHBlciBsJ0l0YWxpYSBEaWdpdGFsZTEwMC4GA1UECwwnU2Vydml6aW8gQWNjcmVkaXRhbWVudG8gZSBwcm9nZXR0byBTUElEMQ0wCwYDVQQDDARBZ0lEMSkwJwYJKoZIhvcNAQkBFhpwcm90b2NvbGxvQHBlYy5hZ2lkLmdvdi5pdDEaMBgGA1UEBRMRVkFUSVQtOTc3MzUwMjA1ODQwHhcNMTkxMTE4MDAwMDAwWhcNMzkxMTE3MjM1OTU5WjCB1TELMAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWUxJjAkBgNVBAoMHUFnZW56aWEgcGVyIGwnSXRhbGlhIERpZ2l0YWxlMTAwLgYDVQQLDCdTZXJ2aXppbyBBY2NyZWRpdGFtZW50byBlIHByb2dldHRvIFNQSUQxFjAUBgNVBAMMDVByb2dldHRvIFNQSUQxKTAnBgkqhkiG9w0BCQEWGnByb3RvY29sbG9AcGVjLmFnaWQuZ292Lml0MRowGAYDVQQFExFWQVRJVC05NzczNTAyMDU4NDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOG+HkKenes7FCUm+lziQA9sNbA6nv4TVruLyONy27JqYtD37iGU2jPjHQlagbVZxXK4wiE8dzCfUmzMNec36yxHMycLefrl+e1VjvRG00j5fHCBvLO5PeJu5onsE2LWEhubg/T1+TZ2l7a8RzTcLrlpGZRufCSf4Lqk/Vpr5emfaRTkPjZwxY8AGfaow1HpxHRyvYhlfDhStPOfey4ohi3OQlhpWsYuQRE5FopUk0zzCa4AC0kTpuG/e36f9RBw8mkVsIYkkkLo5zR5FhU5vVdmeqm7IoRu7S6S0V6ynhNrkwghMYg6m7Iy4z/s/9gntjO0cPW+9cySeh2Hvx8FQU6TjdQMcyDCHqeLisdQAt47CHidmRMxdS/T89pp7fXXwDRUPP2XimvLT9B6ss48KeINK1+atsjfaHbQfF6O1j2zX8y7tMU1tfSgsIRHsdlhMhLZv9G0CyqHQoL4Kfenh8IzZFOZ/cLamgFmxJoi3/7Gnvu7WqcxxcEKTCCA4il0q687DYXtVBwcdHRfr+y1Q9ZJ7npZhk19t7IMvhblOsC5+gVHc9cgSSHNa/lZRWyUMBI1kZqoJXYxG4ZEX1J1SP94uTR8hvwjtUGFV4on9NJD3+CdsZUR5h7WmBoDT9+FBoykMmJrKmcm8kl9f8Zfx7Y4zSajH928yAQmkRBmnGCtAgMBAAGjggGPMIIBizAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTyS24ftu+oo64GJRUIl+FOXSxi4DAfBgNVHSMEGDAWgBSfx1tsJaanm4NepvvB/qN5O82PkTAOBgNVHQ8BAf8EBAMCBkAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cHM6Ly93d3cvZWlkYXMuYWdpZC5nb3YuaXQvY3JsL2NybF9TQS5jcmwwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwczovL29jc3BfU0EuYWdpZC5nb3YuaXQwgbIGA1UdIASBqjCBpzBMBgMrTBAwRTBDBggrBgEFBQcCARY3aHR0cDovL2VpZGFzLmFnaWQuZ292Lml0L2Nwcy9BZ0lEX2VJREFTX3Jvb3RDQV9jcHMucGRmOzBXBgQrTBAEME8wTQYIKwYBBQUHAgIwQRo/R292ZXJubWVudCBwcm9qZWN0IFNpc3RlbWEgUHViYmxpY28gZGkgSWRlbnRpdOAgRGlnaXRhbGUgKFNQSUQpMA0GCSqGSIb3DQEBDQUAA4ICAQAKtdL1GkGx74Uny4Bg5p/ZYcCOrI/DrV0dK9nhyl+uGLPn2nxRDXgDesaWGaVPywbtKbNd/6+aqUdgcvlwsePafiy3LHYowpILQ7X2mNUjnvoX0o2AcK9DfY+fUXA2DH+zKrwwH5SCDYykx/JQNaQp+vZQcFaKUHOVltuhrW8fJAya9pIPLpAL4z97zC648GUB6EnsnjcwWd3HKw88+cJcI9yuh5wLTeOJtI0C2LeDTg1WHaO7eX+Nrp/euia/OIlzfl/9x7KGHuDvhsLIOPEcHktLVbxH4rH/JpcbhS43asd9hbMYw+DLAQ51abZ63PlIJqUcfFotzgQ29mKnAT4auIMYqbR7Y2viM8ZCUNOxvV06cp+AejOF65iMny8PPG0puMvzqngsmsj3CbKLDTPxq5W8Cu5P5nq/s8ShcqQetqNMnfXTdCc8ulhKHX37txbee7/vcFM3TgXGlYBD2qCJkHKlQWkn2p81+O1j9qVIpEFBhdCN/WTmQr6ev97yr1zwhPa8wABfUVzAS2WEayCEBg45+caY6R9P6kI8i1XIb7AY8+lGGoDNOUQjLcnZllPMWkQr/WYkh0BZqZ1aYHsFo+d4tNHcEKVE7io0tjCLViOFyOsbOMFh7JhJgQS6uPtCYvnmpZJd6LIXweZUuhxy6jw6A+2wa0Mb8Qjd61OSdQ==
+
+
+
+
+
+
+
+
+
+lyHwpf6b8vJdgZVXPG8xrYzC8jokDKbonFVqrihWkTA=
+
+
+
+CTg66NygTYUtyiEG7InBnOe+naaAZcQCvPvcTN5G2M5I5hnqSNXgo9gd1ReBeVlL0pio4Vm5DX1R
+kAJCP1dx2OJHoR6oBhOezNwpXgk0J2fFadCSV906I0X/tpgiXK8kRV5DIqgqIdzz4iKIz3i8jGcI
+ILUTFFVxRgnyZvPFgEKfS9BK27p0ii6VA74c576S9vAleOy2PLue0qzNaqqbhFGV3CqTxrfothBt
+uboTxIozWFWrL0wwkBj6hdmNHWjbvUUrI/S7AYwC0Y7e1u22G+Ot9+5Cffy+1dr9nybRKfRWQy5k
+I5QmS+yKR6DEA9pq5PP/I2N/FsW5VRXg1Jt/XA==
+
+
+
-4b4eQp6d6zsUJSb6XOJAD2w1sDqe/hNWu4vI43Lbsmpi0PfuIZTaM+MdCVqBtVnF
-crjCITx3MJ9SbMw15zfrLEczJwt5+uX57VWO9EbTSPl8cIG8s7k94m7miewTYtYS
-G5uD9PX5NnaXtrxHNNwuuWkZlG58JJ/guqT9Wmvl6Z9pFOQ+NnDFjwAZ9qjDUenE
-dHK9iGV8OFK08597LiiGLc5CWGlaxi5BETkWilSTTPMJrgALSROm4b97fp/1EHDy
-aRWwhiSSQujnNHkWFTm9V2Z6qbsihG7tLpLRXrKeE2uTCCExiDqbsjLjP+z/2Ce2
-M7Rw9b71zJJ6HYe/HwVBTpON1AxzIMIep4uKx1AC3jsIeJ2ZEzF1L9Pz2mnt9dfA
-NFQ8/ZeKa8tP0Hqyzjwp4g0rX5q2yN9odtB8Xo7WPbNfzLu0xTW19KCwhEex2WEy
-Etm/0bQLKodCgvgp96eHwjNkU5n9wtqaAWbEmiLf/sae+7tapzHFwQpMIIDiKXSr
-rzsNhe1UHBx0dF+v7LVD1knuelmGTX23sgy+FuU6wLn6BUdz1yBJIc1r+VlFbJQw
-EjWRmqgldjEbhkRfUnVI/3i5NHyG/CO1QYVXiif00kPf4J2xlRHmHtaYGgNP34UG
-jKQyYmsqZybySX1/xl/HtjjNJqMf3bzIBCaREGacYK0=
+w4URGDE8Rg+oCM3uhbrLyhJJjq0abY4IhT5XIqFvY6p80ukXy0+vK1fXumDBVgfOPFEI0xMLzd+t
+ua0FqkAG2b0q5fuppI+9onHT5SpiT0V0oIpA4SSZZw04l/DM0w/rkH5wPE/exrUmgAx4A7TH3lud
+ihfRkdyywqTCmAxvz8kdkfOq7eh3EAO07k9pPfFoLIwhyoinU7adWftKLNQTWA25wsB1o/iSHSju
+dTrWnPikbeBBcr65E614MPxxNTY3GLtbVPve1BK7Cy3ngFLan0gFfNasD1XQKTXSiJBNwgLxf0xx
+6kKs3OAI4F1qnTROJ+6xvfS3vgFEQBGDCOnU3w==
-
-AQAB
-
+AQAB
-
- MIIHtjCCBZ6gAwIBAgIIbaXtgRcActMwDQYJKoZIhvcNAQENBQAwgcwxCzAJBgNV
+
+
+MIIDHDCCAgSgAwIBAgIVALisbudTRxLy3vlMcEDfaqr3iW89MA0GCSqGSIb3DQEBCwUAMBcxFTAT
+BgNVBAMMDGlkLmxlcGlkYS5pdDAeFw0xODA4MDgxMDIzMTJaFw0zODA4MDgxMDIzMTJaMBcxFTAT
+BgNVBAMMDGlkLmxlcGlkYS5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMOFERgx
+PEYPqAjN7oW6y8oSSY6tGm2OCIU+VyKhb2OqfNLpF8tPrytX17pgwVYHzjxRCNMTC83frbmtBapA
+Btm9KuX7qaSPvaJx0+UqYk9FdKCKQOEkmWcNOJfwzNMP65B+cDxP3sa1JoAMeAO0x95bnYoX0ZHc
+ssKkwpgMb8/JHZHzqu3odxADtO5PaT3xaCyMIcqIp1O2nVn7SizUE1gNucLAdaP4kh0o7nU61pz4
+pG3gQXK+uROteDD8cTU2Nxi7W1T73tQSuwst54BS2p9IBXzWrA9V0Ck10oiQTcIC8X9McepCrNzg
+COBdap00Tifusb30t74BREARgwjp1N8CAwEAAaNfMF0wHQYDVR0OBBYEFL32/n7uf1Re14pW+gwG
+xZQHUZBCMDwGA1UdEQQ1MDOCDGlkLmxlcGlkYS5pdIYjaHR0cHM6Ly9pZC5sZXBpZGEuaXQvaWRw
+L3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAK80B1mEWKOTJkVJOJot2xU79Lhs1+domUSY
+QiA+tlS46IAfWwDZqI1llIjgL85n7qMsKFvYTIskInoG51Iezv2dTxlB6IMI8NPRfiFXo2s8NYjb
+zWyETbdXzCbDR0tKNke0TFE0oxunNfE5YRsmH4bPnjhPUjCSHX7wIhlNrLae3FjMQp1OLDs7HmJo
+3AhuAVmHCoG7QV/ly4ZHcVYx4F7HUsFg5uxNYjZbo+XMutJz4nZFOFE+uRzTwwfdR2sxny+ppkru
+TwIhEXyzknoiw1mGIEWZc6scnOAiwZeqTccUYVNHp+PSFs9SD8l+2PO4Oh8Y3dYT+5ojv+S6T7vy
+5xE=
+
+
+
+
+
+
+
+
+
+
+MIIDHDCCAgSgAwIBAgIVALisbudTRxLy3vlMcEDfaqr3iW89MA0GCSqGSIb3DQEB CwUAMBcxFTATBgNVBAMMDGlkLmxlcGlkYS5pdDAeFw0xODA4MDgxMDIzMTJaFw0z ODA4MDgxMDIzMTJaMBcxFTATBgNVBAMMDGlkLmxlcGlkYS5pdDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMOFERgxPEYPqAjN7oW6y8oSSY6tGm2OCIU+ VyKhb2OqfNLpF8tPrytX17pgwVYHzjxRCNMTC83frbmtBapABtm9KuX7qaSPvaJx 0+UqYk9FdKCKQOEkmWcNOJfwzNMP65B+cDxP3sa1JoAMeAO0x95bnYoX0ZHcssKk wpgMb8/JHZHzqu3odxADtO5PaT3xaCyMIcqIp1O2nVn7SizUE1gNucLAdaP4kh0o 7nU61pz4pG3gQXK+uROteDD8cTU2Nxi7W1T73tQSuwst54BS2p9IBXzWrA9V0Ck1 0oiQTcIC8X9McepCrNzgCOBdap00Tifusb30t74BREARgwjp1N8CAwEAAaNfMF0w HQYDVR0OBBYEFL32/n7uf1Re14pW+gwGxZQHUZBCMDwGA1UdEQQ1MDOCDGlkLmxl cGlkYS5pdIYjaHR0cHM6Ly9pZC5sZXBpZGEuaXQvaWRwL3NoaWJib2xldGgwDQYJ KoZIhvcNAQELBQADggEBAK80B1mEWKOTJkVJOJot2xU79Lhs1+domUSYQiA+tlS4 6IAfWwDZqI1llIjgL85n7qMsKFvYTIskInoG51Iezv2dTxlB6IMI8NPRfiFXo2s8 NYjbzWyETbdXzCbDR0tKNke0TFE0oxunNfE5YRsmH4bPnjhPUjCSHX7wIhlNrLae 3FjMQp1OLDs7HmJo3AhuAVmHCoG7QV/ly4ZHcVYx4F7HUsFg5uxNYjZbo+XMutJz 4nZFOFE+uRzTwwfdR2sxny+ppkruTwIhEXyzknoiw1mGIEWZc6scnOAiwZeqTccU YVNHp+PSFs9SD8l+2PO4Oh8Y3dYT+5ojv+S6T7vy5xE=
+
+
+
+
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Lepida S.p.A.
+ Lepida S.p.A.
+ https://www.lepida.it/
+
+
++Rel1FMcm+5efYiYZHG/xIlGJABOWQctvg7pKhGM/T8= HF+4Mag3Cwf70kvV4mggud56QUdiVrhbWXZFMDhhT7UVXMnUg/bas1pcIAR6fZAg+1tInF8lq1Z1Ny0leBGm1uMEwJa1ct8CtT3yCT2kfrlTAFpHymBv3fELAgVkJE09OwWqs9RCGu2IzEWjtIZozEOiG6mSLRiAWRPMk3x6y1oRdsenLqmuvcR1wuRMoFjb+2SP6bxJWWZzzrzAadSX9qbnKKn9qOxFke8Tn5FqQUaeh62RFBregLPT4PlaZsnTOkrdPqjLFYuh6NtBU20Qh2oiH5TdyZ9mfTleJtp9RYwpo472zsXYMbbmDyDr3/wbzFIqZVHqos9PsM+GbXQpTQ== MIIHEjCCBPqgAwIBAgIDAjcDMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNlIFByb3ZpZGVyMRowGAYDVQRhDBFWQVRJVC0wNzk0NTIxMTAwNjEtMCsGA1UEAwwkSW5mb0NlcnQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBDQSAzMB4XDTIyMDEwNTA4MjIxNFoXDTI1MDEwNTAwMDAwMFowgZkxGTAXBgNVBC4TEDIwMjI5OTk4NTBBNDk1NjAxFDASBgNVBAUTCzA3OTQ1MjExMDA2MR0wGwYDVQQDDBRpZGVudGl0eS5pbmZvY2VydC5pdDEUMBIGA1UECwwLSW5mb0NlcnQgSUQxFTATBgNVBAoMDEluZm9DZXJ0IFNwYTENMAsGA1UEBwwEUm9tYTELMAkGA1UEBhMCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6s3Tl4j+1kVqyUh5evwd7+rLq7j3BcIfBV+xLKn1wPyJgHjy7UJ1khy4oF+1D38qLrz4WngJ68Rf6kSdo07bLHnS8N1iIpTm05yq600yHFaeW4qZWTgeklE+Ui7WVBxs31G7i9RZVEVHFrBPctzERgiHJ2MW0mvy2dlGszGlept4nVtQMc/CKvM1zs9W/te1opTWueZdHN5jFvW0GxEib5HufH6BMugwtX0nySBOvlE6bQSid7tkEiedDlBHUZ7Sb+f+S4D+ZZEEg3F6ikSgFxHwns2tB3YL9Xd09LfyNQF6K1PSGx2Gjq2+PsY1glmk6pt6AU2axOpfpkoe4mZbzAgMBAAGjggJlMIICYTATBgNVHSUEDDAKBggrBgEFBQcDAjCBoQYDVR0gBIGZMIGWMIGTBgYrTCQBAQgwgYgwQQYIKwYBBQUHAgIwNQwzU1NMLCBTTUlNRSBhbmQgRGlnaXRhbCBTaWduYXR1cmUgQ2xpZW50IENlcnRpZmljYXRlMEMGCCsGAQUFBwIBFjdodHRwOi8vd3d3LmZpcm1hLmluZm9jZXJ0Lml0L2RvY3VtZW50YXppb25lL21hbnVhbGkucGhwMG4GCCsGAQUFBwEBBGIwYDArBggrBgEFBQcwAYYfaHR0cDovL29jc3AuY3MuY2EzLmluZm9jZXJ0Lml0LzAxBggrBgEFBQcwAoYlaHR0cDovL2NlcnQuaW5mb2NlcnQuaXQvY2EzL2NzL0NBLmNydDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhidodHRwOi8vY3JsLmluZm9jZXJ0Lml0L2NhMy9jcy9DUkwwMS5jcmyGgaVsZGFwOi8vbGRhcC5pbmZvY2VydC5pdC9jbiUzREluZm9DZXJ0JTIwQ2VydGlmaWNhdGlvbiUyMFNlcnZpY2VzJTIwQ0ElMjAzJTIwQ1JMMDEsb3UlM0RUcnVzdCUyMFNlcnZpY2UlMjBQcm92aWRlcixvJTNESU5GT0NFUlQlMjBTUEEsYyUzRElUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QwDgYDVR0PAQH/BAQDAgSwMB8GA1UdIwQYMBaAFHcRTQLy09eh1UxlX7hGRm7AIyq7MB0GA1UdDgQWBBSFWpMUOIyG+PVmscoEkrsnPp7JpTANBgkqhkiG9w0BAQsFAAOCAgEAB2AEW83IZGcHFrxtMkCdYaOvwFDO9AsN2uRwhK1a76GzA0LHetocUcUHOmamhnhha/Is3GRPsnmwzs63AAYEaFcS22Q9mE9e8HacxjPKCguy/6zkOg204+5jGtJAqmVI98o7gKY8utaosxRbz0CkugCO5YNRjLruj4sIbMp5BJoaA0TDTM91ilpLaGFDJeFSJQcUlJZI5OM2MrDn6/eRZxDechR+vV6rc0TwGFhTQnnYgoWg2U/CC3l46D77+R/RVPb/WW79hXTFLEnxHI5pCEZlmrWalPIBA129mIOsjXcVzjkBXfoDy1sXlziI/SMs0n3NJ/YqzUCu6bGOE5Hf++T67ynuSaQmPSYb7hbtyLm5qebg4yvowzMnfOZ/GVmoa+pKFnsMenDts7l0KgovvSspsLmMio9cYhMmaZ/uf0ckLnoeAkfjGkHufr3IbbW8Bk7s7BVN9HChw1q20WHcf95BJ4C9Yu/MVrTkJD1d3gWlfw0l9gm+gyhzCZAxT5DE2gspORygdNzzG0sLC/07Msx3+M1dPk5K5NOKaaqQBssaAPCCGnHIitCpvLlw2PoWQat88Twq4CrIscpnJ40Fa677BXDOrjHkriE7xccWhjV7dKSzEYv96ozFBPwc2Nb/1bMdCPXBfJ8dUsnAhSv15uJ6cb5UcpCpVoQ1QEW0KYU= MIIHEjCCBPqgAwIBAgIDAjcDMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNlIFByb3ZpZGVyMRowGAYDVQRhDBFWQVRJVC0wNzk0NTIxMTAwNjEtMCsGA1UEAwwkSW5mb0NlcnQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBDQSAzMB4XDTIyMDEwNTA4MjIxNFoXDTI1MDEwNTAwMDAwMFowgZkxGTAXBgNVBC4TEDIwMjI5OTk4NTBBNDk1NjAxFDASBgNVBAUTCzA3OTQ1MjExMDA2MR0wGwYDVQQDDBRpZGVudGl0eS5pbmZvY2VydC5pdDEUMBIGA1UECwwLSW5mb0NlcnQgSUQxFTATBgNVBAoMDEluZm9DZXJ0IFNwYTENMAsGA1UEBwwEUm9tYTELMAkGA1UEBhMCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6s3Tl4j+1kVqyUh5evwd7+rLq7j3BcIfBV+xLKn1wPyJgHjy7UJ1khy4oF+1D38qLrz4WngJ68Rf6kSdo07bLHnS8N1iIpTm05yq600yHFaeW4qZWTgeklE+Ui7WVBxs31G7i9RZVEVHFrBPctzERgiHJ2MW0mvy2dlGszGlept4nVtQMc/CKvM1zs9W/te1opTWueZdHN5jFvW0GxEib5HufH6BMugwtX0nySBOvlE6bQSid7tkEiedDlBHUZ7Sb+f+S4D+ZZEEg3F6ikSgFxHwns2tB3YL9Xd09LfyNQF6K1PSGx2Gjq2+PsY1glmk6pt6AU2axOpfpkoe4mZbzAgMBAAGjggJlMIICYTATBgNVHSUEDDAKBggrBgEFBQcDAjCBoQYDVR0gBIGZMIGWMIGTBgYrTCQBAQgwgYgwQQYIKwYBBQUHAgIwNQwzU1NMLCBTTUlNRSBhbmQgRGlnaXRhbCBTaWduYXR1cmUgQ2xpZW50IENlcnRpZmljYXRlMEMGCCsGAQUFBwIBFjdodHRwOi8vd3d3LmZpcm1hLmluZm9jZXJ0Lml0L2RvY3VtZW50YXppb25lL21hbnVhbGkucGhwMG4GCCsGAQUFBwEBBGIwYDArBggrBgEFBQcwAYYfaHR0cDovL29jc3AuY3MuY2EzLmluZm9jZXJ0Lml0LzAxBggrBgEFBQcwAoYlaHR0cDovL2NlcnQuaW5mb2NlcnQuaXQvY2EzL2NzL0NBLmNydDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhidodHRwOi8vY3JsLmluZm9jZXJ0Lml0L2NhMy9jcy9DUkwwMS5jcmyGgaVsZGFwOi8vbGRhcC5pbmZvY2VydC5pdC9jbiUzREluZm9DZXJ0JTIwQ2VydGlmaWNhdGlvbiUyMFNlcnZpY2VzJTIwQ0ElMjAzJTIwQ1JMMDEsb3UlM0RUcnVzdCUyMFNlcnZpY2UlMjBQcm92aWRlcixvJTNESU5GT0NFUlQlMjBTUEEsYyUzRElUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QwDgYDVR0PAQH/BAQDAgSwMB8GA1UdIwQYMBaAFHcRTQLy09eh1UxlX7hGRm7AIyq7MB0GA1UdDgQWBBSFWpMUOIyG+PVmscoEkrsnPp7JpTANBgkqhkiG9w0BAQsFAAOCAgEAB2AEW83IZGcHFrxtMkCdYaOvwFDO9AsN2uRwhK1a76GzA0LHetocUcUHOmamhnhha/Is3GRPsnmwzs63AAYEaFcS22Q9mE9e8HacxjPKCguy/6zkOg204+5jGtJAqmVI98o7gKY8utaosxRbz0CkugCO5YNRjLruj4sIbMp5BJoaA0TDTM91ilpLaGFDJeFSJQcUlJZI5OM2MrDn6/eRZxDechR+vV6rc0TwGFhTQnnYgoWg2U/CC3l46D77+R/RVPb/WW79hXTFLEnxHI5pCEZlmrWalPIBA129mIOsjXcVzjkBXfoDy1sXlziI/SMs0n3NJ/YqzUCu6bGOE5Hf++T67ynuSaQmPSYb7hbtyLm5qebg4yvowzMnfOZ/GVmoa+pKFnsMenDts7l0KgovvSspsLmMio9cYhMmaZ/uf0ckLnoeAkfjGkHufr3IbbW8Bk7s7BVN9HChw1q20WHcf95BJ4C9Yu/MVrTkJD1d3gWlfw0l9gm+gyhzCZAxT5DE2gspORygdNzzG0sLC/07Msx3+M1dPk5K5NOKaaqQBssaAPCCGnHIitCpvLlw2PoWQat88Twq4CrIscpnJ40Fa677BXDOrjHkriE7xccWhjV7dKSzEYv96ozFBPwc2Nb/1bMdCPXBfJ8dUsnAhSv15uJ6cb5UcpCpVoQ1QEW0KYU= urn:oasis:names:tc:SAML:2.0:nameid-format:transient InfoCert S.p.A. InfoCert S.p.A. InfoCert S.p.A. InfoCert S.p.A. InfoCert S.p.A. InfoCert S.p.A. InfoCert S.p.A. InfoCert S.p.A. https://www.infocert.it https://www.infocert.it/international/?lang=en https://www.infocert.it/international/?lang=fr https://www.infocert.it/international/?lang=de
+
+
+ edFgXK6BXmGkVRK5oLlYHviWEP7AGP1Hr/dJvcP26c4= t0hwmcoUkIuUbRHoSZlXGTwq0g4OjHIhR1xaAUPX4IysE1LUm5L4Atif8hlMkuSjtJ5rtD2yXkIjpkXcxU5Ifq+shCUsPs0+36dFMI8DVZUdqK7E2QKiNMDAtjzd77SgM2HO3tmP4NLH+P7MZrSAfsVHd02NyR9lObHWfSvlun+xiZC9WEQOiklQ2K/fXZ6K8VwynqkufHpDZSCG9swYT6NdpKoslJlTU6+guNkrwh3YSwszYNFywHIf7hYjfLX6ZeY0VxteMa1zvC3bYVSDNtS+awT3Xatl+uWa4vuXJOzxOMS1//hEUF0Sfx3uYrHMCMp5sfShEXIYzFufyDHFuQ==
+MIIDczCCAlugAwIBAgIJAMsX0iEKQM6xMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTAeFw0xNTEyMTQwODE0MTVaFw0yNTEyMTMwODE0MTVaMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIRlOjM/tS9V9jYjJreqZSctuYriLfPTDgX2XdhWEbMpMpwA9p0bsbLQoC1gP0piLO+qbCsIh9+boPfb4/dLIA7E+Vmm5/+evOtzvjfHG4oXjZK6jo08QwkVV8Bm1jkakJPVZ57QFbyDSr+uBbIMY7CjA2LdgnIIwKN/kSfFhrZUMJ6ZxwegM100X5psfNPSV9WUtgHsvqlIlvydPo2rMm21sg+2d3Vtg8DthNSYRLqgazCc0NTsigrH7niSbJCO0nq/svMX2rSFdh5GFK7/pxT+c3OFWqIR8r+RX4qW+auJqkbTuNRwxV22Sm6r69ZJwV0WspvsVJi+FYqiyoWhgUCAwEAAaNQME4wHQYDVR0OBBYEFCUx063GwUhEFDllwCBe/+jdeW+XMB8GA1UdIwQYMBaAFCUx063GwUhEFDllwCBe/+jdeW+XMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADF94c3JwyBM86QBLeoUZxRYKPniba8B39FfJk0pb+LejKfZMvspOrOFgYQQ9UrS8IFkBX9Xr7/tjRbr2cPwZNjrEZhoq+NfcE09bnaWTyEl1IEKK8TWOupJj9UNVpYXX0LfIRrMwNEzAPQykOaqPOnyHxOCPTY957xXSo3jXOyvugtvPHbd+iliAzUoPm1tgiTKWS+EkQ/e22eFv5NEyT+oHiKovrQ+voPWOIvJVMjiTyxRic8fEnI9zzV0SxWvFvty77wgcYbeEuFZa3iidhojUge8o1uY/JUyQjFxcvvfAgWSIZwdHiNyWaAgwzLPmPCPsvBdR3xrlcDg/9Bd3D0=
+
+
+
+
+ MIIDczCCAlugAwIBAgIJAMsX0iEKQM6xMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTAeFw0xNTEyMTQwODE0MTVaFw0yNTEyMTMwODE0MTVaMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIRlOjM/tS9V9jYjJreqZSctuYriLfPTDgX2XdhWEbMpMpwA9p0bsbLQoC1gP0piLO+qbCsIh9+boPfb4/dLIA7E+Vmm5/+evOtzvjfHG4oXjZK6jo08QwkVV8Bm1jkakJPVZ57QFbyDSr+uBbIMY7CjA2LdgnIIwKN/kSfFhrZUMJ6ZxwegM100X5psfNPSV9WUtgHsvqlIlvydPo2rMm21sg+2d3Vtg8DthNSYRLqgazCc0NTsigrH7niSbJCO0nq/svMX2rSFdh5GFK7/pxT+c3OFWqIR8r+RX4qW+auJqkbTuNRwxV22Sm6r69ZJwV0WspvsVJi+FYqiyoWhgUCAwEAAaNQME4wHQYDVR0OBBYEFCUx063GwUhEFDllwCBe/+jdeW+XMB8GA1UdIwQYMBaAFCUx063GwUhEFDllwCBe/+jdeW+XMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADF94c3JwyBM86QBLeoUZxRYKPniba8B39FfJk0pb+LejKfZMvspOrOFgYQQ9UrS8IFkBX9Xr7/tjRbr2cPwZNjrEZhoq+NfcE09bnaWTyEl1IEKK8TWOupJj9UNVpYXX0LfIRrMwNEzAPQykOaqPOnyHxOCPTY957xXSo3jXOyvugtvPHbd+iliAzUoPm1tgiTKWS+EkQ/e22eFv5NEyT+oHiKovrQ+voPWOIvJVMjiTyxRic8fEnI9zzV0SxWvFvty77wgcYbeEuFZa3iidhojUge8o1uY/JUyQjFxcvvfAgWSIZwdHiNyWaAgwzLPmPCPsvBdR3xrlcDg/9Bd3D0=
+
+
+
+
+
+
+ MIIDczCCAlugAwIBAgIJAMsX0iEKQM6xMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTAeFw0xNTEyMTQwODE0MTVaFw0yNTEyMTMwODE0MTVaMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIRlOjM/tS9V9jYjJreqZSctuYriLfPTDgX2XdhWEbMpMpwA9p0bsbLQoC1gP0piLO+qbCsIh9+boPfb4/dLIA7E+Vmm5/+evOtzvjfHG4oXjZK6jo08QwkVV8Bm1jkakJPVZ57QFbyDSr+uBbIMY7CjA2LdgnIIwKN/kSfFhrZUMJ6ZxwegM100X5psfNPSV9WUtgHsvqlIlvydPo2rMm21sg+2d3Vtg8DthNSYRLqgazCc0NTsigrH7niSbJCO0nq/svMX2rSFdh5GFK7/pxT+c3OFWqIR8r+RX4qW+auJqkbTuNRwxV22Sm6r69ZJwV0WspvsVJi+FYqiyoWhgUCAwEAAaNQME4wHQYDVR0OBBYEFCUx063GwUhEFDllwCBe/+jdeW+XMB8GA1UdIwQYMBaAFCUx063GwUhEFDllwCBe/+jdeW+XMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADF94c3JwyBM86QBLeoUZxRYKPniba8B39FfJk0pb+LejKfZMvspOrOFgYQQ9UrS8IFkBX9Xr7/tjRbr2cPwZNjrEZhoq+NfcE09bnaWTyEl1IEKK8TWOupJj9UNVpYXX0LfIRrMwNEzAPQykOaqPOnyHxOCPTY957xXSo3jXOyvugtvPHbd+iliAzUoPm1tgiTKWS+EkQ/e22eFv5NEyT+oHiKovrQ+voPWOIvJVMjiTyxRic8fEnI9zzV0SxWvFvty77wgcYbeEuFZa3iidhojUge8o1uY/JUyQjFxcvvfAgWSIZwdHiNyWaAgwzLPmPCPsvBdR3xrlcDg/9Bd3D0=
+
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Sielte S.p.A.
+ Sielte S.p.A.
+ http://www.sielte.it
+ http://www.sielte.it
+ http://www.sielte.it
+ http://www.sielte.it
+
+
+
+
+
+
+
+
+
+
+
+VSNgcTZzWAf58kcx//rTdi93mS2RuHf9xvsQBeGPI2c=
+
+
+
+mOFXOtItjlEqUoyt8sga600DFccdCGkDyVrLkqOS5KyhUPSgbOYX0z5q3SG8vYbLYNSKcobpuPVy
+UDagVB69ROzDzj/1kk3/dIqr0/cywYreiLJTTBFh5NNXKbKJsU+h/ODI3B5OPZbKTMiTvf/HJRgn
+5VyROfaJtQJPiQQ/K5CnVfsafIgh9pG52hbq4o/GsC1enIPDBh2B2anrTIaW7bpMcXIdHdLs5oRK
+LCVraIgQO5NzU8cNc6SXztRuUFzD0HNeyUqCVXt6CpKzw+2kLkBxnxgzXZae4v97Voo3QgO6i+6f
+KzeU0xnt5ITl288DpQUpTghMHnozcJ4J8InziA==
+
+
+
+
+
+valuo+O493cRZIutqyV3Y7q6/avPAmbWL4w502HaGm6nECkl/TgQyeD7px4Drcd9ArW6ry7+m282
+m66qOlagmmhJOAbEVQni8EpV/JCuKZ3gLQSOxHBdJB87fNnooLp3sU/cmiPds0rmEniRRdwq4KcL
+xGbNt+hZ/OooJ/sPar2JgeXtIKSsQXOSNEV4o/gwJOufnMql3iixENGUIo+tUdO+ROskTl6PlG40
+9HSlHOnGDFLDLUqpASMwmBcfI4KA9QKzXP2OU8knRnNnsjlDPez84tizvK7exfefSGMbg7lH7Q43
+ESndweAxsKhLNPyyGA03apNgqs6suB4bEJhlyQ==
+
+AQAB
+
+
+
+
+MIIISTCCBjGgAwIBAgIIdhWoGwd6zoowDQYJKoZIhvcNAQELBQAwgYcxITAfBgNVBAMMGE5hbWly
+aWFsIEVVIFF1YWxpZmllZCBDQTEfMB0GA1UECwwWVHJ1c3QgU2VydmljZSBQcm92aWRlcjEYMBYG
+A1UECgwPTmFtaXJpYWwgUy5wLkEuMRowGAYDVQRhDBFWQVRJVC0wMjA0NjU3MDQyNjELMAkGA1UE
+BhMCSVQwHhcNMjAwNzIwMTUxODAwWhcNMjYwNzIwMTUxODAwWjBdMQswCQYDVQQGEwJJVDEaMBgG
+A1UEYQwRVkFUSVQtMDIwNDY1NzA0MjYxGDAWBgNVBAoMD05BTUlSSUFMIFMuUC5BLjEYMBYGA1UE
+AwwPTkFNSVJJQUwgUy5QLkEuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaluo+O4
+93cRZIutqyV3Y7q6/avPAmbWL4w502HaGm6nECkl/TgQyeD7px4Drcd9ArW6ry7+m282m66qOlag
+mmhJOAbEVQni8EpV/JCuKZ3gLQSOxHBdJB87fNnooLp3sU/cmiPds0rmEniRRdwq4KcLxGbNt+hZ
+/OooJ/sPar2JgeXtIKSsQXOSNEV4o/gwJOufnMql3iixENGUIo+tUdO+ROskTl6PlG409HSlHOnG
+DFLDLUqpASMwmBcfI4KA9QKzXP2OU8knRnNnsjlDPez84tizvK7exfefSGMbg7lH7Q43ESndweAx
+sKhLNPyyGA03apNgqs6suB4bEJhlyQIDAQABo4ID4DCCA9wwgYcGCCsGAQUFBwEBBHsweTA+Bggr
+BgEFBQcwAoYyaHR0cHM6Ly9kb2NzLm5hbWlyaWFsdHNwLmNvbS9kb2N1bWVudHMvTmFtQ0E0Sy5j
+cnQwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLm5hbWlyaWFsdHNwLmNvbS9vY3NwL2NlcnRzdGF0
+dXMwHQYDVR0OBBYEFJFw0qD1CsRQ3xDAskv5VJ6YVKhWMB8GA1UdIwQYMBaAFGO4zbhJUuXnCXtX
+jPt6QQ5BqnhZMIHDBggrBgEFBQcBAwSBtjCBszAIBgYEAI5GAQEwCwYGBACORgEDAgEUMBMGBgQA
+jkYBBjAJBgcEAI5GAQYCMIGEBgYEAI5GAQUwejA7FjVodHRwczovL2RvY3MubmFtaXJpYWx0c3Au
+Y29tL2RvY3VtZW50cy9QRFMvUERTX2VuLnBkZhMCZW4wOxY1aHR0cHM6Ly9kb2NzLm5hbWlyaWFs
+dHNwLmNvbS9kb2N1bWVudHMvUERTL1BEU19pdC5wZGYTAml0MIICAgYDVR0gBIIB+TCCAfUwggHc
+BgsrBgEEAYKaawECATCCAcswKQYIKwYBBQUHAgEWHWh0dHBzOi8vZG9jcy5uYW1pcmlhbHRzcC5j
+b20vMIIBnAYIKwYBBQUHAgIwggGOHoIBigBWAGEAbABpAGQAbwAgAHMAbwBsAG8AIABwAGUAcgAg
+AGwAYQAgAHAAcgBvAHQAZQB6AGkAbwBuAGUAIABkAGkAIABpAG4AdABlAGcAcgBpAHQA4AAgAGQA
+aQAgAGYAaQByAG0AZQAgAGUAbABlAHQAdAByAG8AbgBpAGMAaABlACAAZwBlAG4AZQByAGEAdABl
+ACAAZABhACAAdABlAGMAbgBvAGwAbwBnAGkAYQAgAE4AYQBtAGkAcgBpAGEAbAAgAEcAcgBvAHUA
+cAAvAFYAYQBsAGkAZAAgAG8AbgBsAHkAIABmAG8AcgAgAHAAcgBvAHQAZQBjAHQAaQBvAG4AIABv
+AGYAIABJAG4AdABlAGcAcgBpAHQAeQAgAG8AZgAgAGUALQBzAGkAZwBuAGEAdAB1AHIAZQAgAGcA
+ZQBuAGUAcgBhAHQAZQBkACAAYgB5ACAATgBhAG0AaQByAGkAYQBsACAARwByAG8AdQBwACcAcwAg
+AHQAZQBjAGgAbgBvAGwAbwBnAHkwCQYHBACL7EABATAIBgYEAI96AQEwNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5uYW1pcmlhbHRzcC5jb20vQ0E0Sy5jcmwwDgYDVR0PAQH/BAQDAgZAMA0G
+CSqGSIb3DQEBCwUAA4ICAQCHBLQQWvCEM8q2Xxn3NL6Xn2Hs+ZVNQET1rNh6/ZhBorh/O8JunqX9
++5JU88h6kFvwxLm+84RyZk2oP+EX4RUZ3BteWVmctht71CzMVvx28YRaEaAPr5835hfHgXy9+K98
+TMDQS9ah0StQ0RG4EAEniShIOGEng2LfeRZznFMsB95xPU/Pcr0oUHpfsLFmCyIx/fNNY1IIAp8p
+Y+nJQ52SlZ8FWctw0ipbwdy9XvzaLTKiLE0mh93/WJ02SI5S+b5sCA2vwvJ2iTpucSqbeBnMfcsv
+pUODgrIm5tpTsYIftJ8q4ueeunO2rLKw/ZADLJEEyx+wKdWkv2X/pypsFaEBSAIbXRBkpekdXAfW
+QM7HNfSQrGcMv9gI27wmnWD1XgNvx+PlJ3U3HvuL/Rl1NQPHhVhGWArJSRwLtZozMMNitP2uVSfg
+WIg5M7EA2+pNm3A9J1IyTySBT5B86xXkrGbRLyx4voSX7z/EsOOfcv5wlv5hc3gsid44gnwzeuPC
+3JYOi7iytuurCr5dpYC3KkDaE6ARqAnU9yLmPAbvbBU/qRlNhNNU+JDep2llUHMtUJq7jDY5WrMx
+LvfofeELw7At2IUpHN0C3GsMsFF1Kb03/5j+GDvhTp/6G5AmsrnAtcSRAqX/XNGscKd+HcFLKogc
+KXW60bsCEfSd6z1or8gfnA==
+
+
+
+
+
+
+
+
+ CN=*.namirialtsp.com,OU=Security Departement,O=Namirial Spa,L=Senigallia,ST=Ancona,C=IT
+ MIIDNzCCAh+gAwIBAgIUNGvDUjTpLSPlP4sEfO0+JARITnEwDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTaWRwLm5hbWlyaWFsdHNwLmNvbTAeFw0xNzAzMDgwOTE3
+NTZaFw0zNzAzMDgwOTE3NTZaMB4xHDAaBgNVBAMME2lkcC5uYW1pcmlhbHRzcC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrcJvYRh49nNijgzwL
+1OOwgzeMDUWcMSwoWdtMpx3kDhZwMFQ3ITDmNvlz21I0QKaP0BDg/UAjfCbDtLqU
+y6wHtI6NWVJoqIziw+dLfg7S5Sr2nOzJ/sKhzadWH1kDsetIenOLU2ex+7Vf/+4P
+7nIrS0c+xghi9/zN8dH6+09wWYnloGmcW3qWRFMKJjR3ctBmsmqCKWNIIq2QfeFs
+zSSeG0xaNlLKBrj6TyPDxDqPAskq038W1fCuh7aejCk7XTTOxuuIwDGJiYsc8rfX
+SG9/auskAfCziGEm304/ojy5MRcNjekz4KgWxT9anMCipv0I2T7tCAivc1z9QCsE
+Pk5pAgMBAAGjbTBrMB0GA1UdDgQWBBQi8+cnv0Nw0lbuICzxlSHsvBw5SzBKBgNV
+HREEQzBBghNpZHAubmFtaXJpYWx0c3AuY29thipodHRwczovL2lkcC5uYW1pcmlh
+bHRzcC5jb20vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAEp953KM
+WY7wJbJqnPTmDkXaZJVoubcjW86IY494RgVBeZ4XzAGOifa3ScDK6a0OWfIlRTba
+KKu9lEVw9zs54vLp9oQI4JulomSaL805Glml4bYqtcLoh5qTnKaWp5qvzBgcQ7i2
+GcDC9F+qrsJYreCA7rbHXzF0hu5yIfz0BrrCRWvuWiop92WeKvtucI4oBGfoHhYO
+ZsLuoTT3hZiEFJT60xS5Y2SNdz+Eia9Dgt0cvAzoOVk93Cxg+XBdyyEEiZn/zvhj
+us29KyFrzh3XYznh+4jq3ymt7Os4JKmY0aJm7yNxw+LyPjkdaB0icfo3+hD7PiuU
+jC3Y67LUWQ8YgOc=
+
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Namirial
+ Namirial S.p.a. Trust Service Provider
+ https://www.namirialtsp.com
+
+JYGJryCuw9bp9PBqoxl1ogs1BX6rIdxN2Cld6uEDcMY= CIEQ0HLKuPpklXui6C9d1pd1syuB9RcgoOI4yBU4QnAEoLvWAJoyTOUvjXfNN9pKehdvcPyW6LPmlonb6Mf5sKswUXdAbimSeYwgAO0U3mVAzGxGK543RjHGamGtz3G4IDW7FTqkG0QmQDAWfeq+CYJksdHFfKwvzY9l6PWCvmPIsaIjwJcFvWMWlwCBwABL3QmUqHkLmifk3/zcN1kmHEjlwMNpCwH32A2jgyFPho96BWQo+iMRjIaLUHfrnPNqMS49nYW5rUQM1nWiRrTMY74dxfd+xTUVZKVGSgL9ACQviTPwHOm4YYkhA+zjUTT22kEFb0fdMxrC0QzBM/FnLA== MIID0jCCArqgAwIBAgIUXDUOKL3WuolxDw96Fk9es8rIt6kwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAklUMS4wLAYDVQQKDCVUZWxlY29tIEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMSgwJgYDVQQLDB9TZXJ2aXppIHBlciBsJ2lkZW50aXRhIGRpZ2l0YWxlMSIwIAYDVQQDDBlUSSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMB4XDTIxMTExMTE3MDMyMFoXDTI1MTExMDE3MDMyMFowgYsxCzAJBgNVBAYTAklUMS4wLAYDVQQKDCVUZWxlY29tIEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMSgwJgYDVQQLDB9TZXJ2aXppIHBlciBsJ2lkZW50aXRhIGRpZ2l0YWxlMSIwIAYDVQQDDBlUSSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sIS3+3iZSaAIyVywahlbpua2uJ/XmpV68P1e1STJpHoaj32STdHhqZnnb4Y/FshP1NUolzNolPXAYDmDduW1OnGndJZ+G9Hjh1PCkdiRw+p0FjhQAsGJkn8NdgTIHLJjqN1qQwtOsVGab8ScyA3mtmj3xKYuBhUoweuATzC7f5r7FfIoc3cy6N5lgrpZpfeAChxLwoHVjoAVgIBuemi6HAzmd4/BI06KzOcR7+dBVi4+uiseldxrJ5bhnjZKIwgkX14y9UA84Y+e+rMtyT8cT3XXi9NazZl5Ej5/bQPqqVsbg6tXzQSfEJD6JEjuYeC0RUKMS/EJn3hL5VLzTJ1NwIDAQABoywwKjAdBgNVHQ4EFgQUfctFZ8bRtmEvXPRlqgVDuggY/ZwwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA0lszHadknPfE17IWGWsgvlXOdKMnWcl9H5rEYmsWwDB9FJG9XAZvPMcVv1kkWi6XZI/8N2Twhu1BdZkdvntDRscuck8wxxIpkRV7CwlcqNFZ/IwjDBxOBa8Q1J850p+qP8A9apsLLPUlu/oLygNDWIXzcOjMqnPkEP+XXUNYPto5iV+OyDzLLacCYqDDHcvDewWLmEjt35X967KcM+m7K2zGRLWfqcZPIjJJOkpNjgcs+MaisMrGDyOKiD16v0LpwVyIpTqXvDk7KHo8CUNXDxyLxZzB6WffgnOgjXTfU3vluweOx0qQy/VxIupDlNBKiZB4gnt1oAfnaMbqla9wcw== MIID0jCCArqgAwIBAgIUXDUOKL3WuolxDw96Fk9es8rIt6kwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAklUMS4wLAYDVQQKDCVUZWxlY29tIEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMSgwJgYDVQQLDB9TZXJ2aXppIHBlciBsJ2lkZW50aXRhIGRpZ2l0YWxlMSIwIAYDVQQDDBlUSSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMB4XDTIxMTExMTE3MDMyMFoXDTI1MTExMDE3MDMyMFowgYsxCzAJBgNVBAYTAklUMS4wLAYDVQQKDCVUZWxlY29tIEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMSgwJgYDVQQLDB9TZXJ2aXppIHBlciBsJ2lkZW50aXRhIGRpZ2l0YWxlMSIwIAYDVQQDDBlUSSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sIS3+3iZSaAIyVywahlbpua2uJ/XmpV68P1e1STJpHoaj32STdHhqZnnb4Y/FshP1NUolzNolPXAYDmDduW1OnGndJZ+G9Hjh1PCkdiRw+p0FjhQAsGJkn8NdgTIHLJjqN1qQwtOsVGab8ScyA3mtmj3xKYuBhUoweuATzC7f5r7FfIoc3cy6N5lgrpZpfeAChxLwoHVjoAVgIBuemi6HAzmd4/BI06KzOcR7+dBVi4+uiseldxrJ5bhnjZKIwgkX14y9UA84Y+e+rMtyT8cT3XXi9NazZl5Ej5/bQPqqVsbg6tXzQSfEJD6JEjuYeC0RUKMS/EJn3hL5VLzTJ1NwIDAQABoywwKjAdBgNVHQ4EFgQUfctFZ8bRtmEvXPRlqgVDuggY/ZwwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA0lszHadknPfE17IWGWsgvlXOdKMnWcl9H5rEYmsWwDB9FJG9XAZvPMcVv1kkWi6XZI/8N2Twhu1BdZkdvntDRscuck8wxxIpkRV7CwlcqNFZ/IwjDBxOBa8Q1J850p+qP8A9apsLLPUlu/oLygNDWIXzcOjMqnPkEP+XXUNYPto5iV+OyDzLLacCYqDDHcvDewWLmEjt35X967KcM+m7K2zGRLWfqcZPIjJJOkpNjgcs+MaisMrGDyOKiD16v0LpwVyIpTqXvDk7KHo8CUNXDxyLxZzB6WffgnOgjXTfU3vluweOx0qQy/VxIupDlNBKiZB4gnt1oAfnaMbqla9wcw== CN=TI Trust Technologies srl,OU=Servizi per l'identita digitale,O=Telecom Italia Trust Technologies srl,C=IT urn:oasis:names:tc:SAML:2.0:nameid-format:transient TI Trust Technologies srl Trust Technologies srl https://www.trusttechnologies.it zanMEv9e3IoYmz27wv5RQCYhp7IuxdvUwb/VCjOjosA= EyJLBOIVDVK2UM0VYzm+ukfwm34rO2a+AmXnyem+FpLF8mHUdGe2vBafE2YiV6sr7H6/zg0ozeRgPVos9E5xc0LWZwPFK8KWaMiQwrdFVwxAVp3SL0DMXs8msj9+zMnrFb9zGNq9/SoSgJm9BNcjxud+9Ky4XlS30pk7deHy/KgdGpO0cnWOoaYbWfPhHmQ40y7lMF9WZnHibDNTbYPGFMhUgGjGauTH5x+HvGEbreLSpTMEt07Hc0KNV/TSCsUCKpbv7z2YOFbQ5yt6IO2MrpgOQIqr8JF1oC5t/C+5SltkpLUxvYwqh+gF91u1METuqURTzNe1Iz+qb0WFNuyMxw== MIIExTCCA62gAwIBAgIQH32A70kY92tuXB8AGi2DdDANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG
+EwJJVDEYMBYGA1UECgwPQXJ1YmFQRUMgUy5wLkEuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eUIxIDAeBgNVBAMMF0FydWJhUEVDIFMucC5BLiBORyBDQSAyMB4XDTIwMDEyMjAwMDAw
+MFoXDTI1MDEyMTIzNTk1OVowgaAxCzAJBgNVBAYTAklUMRYwFAYDVQQKDA1BcnViYSBQRUMgc3Bh
+MREwDwYDVQQLDAhQcm9kb3R0bzEWMBQGA1UEAwwNcGVjLml0IHBlYy5pdDEZMBcGA1UEBRMQWFhY
+WFhYMDBYMDBYMDAwWDEPMA0GA1UEKgwGcGVjLml0MQ8wDQYDVQQEDAZwZWMuaXQxETAPBgNVBC4T
+CDIwODc2Mzc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt2oHJhcp03l73p+QYpE
+J+f3jYYj0W0gos0RItZx/w4vpsiKBygaqDNVWSwfo1aPdVDIX13f62O+lBki29KTt+QWv5K6SGHD
+UXYPntRdEQlicIBh2Z0HfrM7fDl+xeJrMp1s4dsSQAuB5TJOlFZq7xCQuukytGWBTvjfcN/os5aE
+sEg+RbtZHJR26SbbUcIqWb27Swgj/9jwK+tvzLnP4w8FNvEOrNfR0XwTMNDFrwbOCuWgthv5jNBs
+VZaoqNwiA/MxYt+gTOMj/o5PWKk8Wpm6o/7/+lWAoxh0v8x9OkbIi+YaFpIxuCcUqsrJJk63x2gH
+Cc2nr+yclYUhsKD/AwIDAQABo4IBLDCCASgwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTKQ3+N
+PGcXFk8nX994vMTVpba1EzBHBgNVHSAEQDA+MDwGCysGAQQBgegtAQEBMC0wKwYIKwYBBQUHAgEW
+H2h0dHBzOi8vY2EuYXJ1YmFwZWMuaXQvY3BzLmh0bWwwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov
+L2NybC5hcnViYXBlYy5pdC9BcnViYVBFQ1NwQUNlcnRpZmljYXRpb25BdXRob3JpdHlCL0xhdGVz
+dENSTC5jcmwwHwYDVR0jBBgwFoAU8v9jQBwRQv3M3/FZ9m7omYcxR3kwMwYIKwYBBQUHAQEEJzAl
+MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hcnViYXBlYy5pdDANBgkqhkiG9w0BAQsFAAOCAQEA
+ZKpor1MrrYwPw+IuPZElQAuNzXsaSWSnn/QQwJtW49c4rFM4mEud9c61p9XxIIbgQKmDmNbzC+Dm
+wJSZ8ILdCAyBHmY3BehVRAy3KRA2KQhS9kd4vywf5KVYd1L5hQa9DBrusxF7i1X/SEeLQgoKkov0
+R8v43UncqXS/ql50ovJFxi938Rv4rVwa8o0hqqc6WUcjkidB6M9aNJLIbOZN3xNUgC28qIr8y7N8
+lbxWbwVrGxqKDtpaA9J0hOOXxwuTfSd1zOtT0KSSSUQ53QGOPnxyjxYDQbJu60/lBPuUV5wb/Z2r
+gpeUH1/n7limHV5sVmOZgSnf18T+0STANCfkXg== MIIExTCCA62gAwIBAgIQH32A70kY92tuXB8AGi2DdDANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG
+EwJJVDEYMBYGA1UECgwPQXJ1YmFQRUMgUy5wLkEuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eUIxIDAeBgNVBAMMF0FydWJhUEVDIFMucC5BLiBORyBDQSAyMB4XDTIwMDEyMjAwMDAw
+MFoXDTI1MDEyMTIzNTk1OVowgaAxCzAJBgNVBAYTAklUMRYwFAYDVQQKDA1BcnViYSBQRUMgc3Bh
+MREwDwYDVQQLDAhQcm9kb3R0bzEWMBQGA1UEAwwNcGVjLml0IHBlYy5pdDEZMBcGA1UEBRMQWFhY
+WFhYMDBYMDBYMDAwWDEPMA0GA1UEKgwGcGVjLml0MQ8wDQYDVQQEDAZwZWMuaXQxETAPBgNVBC4T
+CDIwODc2Mzc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt2oHJhcp03l73p+QYpE
+J+f3jYYj0W0gos0RItZx/w4vpsiKBygaqDNVWSwfo1aPdVDIX13f62O+lBki29KTt+QWv5K6SGHD
+UXYPntRdEQlicIBh2Z0HfrM7fDl+xeJrMp1s4dsSQAuB5TJOlFZq7xCQuukytGWBTvjfcN/os5aE
+sEg+RbtZHJR26SbbUcIqWb27Swgj/9jwK+tvzLnP4w8FNvEOrNfR0XwTMNDFrwbOCuWgthv5jNBs
+VZaoqNwiA/MxYt+gTOMj/o5PWKk8Wpm6o/7/+lWAoxh0v8x9OkbIi+YaFpIxuCcUqsrJJk63x2gH
+Cc2nr+yclYUhsKD/AwIDAQABo4IBLDCCASgwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTKQ3+N
+PGcXFk8nX994vMTVpba1EzBHBgNVHSAEQDA+MDwGCysGAQQBgegtAQEBMC0wKwYIKwYBBQUHAgEW
+H2h0dHBzOi8vY2EuYXJ1YmFwZWMuaXQvY3BzLmh0bWwwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov
+L2NybC5hcnViYXBlYy5pdC9BcnViYVBFQ1NwQUNlcnRpZmljYXRpb25BdXRob3JpdHlCL0xhdGVz
+dENSTC5jcmwwHwYDVR0jBBgwFoAU8v9jQBwRQv3M3/FZ9m7omYcxR3kwMwYIKwYBBQUHAQEEJzAl
+MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hcnViYXBlYy5pdDANBgkqhkiG9w0BAQsFAAOCAQEA
+ZKpor1MrrYwPw+IuPZElQAuNzXsaSWSnn/QQwJtW49c4rFM4mEud9c61p9XxIIbgQKmDmNbzC+Dm
+wJSZ8ILdCAyBHmY3BehVRAy3KRA2KQhS9kd4vywf5KVYd1L5hQa9DBrusxF7i1X/SEeLQgoKkov0
+R8v43UncqXS/ql50ovJFxi938Rv4rVwa8o0hqqc6WUcjkidB6M9aNJLIbOZN3xNUgC28qIr8y7N8
+lbxWbwVrGxqKDtpaA9J0hOOXxwuTfSd1zOtT0KSSSUQ53QGOPnxyjxYDQbJu60/lBPuUV5wb/Z2r
+gpeUH1/n7limHV5sVmOZgSnf18T+0STANCfkXg== MIIExTCCA62gAwIBAgIQIHtEvEhGM77HwqsuvSbi9zANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG
+EwJJVDEYMBYGA1UECgwPQXJ1YmFQRUMgUy5wLkEuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eUIxIDAeBgNVBAMMF0FydWJhUEVDIFMucC5BLiBORyBDQSAyMB4XDTE3MDEyMzAwMDAw
+MFoXDTIwMDEyMzIzNTk1OVowgaAxCzAJBgNVBAYTAklUMRYwFAYDVQQKDA1BcnViYSBQRUMgc3Bh
+MREwDwYDVQQLDAhQcm9kb3R0bzEWMBQGA1UEAwwNcGVjLml0IHBlYy5pdDEZMBcGA1UEBRMQWFhY
+WFhYMDBYMDBYMDAwWDEPMA0GA1UEKgwGcGVjLml0MQ8wDQYDVQQEDAZwZWMuaXQxETAPBgNVBC4T
+CDE2MzQ1MzgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt2oHJhcp03l73p+QYpE
+J+f3jYYj0W0gos0RItZx/w4vpsiKBygaqDNVWSwfo1aPdVDIX13f62O+lBki29KTt+QWv5K6SGHD
+UXYPntRdEQlicIBh2Z0HfrM7fDl+xeJrMp1s4dsSQAuB5TJOlFZq7xCQuukytGWBTvjfcN/os5aE
+sEg+RbtZHJR26SbbUcIqWb27Swgj/9jwK+tvzLnP4w8FNvEOrNfR0XwTMNDFrwbOCuWgthv5jNBs
+VZaoqNwiA/MxYt+gTOMj/o5PWKk8Wpm6o/7/+lWAoxh0v8x9OkbIi+YaFpIxuCcUqsrJJk63x2gH
+Cc2nr+yclYUhsKD/AwIDAQABo4IBLDCCASgwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTKQ3+N
+PGcXFk8nX994vMTVpba1EzBHBgNVHSAEQDA+MDwGCysGAQQBgegtAQEBMC0wKwYIKwYBBQUHAgEW
+H2h0dHBzOi8vY2EuYXJ1YmFwZWMuaXQvY3BzLmh0bWwwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov
+L2NybC5hcnViYXBlYy5pdC9BcnViYVBFQ1NwQUNlcnRpZmljYXRpb25BdXRob3JpdHlCL0xhdGVz
+dENSTC5jcmwwHwYDVR0jBBgwFoAU8v9jQBwRQv3M3/FZ9m7omYcxR3kwMwYIKwYBBQUHAQEEJzAl
+MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hcnViYXBlYy5pdDANBgkqhkiG9w0BAQsFAAOCAQEA
+nEw0NuaspbpDjA5wggwFtfQydU6b3Bw2/KXPRKS2JoqGmx0SYKj+L17A2KUBa2c7gDtKXYz0FLT6
+0Bv0pmBN/oYCgVMEBJKqwRwdki9YjEBwyCZwNEx1kDAyyqFEVU9vw/OQfrAdp7MTbuZGFKknVt7b
+9wOYy/Op9FiUaTg6SuOy0ep+rqhihltYNAAl4L6fY45mHvqa5vvVG30OvLW/S4uvRYUXYwY6KhWv
+NdDf5CnFugnuEZtHJrVe4wx9aO5GvFLFZ/mQ35C5mXPQ7nIb0CDdLBJdz82nUoLSA5BUbeXAUkfa
+hW/hLxLdhks68/TK694xVIuiB40pvMmJwxIyDA== urn:oasis:names:tc:SAML:2.0:nameid-format:transient ArubaPEC S.p.A. ArubaPEC S.p.A. https://www.pec.it/ ix5zJ0s5HicXBtbud2nW7dwhwEVB6jZnzhFkbFLAYVs= EdhsS12CrldyKtXkWCHY7PlrD8Uc2HyKd2a40aNsEabBJxH0gsKfzO85HSRw1jLBVf0352moDNAp
+vqrH24ImHV9umqzxqY5SAXx7ISeGl56kmWB4CWGPK7X7Vb0iDosDzoI60vHlipVmdbaqlwOZQG79
+xEoyo4bU/IxhdFhr0wl8b3SnGTWlFS3iThaz4g2dmWlzcjVcf+s5CigClhqToedKxPbY2CGl+U78
+sgNTlR2cGIe9gjRlQIboXUr14SzDJgIOLkFIGyuIlgA7vk85/HDSXGhEIa5r/N9Tb+dTc+PXPxV9
+Lk9Oy88WbYOqfvOKnkzVjmWj026DTT2N9uBPmg== MIIFgzCCA2ugAwIBAgIIJSppAZKg/XQwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCSVQxHjAc
+BgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEaMBgGA1UEYQwRVkFUSVQtMDExMTQ2MDEwMDYx
+GjAYBgNVBAMMEVBvc3RlIEl0YWxpYW5lIENBMB4XDTIxMDIxODExNDYzMVoXDTI0MDIxOTExNDYz
+MVowQzELMAkGA1UEBhMCSVQxHjAcBgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEUMBIGA1UE
+AwwLaWRwLXBvc3RlaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZFEtJoEHFAjpC
+aZcj5DVWrRDyaLZyu31XApslbo87CyWz61OJMtw6QQU0MdCtrYbtSJ6vJwx7/6EUjsZ3u4x3EPLd
+lkyiGOqukPwATv4c7TVOUVs5onIqTphM9b+AHRg4ehiMGesm/9d7RIaLuN79iPUvdLn6WP3idAfE
+w+rhJ/wYEQ0h1Xm5osNUgtWcBGavZIjLssWNrDDfJYxXH3QZ0kI6feEvLCJwgjXLGkBuhFehNhM4
+fhbX9iUCWwwkJ3JsP2++Rc/iTA0LZhiUsXNNq7gBcLAJ9UX2V1dWjTzBHevfHspzt4e0VgIIwbDR
+qsRtF8VUPSDYYbLoqwbLt18XAgMBAAGjggFXMIIBUzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUH
+MAGGI2h0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQvcGktb2NzcENBMB0GA1UdDgQWBBRL64pGUJHw
+Y7ok6cRMUgXvMBoLMjAfBgNVHSMEGDAWgBRs0025F7hHd0d+ULyAaELPZ7w/eTA+BgNVHSAENzA1
+MDMGCCtMMAEFAQEEMCcwJQYIKwYBBQUHAgEWGWh0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQwOAYD
+VR0fBDEwLzAtoCugKYYnaHR0cDovL3Bvc3RlY2VydC5wb3N0ZS5pdC9waS1DQS9jcmwuY3JsMA4G
+A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwJwYDVR0RBCAwHoEc
+aWRwLXBvc3RlaWRAcG9zdGVpdGFsaWFuZS5pdDANBgkqhkiG9w0BAQsFAAOCAgEAp0EhITlTx+cO
+aoXw//nBl6Q4y82MfSGfPJIw3ROV1z3tHBctaksi/RxAzyMD5beO2s8Q6lXx0sLMCcuUQmzHj3eJ
+bqn+6sIUr000dSlX/iPgVUc2dvPIZZg9xu38J8NvCfrtgAGY5iMVFMd3CZLFw0ybr+Bx/1K/NhQO
+7jxn0RSGA1J4mM2syVhEDUODs9kz3T4kXYUofwwvPL1a9xB9RBqbp7plYtbBBdftEORUQrWzH1mz
+NO4nlFkX9qgVrgFIIJJT2KadHoop1r65O9ffncK14qpNo3eTsNDq3hRlteb7ylmlJ8CoakUWZeXD
+DP9ZboWxZkyp+9903OrToRvOgeWSc+YrqcRZOv7r6tTALTk4U9OTKDG9/eNWSGQqD7Qd/9rssfF0
+uJEGHnbsk/Hvdxn8apgWN1Zwt6tsT7f/DO0Pdlaso9g7PVy8R+B3VkWAh76uCcICIPFBluC/ljaH
+V8hI+VsCLpMClo83YMCEM6E6nAPD22+fDR/DF9P73P04yUvJVHx4cnHPrpxVrPbaJoKrr9mUOLFy
+VRekX78ZRgiFiKYDNsiq9+148oRy+VehpmBoQ+T2EPeDFQ8JJ4xT8H7qdyr1swSk/9Lu4K0kw/yC
+TSb9K/wCuiHiuoSB54rzJoQxz90gS868r/+JGahYwHY5dUh1RbA4g5N8H3TDThc= MIIFgzCCA2ugAwIBAgIIJSppAZKg/XQwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCSVQxHjAc
+BgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEaMBgGA1UEYQwRVkFUSVQtMDExMTQ2MDEwMDYx
+GjAYBgNVBAMMEVBvc3RlIEl0YWxpYW5lIENBMB4XDTIxMDIxODExNDYzMVoXDTI0MDIxOTExNDYz
+MVowQzELMAkGA1UEBhMCSVQxHjAcBgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEUMBIGA1UE
+AwwLaWRwLXBvc3RlaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZFEtJoEHFAjpC
+aZcj5DVWrRDyaLZyu31XApslbo87CyWz61OJMtw6QQU0MdCtrYbtSJ6vJwx7/6EUjsZ3u4x3EPLd
+lkyiGOqukPwATv4c7TVOUVs5onIqTphM9b+AHRg4ehiMGesm/9d7RIaLuN79iPUvdLn6WP3idAfE
+w+rhJ/wYEQ0h1Xm5osNUgtWcBGavZIjLssWNrDDfJYxXH3QZ0kI6feEvLCJwgjXLGkBuhFehNhM4
+fhbX9iUCWwwkJ3JsP2++Rc/iTA0LZhiUsXNNq7gBcLAJ9UX2V1dWjTzBHevfHspzt4e0VgIIwbDR
+qsRtF8VUPSDYYbLoqwbLt18XAgMBAAGjggFXMIIBUzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUH
+MAGGI2h0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQvcGktb2NzcENBMB0GA1UdDgQWBBRL64pGUJHw
+Y7ok6cRMUgXvMBoLMjAfBgNVHSMEGDAWgBRs0025F7hHd0d+ULyAaELPZ7w/eTA+BgNVHSAENzA1
+MDMGCCtMMAEFAQEEMCcwJQYIKwYBBQUHAgEWGWh0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQwOAYD
+VR0fBDEwLzAtoCugKYYnaHR0cDovL3Bvc3RlY2VydC5wb3N0ZS5pdC9waS1DQS9jcmwuY3JsMA4G
+A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwJwYDVR0RBCAwHoEc
+aWRwLXBvc3RlaWRAcG9zdGVpdGFsaWFuZS5pdDANBgkqhkiG9w0BAQsFAAOCAgEAp0EhITlTx+cO
+aoXw//nBl6Q4y82MfSGfPJIw3ROV1z3tHBctaksi/RxAzyMD5beO2s8Q6lXx0sLMCcuUQmzHj3eJ
+bqn+6sIUr000dSlX/iPgVUc2dvPIZZg9xu38J8NvCfrtgAGY5iMVFMd3CZLFw0ybr+Bx/1K/NhQO
+7jxn0RSGA1J4mM2syVhEDUODs9kz3T4kXYUofwwvPL1a9xB9RBqbp7plYtbBBdftEORUQrWzH1mz
+NO4nlFkX9qgVrgFIIJJT2KadHoop1r65O9ffncK14qpNo3eTsNDq3hRlteb7ylmlJ8CoakUWZeXD
+DP9ZboWxZkyp+9903OrToRvOgeWSc+YrqcRZOv7r6tTALTk4U9OTKDG9/eNWSGQqD7Qd/9rssfF0
+uJEGHnbsk/Hvdxn8apgWN1Zwt6tsT7f/DO0Pdlaso9g7PVy8R+B3VkWAh76uCcICIPFBluC/ljaH
+V8hI+VsCLpMClo83YMCEM6E6nAPD22+fDR/DF9P73P04yUvJVHx4cnHPrpxVrPbaJoKrr9mUOLFy
+VRekX78ZRgiFiKYDNsiq9+148oRy+VehpmBoQ+T2EPeDFQ8JJ4xT8H7qdyr1swSk/9Lu4K0kw/yC
+TSb9K/wCuiHiuoSB54rzJoQxz90gS868r/+JGahYwHY5dUh1RbA4g5N8H3TDThc= urn:oasis:names:tc:SAML:2.0:nameid-format:transient Poste Italiane SpA Poste Italiane SpA https://www.poste.it
+w+1EhJJcYbEAVZ8qyNUtad7jWWLjyqvBKP+4UnueiVo= FvIykT0ZR+T4FnSDZkurxrjI8YaZKKx0PV0eNIHGo2k57KdzD2YRyK3eQS8Afg+E8BvrwGJlXoPY/z3jZBV/Hs0jkkZtAT2obK0g55TcXiSXJyKwRkG5KnjaxKQFSOVExJliHRkCdQgf5WUwdKIJ7m5amssrxW6jH6ejEhSXqqttpK+NuH2TxzXjHAda5wIBjyOAB7QmobTrAaFKG6vapy8P2TcrSknw/YdBTYm8X9dHpsukBksMPoAYB35vTLukQuFkxp6Z7JTPjG0W8VPhRcr/9Falk//8qlXjCx+fKKEaR0mDT/xKXdYBb91tURzaOUuqBEZz2O6HIuANR4e36A== MIIEDjCCAvagAwIBAgIIIT1A+ywbIQAwDQYJKoZIhvcNAQELBQAwXjEzMDEGA1UEAwwqSU4uVEUuUy5BLiBTLnAuQSAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQKDBFJTi5URS5TLkEuIFMucC5BLjELMAkGA1UEBhMCSVQwHhcNMTcwOTE1MTMyMzQ1WhcNMzYwNzAxMTk1OTAwWjBQMSUwDwYDVQQuEwgyMDA3OTc5NzASBgNVBAMMC1NBTUwgU2lnbmVyMRowGAYDVQQKDBFJTi5URS5TLkEuIFMucC5BLjELMAkGA1UEBhMCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhYXkP+eQBURgmslDXBjG0ad+DkSAkWt7hUoaTyiK0e34QiyArq043plqTrt+6FzTGeX7960Qr3tCLGCiVOi47QuE09IKfJmKGEaUQnJQehHYZs/XV0OYQl18WrCxUX6ALOcqPs+4ypCbJV1WzSosfBcPBzivJER8kvrynMXI3or18e9XPTGBn8qNFyNF1E3BJ5UhrDvk5W2gKyYKz0M/CIu9PiHuO/ne6HbeNrCS/xzXtjsTusk41AOxIQoFbEzS08xcRY+QDE8oLcAmecSjT3xv3r9dWke6KTTAahS3K+5mOYRcBXj2FFegiUp+xh4OAWdH1+gGDYm+3aAmMpaLtAgMBAAGjgd0wgdowHQYDVR0OBBYEFEw9xWg4qvQGdlGMCqmJcVDgdE8aMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUySnWJ2sw0ljDpJVrtrxCCP0b1CYwGgYDVR0QBBMwEYAPMjAxNzA5MTUxMzIzNDVaMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNBX25DQS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAVRHyFRZZFpW/qjJpKftd86h3wOdUqOhc2W8ZHv0st8ptG+mZk3l1iWAsEPqKMIBhksgTvalnHC1lHUt11xsZ2mzUjVpiG8XiWXYXQnY2D+q7Dc4n20kJ717qf4SDN8wX1A6XvT3Wrsfh87vg3ZFD56/eyur2snWu4OilsFqAyLhnExG4puJ4JKBWnlwAGXD9SFgkSZ8FC66KQs6CAwVkvCIom3IwJeU/VrYQF6XHkVCQgr5mojXgCkrlRNl53WAKfQHCT4QH+oQVP97PCEL/wQ1zi0UzWauKT6u2wDym9rcpch+WLa0GUtYNhuoLU2SregPKwTWg2DfINJObyWRpww==
+
+
+
+ MIIEDjCCAvagAwIBAgIIIT1A+ywbIQAwDQYJKoZIhvcNAQELBQAwXjEzMDEGA1UE
+ AwwqSU4uVEUuUy5BLiBTLnAuQSAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRow
+ GAYDVQQKDBFJTi5URS5TLkEuIFMucC5BLjELMAkGA1UEBhMCSVQwHhcNMTcwOTE1
+ MTMyMzQ1WhcNMzYwNzAxMTk1OTAwWjBQMSUwDwYDVQQuEwgyMDA3OTc5NzASBgNV
+ BAMMC1NBTUwgU2lnbmVyMRowGAYDVQQKDBFJTi5URS5TLkEuIFMucC5BLjELMAkG
+ A1UEBhMCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhYXkP+eQB
+ URgmslDXBjG0ad+DkSAkWt7hUoaTyiK0e34QiyArq043plqTrt+6FzTGeX7960Qr
+ 3tCLGCiVOi47QuE09IKfJmKGEaUQnJQehHYZs/XV0OYQl18WrCxUX6ALOcqPs+4y
+ pCbJV1WzSosfBcPBzivJER8kvrynMXI3or18e9XPTGBn8qNFyNF1E3BJ5UhrDvk5
+ W2gKyYKz0M/CIu9PiHuO/ne6HbeNrCS/xzXtjsTusk41AOxIQoFbEzS08xcRY+QD
+ E8oLcAmecSjT3xv3r9dWke6KTTAahS3K+5mOYRcBXj2FFegiUp+xh4OAWdH1+gGD
+ Ym+3aAmMpaLtAgMBAAGjgd0wgdowHQYDVR0OBBYEFEw9xWg4qvQGdlGMCqmJcVDg
+ dE8aMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUySnWJ2sw0ljDpJVrtrxCCP0b
+ 1CYwGgYDVR0QBBMwEYAPMjAxNzA5MTUxMzIzNDVaMD8GA1UdHwQ4MDYwNKAyoDCG
+ Lmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNBX25DQS5jcmww
+ DgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN
+ BgkqhkiG9w0BAQsFAAOCAQEAVRHyFRZZFpW/qjJpKftd86h3wOdUqOhc2W8ZHv0s
+ t8ptG+mZk3l1iWAsEPqKMIBhksgTvalnHC1lHUt11xsZ2mzUjVpiG8XiWXYXQnY2
+ D+q7Dc4n20kJ717qf4SDN8wX1A6XvT3Wrsfh87vg3ZFD56/eyur2snWu4OilsFqA
+ yLhnExG4puJ4JKBWnlwAGXD9SFgkSZ8FC66KQs6CAwVkvCIom3IwJeU/VrYQF6XH
+ kVCQgr5mojXgCkrlRNl53WAKfQHCT4QH+oQVP97PCEL/wQ1zi0UzWauKT6u2wDym
+ 9rcpch+WLa0GUtYNhuoLU2SregPKwTWg2DfINJObyWRpww==
+
+
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IN.TE.S.A. S.p.A.
+ Intesa S.p.A.
+ https://www.intesa.it/
+
+ D/A8yDFktAAd8ZdH4txugRyfui6Yy9cYlS/ilyzB6qg= YN5NOuJNo8+3p5j+vQ+l0tA8hsvgfqwHu4amDbJeV3ltCa2ev2chti18Tekswx/FjkpVo7Xu1Thi3jcxRalyeoY2XAPhhEigI+JSA6+JcJUC91Gm+b9+LO6mnKba+epGBdfoDoj66tBCeSXD1AOSid1WcCEjEoFfMwIx2TJQVhz/Vx6JhAPYjbjyiXgus7hI4JPFQla3msjrrCJ8umU635e1dyFPqxTt1jIRP5oZnSGx0moP5dGRMhU+mu2mtcJOGiz02km+TtmxIRgACJ8HB3sEP3HDwtQmVguhDCUluY94UfU42dIsaKOZB2mVEVjHDzCVxGGYPAYaY8lu1ZDO5g== MIIDazCCAlOgAwIBAgIED8R+MDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJJVDELMAkGA1UECBMCRkkxETAPBgNVBAcTCGZsb3JlbmNlMREwDwYDVQQKEwhyZWdpc3RlcjERMA8GA1UECxMIcmVnaXN0ZXIxETAPBgNVBAMTCHJlZ2lzdGVyMB4XDTE3MDcxMDEwMzM0OVoXDTI3MDcwODEwMzM0OVowZjELMAkGA1UEBhMCSVQxCzAJBgNVBAgTAkZJMREwDwYDVQQHEwhmbG9yZW5jZTERMA8GA1UEChMIcmVnaXN0ZXIxETAPBgNVBAsTCHJlZ2lzdGVyMREwDwYDVQQDEwhyZWdpc3RlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkYXHbm3q6xt3wrLAXnytswtj2JE1MM8aYmNXkTgDMCwO/+ahQOoQru6IBTbjfWH9jr+Woy54FDdX6bHl+5/mO6l/yAB/bKgwe5HmUjZJ5oakJjWucsSm+VkEwN2HquBZoN+mktju00xvLX5VAjmDHvZc/b8NhNr/FRKlYITboygkhGiUwGI3wLf3IaB76J0o7ugpW2WNLcywpX+p1VWZAMCdHBveBe/e42hh6WnWPqdwYUWHOgJ8HX4IzCHifiS1n6eUMgtoTQOmSvTQDwSjD0WWJE8tWSYt+txXg1t+3A3tbZOFu7T442wE7DtMdUL4+8gimQS+e8PxDK1uTqIPUCAwEAAaMhMB8wHQYDVR0OBBYEFMCgo1gzCIcUThQIs5g5ikfv1D7eMA0GCSqGSIb3DQEBCwUAA4IBAQBnGw3i3hQ37L8vyelkyZMeO3tLK65Cqti4oVrQZxClGV5zNA6fIMDY8Mci1UhLwjzp29POd/sez0vuHZ/Vmmygzoye4jTKr6c3jAh0u81FTzefBU+vIietm9RuV3sd7D9xq6EqOY1NDL+rkvBcTFtiwLEUm2kHYu/U67jk73pxOtmqxQvQeMU8oi42tehMZGLIGp3U5lGS8YGGl+GtkkQ2Z5/PSm67HGP81kTArG/QX+bX+ykypTJVg9hfb9zOFQidp1HkCRIez6YhDiP/ZLurd6Grt/wVfZPNBO8EOgy25AkRZlp+UD686BFg7qq5KKEbz3qmPrj8deHL3duacZcp MIIDazCCAlOgAwIBAgIED8R+MDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJJVDELMAkGA1UECBMCRkkxETAPBgNVBAcTCGZsb3JlbmNlMREwDwYDVQQKEwhyZWdpc3RlcjERMA8GA1UECxMIcmVnaXN0ZXIxETAPBgNVBAMTCHJlZ2lzdGVyMB4XDTE3MDcxMDEwMzM0OVoXDTI3MDcwODEwMzM0OVowZjELMAkGA1UEBhMCSVQxCzAJBgNVBAgTAkZJMREwDwYDVQQHEwhmbG9yZW5jZTERMA8GA1UEChMIcmVnaXN0ZXIxETAPBgNVBAsTCHJlZ2lzdGVyMREwDwYDVQQDEwhyZWdpc3RlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkYXHbm3q6xt3wrLAXnytswtj2JE1MM8aYmNXkTgDMCwO/+ahQOoQru6IBTbjfWH9jr+Woy54FDdX6bHl+5/mO6l/yAB/bKgwe5HmUjZJ5oakJjWucsSm+VkEwN2HquBZoN+mktju00xvLX5VAjmDHvZc/b8NhNr/FRKlYITboygkhGiUwGI3wLf3IaB76J0o7ugpW2WNLcywpX+p1VWZAMCdHBveBe/e42hh6WnWPqdwYUWHOgJ8HX4IzCHifiS1n6eUMgtoTQOmSvTQDwSjD0WWJE8tWSYt+txXg1t+3A3tbZOFu7T442wE7DtMdUL4+8gimQS+e8PxDK1uTqIPUCAwEAAaMhMB8wHQYDVR0OBBYEFMCgo1gzCIcUThQIs5g5ikfv1D7eMA0GCSqGSIb3DQEBCwUAA4IBAQBnGw3i3hQ37L8vyelkyZMeO3tLK65Cqti4oVrQZxClGV5zNA6fIMDY8Mci1UhLwjzp29POd/sez0vuHZ/Vmmygzoye4jTKr6c3jAh0u81FTzefBU+vIietm9RuV3sd7D9xq6EqOY1NDL+rkvBcTFtiwLEUm2kHYu/U67jk73pxOtmqxQvQeMU8oi42tehMZGLIGp3U5lGS8YGGl+GtkkQ2Z5/PSm67HGP81kTArG/QX+bX+ykypTJVg9hfb9zOFQidp1HkCRIez6YhDiP/ZLurd6Grt/wVfZPNBO8EOgy25AkRZlp+UD686BFg7qq5KKEbz3qmPrj8deHL3duacZcp urn:oasis:names:tc:SAML:2.0:nameid-format:transient Register.it S.p.A. Register.it S.p.A. https//www.register.it
+
+
+
+
+
+
+
+
+
+
+ khZostyVOFwCtkt5rHSLJ9UxgM6rKAR+7O+yLQ++5jI=
+
+
+ rnN5Omq7oWmuqqW13KbMr+taRMdqJ85W9+WpcWLX2Wsax26kTHBgD78vVfVWKuejMKeK6F8oSTkiipMlnGLXMniQplvI9rZJO3fj3ygG3qdwPCqFqJ7e9iYPZ5gIMjLuePyoAfcvSdAQiMBxeTX7nwjpLrzB51RaxGNTmJNJv44zbtdR++I1my8nSDRycq5o6+uR+k/SEOiR65+uQbiBvL9Or/N4sEoJyFx23AbQjurWiBzqgHwHPf8tDLBbDa8mjPhReXGK7aePymQU4GlSeZBxSHcSad04gQjlcgayp4d+O43SBczmtueV6szrAqURnhdj6L1PRvyusfNNk04bZA==
+
+
+ MIIINTCCBh2gAwIBAgIIJz+ujRbSAYwwDQYJKoZIhvcNAQENBQAwgfsxCzAJBgNV
+BAYTAklUMQ0wCwYDVQQHDARSb21lMSYwJAYDVQQKDB1BZ2VuemlhIHBlciBsJ0l0
+YWxpYSBEaWdpdGFsZTEwMC4GA1UECwwnU2Vydml6aW8gQWNjcmVkaXRhbWVudG8g
+ZSBwcm9nZXR0byBTUElEMTwwOgYDVQQDDDNQcm9nZXR0byBTUElEIC0gR2VzdG9y
+aSBkaSBJZGVudGl0w6AgRGlnaXRhbGUgKElkUCkxKTAnBgkqhkiG9w0BCQEWGnBy
+b3RvY29sbG9AcGVjLmFnaWQuZ292Lml0MRowGAYDVQQFExFWQVRJVC05NzczNTAy
+MDU4NDAeFw0yMjA1MTAwMDAwMDBaFw0zMjA1MDkyMzU5NTlaMIGrMRowGAYDVQRh
+DBFWQVRJVC0wMTAzNTMxMDQxNDEcMBoGA1UEAwwTc3BpZC50ZWFtc3lzdGVtLmNv
+bTEaMBgGA1UECgwRVGVhbVN5c3RlbSBTLnAuQS4xKDAmBgNVBFMMH2h0dHBzOi8v
+c3BpZC50ZWFtc3lzdGVtLmNvbS9pZHAxCzAJBgNVBAYTAklUMQ8wDQYDVQQHDAZQ
+ZXNhcm8xCzAJBgNVBAgMAlBVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAyNJMgyn+iquzTvLR5Z/eYBfOoyJIfI3rYcj5WOSlTzlqXXBCzdcROm/JKgrf
+3MOTEzH8RAn6XkSHXtJDtMpD7GlwYB0mo8scqDNtpszbhm/UXapJTrP7gy/UI3yf
+n99n4hvqkGOdld7w5vaAPS0w9PdcaRxY/7X4olHKBAx2cHAwiqhKuiFEDhfACRWs
+bw4gaIjVM7NuUtL/jG+PJV1NHrEn10vizE7IneMxDNqiQ14IjLL7pJMEPXwbXedz
+ZsModKKAXIX5reNSegEU1Y386BCkmg4IMWd+DglmMJ4uuzcga1AppgjDuqb8yFDa
+NOKy/0Jivh2rs7u9boE4cLVBPQIDAQABo4IDCTCCAwUwCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU/q5NWlPmylmZTsX0C2MwZkrx3b4wHwYDVR0jBBgwFoAUyF8jl8Jbn9To
+hwSTF77f5QNJd18wDgYDVR0PAQH/BAQDAgbAMBEGA1UdEQQKMAiCBmlkcC5pdDAW
+BgNVHRIEDzANggtzcGlkLmdvdi5pdDA/BgNVHR8EODA2MDSgMqAwhi5odHRwczov
+L2VpZGFzLmFnaWQuZ292Lml0L2NybC9jcmxfU1BJRF9JZFAuY3JsMGoGCCsGAQUF
+BwEBBF4wXDBEBggrBgEFBQcwAoY4aHR0cDovL2VpZGFzLmFnaWQuZ292Lml0L2Nl
+cnRpZmljYXRpL1N1Yl9DQV9TUElEX0lkUC5jZXIwFAYIKwYBBQUHMAGGCGh0dHBz
+Oi8vMIIBzgYDVR0gBIIBxTCCAcEwCQYHBACORgEGAjCBlQYEK0wQBjCBjDBEBggr
+BgEFBQcCAjA4GjZFbGVjdHJvbmljIGNlcnRpZmljYXRlIGNvbmZvcm1pbmcgd2l0
+aCBBR0lEIEd1aWRlbGluZXMwRAYIKwYBBQUHAgIwOBo2Q2VydGlmaWNhdG8gZWxl
+dHRyb25pY28gY29uZm9ybWUgYWxsZSBMaW5lZSBndWlkYSBBZ0lEMHIGBitMEAQB
+AjBoMDkGCCsGAQUFBwICMC0aK1NQSUQ6IGdlc3RvcmUgZGVsbGUgaWRlbnRpdOAg
+ZGlnaXRhbGkgKElkUCkwKwYIKwYBBQUHAgIwHxodU1BJRDogSWRlbnRpdHkgUHJv
+dmlkZXIgKElkUCkwCAYGBACPegEDME0GBCtMEAQwRTBDBggrBgEFBQcCARY3aHR0
+cHM6Ly9laWRhcy5hZ2lkLmdvdi5pdC9jcHMvQWdJRF9lSURBU19yb290Q0FfY3Bz
+LnBkZjBPBgYEAI5GAQUwRTBDBggrBgEFBQcCARY3aHR0cHM6Ly9laWRhcy5hZ2lk
+Lmdvdi5pdC9jcHMvQWdJRF9lSURBU19yb290Q0FfY3BzLnBkZjANBgkqhkiG9w0B
+AQ0FAAOCAgEAG9XZeAkIuqSmYb6bq5WrcI2FQtVrfbMH1CXGDKytZUsH5phkGfk/
+8UaIfkbHhnWakM4H9J2gnvfhKorfMt2FHyXFFJ38hlWR8MhFziqthXLUxyLZpUMn
+h8CcNQyFpNz7xbZk/qN5yFfJyY4Rggm1qdgCNR1LsVI3hjuaORTAzvy4kLjfuU5r
+nVYPcxpHF7feJKlN03d8JRKYaIi5U+QVYtYJpTcE7jeYmn4Ewfry2BDCOsnljeYl
+gm3fF8EEVpMfHIhvJg8evATWmKWHpXL2BRtVrl7TfhvtWqKv4tLff+Lv2YqRpmYu
+oApA48/MB4QxwAPUBnmQb3CxVGs6OCbE/tdUfda9HuHP5MXYLtTVbRYu8pHEPnaN
+jPA8y90KRw2wiedgjgOG8BxOkhVF/cYs3yH+0hbPS5Oji27t0P2g9eG/p9TOy4AI
+gUykFimVFk6HV9znknrFSdgsePSp+T5zy45Jdi1z4/RgJN10szJfqEBuvd8MhUu4
+meVgfDqXrqavCVzGpSLuicdk41sTOviBz+PEgbQ/qP9KHQv67SHoF4US9Pp9tkyj
+VFUs7lBnrlFAPpOzd97XdiZfotCA5umibqlxLshy4UK7yl2LZFllpxrfiXTCDASM
+KlMMIcIsWx0lU/qw5KPpqvXELiya791kohJTi+9pyG7LXIOHHA0whr0=
+
+
+
+
+
+ https://www.spid.gov.it/SpidL1
+ https://www.spid.gov.it/SpidL2
+
+
+ P
+ LP
+ PG
+ PF
+ PX
+
+
+
+
+
+
+ MIIINTCCBh2gAwIBAgIIJz+ujRbSAYwwDQYJKoZIhvcNAQENBQAwgfsxCzAJBgNV
BAYTAklUMQ0wCwYDVQQHDARSb21lMSYwJAYDVQQKDB1BZ2VuemlhIHBlciBsJ0l0
YWxpYSBEaWdpdGFsZTEwMC4GA1UECwwnU2Vydml6aW8gQWNjcmVkaXRhbWVudG8g
-ZSBwcm9nZXR0byBTUElEMQ0wCwYDVQQDDARBZ0lEMSkwJwYJKoZIhvcNAQkBFhpw
-cm90b2NvbGxvQHBlYy5hZ2lkLmdvdi5pdDEaMBgGA1UEBRMRVkFUSVQtOTc3MzUw
-MjA1ODQwHhcNMTkxMTE4MDAwMDAwWhcNMzkxMTE3MjM1OTU5WjCB1TELMAkGA1UE
-BhMCSVQxDTALBgNVBAcMBFJvbWUxJjAkBgNVBAoMHUFnZW56aWEgcGVyIGwnSXRh
-bGlhIERpZ2l0YWxlMTAwLgYDVQQLDCdTZXJ2aXppbyBBY2NyZWRpdGFtZW50byBl
-IHByb2dldHRvIFNQSUQxFjAUBgNVBAMMDVByb2dldHRvIFNQSUQxKTAnBgkqhkiG
-9w0BCQEWGnByb3RvY29sbG9AcGVjLmFnaWQuZ292Lml0MRowGAYDVQQFExFWQVRJ
-VC05NzczNTAyMDU4NDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOG+
-HkKenes7FCUm+lziQA9sNbA6nv4TVruLyONy27JqYtD37iGU2jPjHQlagbVZxXK4
-wiE8dzCfUmzMNec36yxHMycLefrl+e1VjvRG00j5fHCBvLO5PeJu5onsE2LWEhub
-g/T1+TZ2l7a8RzTcLrlpGZRufCSf4Lqk/Vpr5emfaRTkPjZwxY8AGfaow1HpxHRy
-vYhlfDhStPOfey4ohi3OQlhpWsYuQRE5FopUk0zzCa4AC0kTpuG/e36f9RBw8mkV
-sIYkkkLo5zR5FhU5vVdmeqm7IoRu7S6S0V6ynhNrkwghMYg6m7Iy4z/s/9gntjO0
-cPW+9cySeh2Hvx8FQU6TjdQMcyDCHqeLisdQAt47CHidmRMxdS/T89pp7fXXwDRU
-PP2XimvLT9B6ss48KeINK1+atsjfaHbQfF6O1j2zX8y7tMU1tfSgsIRHsdlhMhLZ
-v9G0CyqHQoL4Kfenh8IzZFOZ/cLamgFmxJoi3/7Gnvu7WqcxxcEKTCCA4il0q687
-DYXtVBwcdHRfr+y1Q9ZJ7npZhk19t7IMvhblOsC5+gVHc9cgSSHNa/lZRWyUMBI1
-kZqoJXYxG4ZEX1J1SP94uTR8hvwjtUGFV4on9NJD3+CdsZUR5h7WmBoDT9+FBoyk
-MmJrKmcm8kl9f8Zfx7Y4zSajH928yAQmkRBmnGCtAgMBAAGjggGPMIIBizAMBgNV
-HRMBAf8EAjAAMB0GA1UdDgQWBBTyS24ftu+oo64GJRUIl+FOXSxi4DAfBgNVHSME
-GDAWgBSfx1tsJaanm4NepvvB/qN5O82PkTAOBgNVHQ8BAf8EBAMCBkAwPQYDVR0f
-BDYwNDAyoDCgLoYsaHR0cHM6Ly93d3cvZWlkYXMuYWdpZC5nb3YuaXQvY3JsL2Ny
-bF9TQS5jcmwwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwczovL29j
-c3BfU0EuYWdpZC5nb3YuaXQwgbIGA1UdIASBqjCBpzBMBgMrTBAwRTBDBggrBgEF
-BQcCARY3aHR0cDovL2VpZGFzLmFnaWQuZ292Lml0L2Nwcy9BZ0lEX2VJREFTX3Jv
-b3RDQV9jcHMucGRmOzBXBgQrTBAEME8wTQYIKwYBBQUHAgIwQRo/R292ZXJubWVu
-dCBwcm9qZWN0IFNpc3RlbWEgUHViYmxpY28gZGkgSWRlbnRpdOAgRGlnaXRhbGUg
-KFNQSUQpMA0GCSqGSIb3DQEBDQUAA4ICAQAKtdL1GkGx74Uny4Bg5p/ZYcCOrI/D
-rV0dK9nhyl+uGLPn2nxRDXgDesaWGaVPywbtKbNd/6+aqUdgcvlwsePafiy3LHYo
-wpILQ7X2mNUjnvoX0o2AcK9DfY+fUXA2DH+zKrwwH5SCDYykx/JQNaQp+vZQcFaK
-UHOVltuhrW8fJAya9pIPLpAL4z97zC648GUB6EnsnjcwWd3HKw88+cJcI9yuh5wL
-TeOJtI0C2LeDTg1WHaO7eX+Nrp/euia/OIlzfl/9x7KGHuDvhsLIOPEcHktLVbxH
-4rH/JpcbhS43asd9hbMYw+DLAQ51abZ63PlIJqUcfFotzgQ29mKnAT4auIMYqbR7
-Y2viM8ZCUNOxvV06cp+AejOF65iMny8PPG0puMvzqngsmsj3CbKLDTPxq5W8Cu5P
-5nq/s8ShcqQetqNMnfXTdCc8ulhKHX37txbee7/vcFM3TgXGlYBD2qCJkHKlQWkn
-2p81+O1j9qVIpEFBhdCN/WTmQr6ev97yr1zwhPa8wABfUVzAS2WEayCEBg45+caY
-6R9P6kI8i1XIb7AY8+lGGoDNOUQjLcnZllPMWkQr/WYkh0BZqZ1aYHsFo+d4tNHc
-EKVE7io0tjCLViOFyOsbOMFh7JhJgQS6uPtCYvnmpZJd6LIXweZUuhxy6jw6A+2w
-a0Mb8Qjd61OSdQ==
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Rgz8nwzHgpdUxx/WBdPgPzYiotGNzUwwlwW46zCd7dY=
-
-
- HFR/inyn/yV0h/tvUqMhJhbWuosEf8NMzO2AqH7RLtGVrLn4L1ZrOTT1iiY08jf94uQQuMhFdPaFjkAoZIJyeW7GxNjSu5r+9E8fmlkxV3KXzfStDserIAmMQ93onAeMOx8kYJ1GQ9U34zYDfDTp+Gtwwei0kbR1AU6R8xv4WHJ3+rndTJbFawEiNNzd6HvNlHd/yjl3jgBIucDDjRJOcv7frjMWap5nmNJwhkny98pNzYkWhDpEOkZLqHn3g1yJgDpm+e6BtUSsVKl96fLgVUbePWfTQG/wckz76gwK4oLM6LLRwx9F70d7Wa7FPBjmaoTVrO/olq3g1D7MQU7Zug==
-
-
- MIIExTCCA62gAwIBAgIQH32A70kY92tuXB8AGi2DdDANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG EwJJVDEYMBYGA1UECgwPQXJ1YmFQRUMgUy5wLkEuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0aW9uIEF1 dGhvcml0eUIxIDAeBgNVBAMMF0FydWJhUEVDIFMucC5BLiBORyBDQSAyMB4XDTIwMDEyMjAwMDAw MFoXDTI1MDEyMTIzNTk1OVowgaAxCzAJBgNVBAYTAklUMRYwFAYDVQQKDA1BcnViYSBQRUMgc3Bh MREwDwYDVQQLDAhQcm9kb3R0bzEWMBQGA1UEAwwNcGVjLml0IHBlYy5pdDEZMBcGA1UEBRMQWFhY WFhYMDBYMDBYMDAwWDEPMA0GA1UEKgwGcGVjLml0MQ8wDQYDVQQEDAZwZWMuaXQxETAPBgNVBC4T CDIwODc2Mzc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt2oHJhcp03l73p+QYpE J+f3jYYj0W0gos0RItZx/w4vpsiKBygaqDNVWSwfo1aPdVDIX13f62O+lBki29KTt+QWv5K6SGHD UXYPntRdEQlicIBh2Z0HfrM7fDl+xeJrMp1s4dsSQAuB5TJOlFZq7xCQuukytGWBTvjfcN/os5aE sEg+RbtZHJR26SbbUcIqWb27Swgj/9jwK+tvzLnP4w8FNvEOrNfR0XwTMNDFrwbOCuWgthv5jNBs VZaoqNwiA/MxYt+gTOMj/o5PWKk8Wpm6o/7/+lWAoxh0v8x9OkbIi+YaFpIxuCcUqsrJJk63x2gH Cc2nr+yclYUhsKD/AwIDAQABo4IBLDCCASgwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTKQ3+N PGcXFk8nX994vMTVpba1EzBHBgNVHSAEQDA+MDwGCysGAQQBgegtAQEBMC0wKwYIKwYBBQUHAgEW H2h0dHBzOi8vY2EuYXJ1YmFwZWMuaXQvY3BzLmh0bWwwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov L2NybC5hcnViYXBlYy5pdC9BcnViYVBFQ1NwQUNlcnRpZmljYXRpb25BdXRob3JpdHlCL0xhdGVz dENSTC5jcmwwHwYDVR0jBBgwFoAU8v9jQBwRQv3M3/FZ9m7omYcxR3kwMwYIKwYBBQUHAQEEJzAl MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hcnViYXBlYy5pdDANBgkqhkiG9w0BAQsFAAOCAQEA ZKpor1MrrYwPw+IuPZElQAuNzXsaSWSnn/QQwJtW49c4rFM4mEud9c61p9XxIIbgQKmDmNbzC+Dm wJSZ8ILdCAyBHmY3BehVRAy3KRA2KQhS9kd4vywf5KVYd1L5hQa9DBrusxF7i1X/SEeLQgoKkov0 R8v43UncqXS/ql50ovJFxi938Rv4rVwa8o0hqqc6WUcjkidB6M9aNJLIbOZN3xNUgC28qIr8y7N8 lbxWbwVrGxqKDtpaA9J0hOOXxwuTfSd1zOtT0KSSSUQ53QGOPnxyjxYDQbJu60/lBPuUV5wb/Z2r gpeUH1/n7limHV5sVmOZgSnf18T+0STANCfkXg==
-
-
-
-
-
-
-
- MIIExTCCA62gAwIBAgIQH32A70kY92tuXB8AGi2DdDANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG EwJJVDEYMBYGA1UECgwPQXJ1YmFQRUMgUy5wLkEuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0aW9uIEF1 dGhvcml0eUIxIDAeBgNVBAMMF0FydWJhUEVDIFMucC5BLiBORyBDQSAyMB4XDTIwMDEyMjAwMDAw MFoXDTI1MDEyMTIzNTk1OVowgaAxCzAJBgNVBAYTAklUMRYwFAYDVQQKDA1BcnViYSBQRUMgc3Bh MREwDwYDVQQLDAhQcm9kb3R0bzEWMBQGA1UEAwwNcGVjLml0IHBlYy5pdDEZMBcGA1UEBRMQWFhY WFhYMDBYMDBYMDAwWDEPMA0GA1UEKgwGcGVjLml0MQ8wDQYDVQQEDAZwZWMuaXQxETAPBgNVBC4T CDIwODc2Mzc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt2oHJhcp03l73p+QYpE J+f3jYYj0W0gos0RItZx/w4vpsiKBygaqDNVWSwfo1aPdVDIX13f62O+lBki29KTt+QWv5K6SGHD UXYPntRdEQlicIBh2Z0HfrM7fDl+xeJrMp1s4dsSQAuB5TJOlFZq7xCQuukytGWBTvjfcN/os5aE sEg+RbtZHJR26SbbUcIqWb27Swgj/9jwK+tvzLnP4w8FNvEOrNfR0XwTMNDFrwbOCuWgthv5jNBs VZaoqNwiA/MxYt+gTOMj/o5PWKk8Wpm6o/7/+lWAoxh0v8x9OkbIi+YaFpIxuCcUqsrJJk63x2gH Cc2nr+yclYUhsKD/AwIDAQABo4IBLDCCASgwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTKQ3+N PGcXFk8nX994vMTVpba1EzBHBgNVHSAEQDA+MDwGCysGAQQBgegtAQEBMC0wKwYIKwYBBQUHAgEW H2h0dHBzOi8vY2EuYXJ1YmFwZWMuaXQvY3BzLmh0bWwwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov L2NybC5hcnViYXBlYy5pdC9BcnViYVBFQ1NwQUNlcnRpZmljYXRpb25BdXRob3JpdHlCL0xhdGVz dENSTC5jcmwwHwYDVR0jBBgwFoAU8v9jQBwRQv3M3/FZ9m7omYcxR3kwMwYIKwYBBQUHAQEEJzAl MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hcnViYXBlYy5pdDANBgkqhkiG9w0BAQsFAAOCAQEA ZKpor1MrrYwPw+IuPZElQAuNzXsaSWSnn/QQwJtW49c4rFM4mEud9c61p9XxIIbgQKmDmNbzC+Dm wJSZ8ILdCAyBHmY3BehVRAy3KRA2KQhS9kd4vywf5KVYd1L5hQa9DBrusxF7i1X/SEeLQgoKkov0 R8v43UncqXS/ql50ovJFxi938Rv4rVwa8o0hqqc6WUcjkidB6M9aNJLIbOZN3xNUgC28qIr8y7N8 lbxWbwVrGxqKDtpaA9J0hOOXxwuTfSd1zOtT0KSSSUQ53QGOPnxyjxYDQbJu60/lBPuUV5wb/Z2r gpeUH1/n7limHV5sVmOZgSnf18T+0STANCfkXg==
-
-
-
-
-
-
- MIIExTCCA62gAwIBAgIQIHtEvEhGM77HwqsuvSbi9zANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG EwJJVDEYMBYGA1UECgwPQXJ1YmFQRUMgUy5wLkEuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0aW9uIEF1 dGhvcml0eUIxIDAeBgNVBAMMF0FydWJhUEVDIFMucC5BLiBORyBDQSAyMB4XDTE3MDEyMzAwMDAw MFoXDTIwMDEyMzIzNTk1OVowgaAxCzAJBgNVBAYTAklUMRYwFAYDVQQKDA1BcnViYSBQRUMgc3Bh MREwDwYDVQQLDAhQcm9kb3R0bzEWMBQGA1UEAwwNcGVjLml0IHBlYy5pdDEZMBcGA1UEBRMQWFhY WFhYMDBYMDBYMDAwWDEPMA0GA1UEKgwGcGVjLml0MQ8wDQYDVQQEDAZwZWMuaXQxETAPBgNVBC4T CDE2MzQ1MzgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt2oHJhcp03l73p+QYpE J+f3jYYj0W0gos0RItZx/w4vpsiKBygaqDNVWSwfo1aPdVDIX13f62O+lBki29KTt+QWv5K6SGHD UXYPntRdEQlicIBh2Z0HfrM7fDl+xeJrMp1s4dsSQAuB5TJOlFZq7xCQuukytGWBTvjfcN/os5aE sEg+RbtZHJR26SbbUcIqWb27Swgj/9jwK+tvzLnP4w8FNvEOrNfR0XwTMNDFrwbOCuWgthv5jNBs VZaoqNwiA/MxYt+gTOMj/o5PWKk8Wpm6o/7/+lWAoxh0v8x9OkbIi+YaFpIxuCcUqsrJJk63x2gH Cc2nr+yclYUhsKD/AwIDAQABo4IBLDCCASgwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTKQ3+N PGcXFk8nX994vMTVpba1EzBHBgNVHSAEQDA+MDwGCysGAQQBgegtAQEBMC0wKwYIKwYBBQUHAgEW H2h0dHBzOi8vY2EuYXJ1YmFwZWMuaXQvY3BzLmh0bWwwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov L2NybC5hcnViYXBlYy5pdC9BcnViYVBFQ1NwQUNlcnRpZmljYXRpb25BdXRob3JpdHlCL0xhdGVz dENSTC5jcmwwHwYDVR0jBBgwFoAU8v9jQBwRQv3M3/FZ9m7omYcxR3kwMwYIKwYBBQUHAQEEJzAl MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hcnViYXBlYy5pdDANBgkqhkiG9w0BAQsFAAOCAQEA nEw0NuaspbpDjA5wggwFtfQydU6b3Bw2/KXPRKS2JoqGmx0SYKj+L17A2KUBa2c7gDtKXYz0FLT6 0Bv0pmBN/oYCgVMEBJKqwRwdki9YjEBwyCZwNEx1kDAyyqFEVU9vw/OQfrAdp7MTbuZGFKknVt7b 9wOYy/Op9FiUaTg6SuOy0ep+rqhihltYNAAl4L6fY45mHvqa5vvVG30OvLW/S4uvRYUXYwY6KhWv NdDf5CnFugnuEZtHJrVe4wx9aO5GvFLFZ/mQ35C5mXPQ7nIb0CDdLBJdz82nUoLSA5BUbeXAUkfa hW/hLxLdhks68/TK694xVIuiB40pvMmJwxIyDA==
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ArubaPEC S.p.A.
- ArubaPEC S.p.A.
- https://www.pec.it/
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- JYabeJxTWpGOIW90eC7ekvprrusmJyKVSYolR8+CKNg=
-
-
- jFMgkoDLNlC7Jt98viHFG9BmVzZz0n0ldOh7IkVmv7kFXtXke/WIcRyenFP+mDKyBSgSpp+uzfEx6nc6vJDnnXh3ct/UpNPQSpJOnwP+H0SK80rS6yL9NSxIQXkQsjSEQpn3tyBXWS4pRPv+ixI5MZzqq6AylL8bqEe9bb1AkP9fch9rN+gJ/WUxKsHlZ6sb9zIxio81L360+e1jVci8N84y25tpr+MyLCVJSBSBWLMxVRSxswXX8sQ//OebShEgmrl90cqRRxgoQXCnL84Fj99wIXYDyQRuCmcRV4RRe+slwW2fn54qFC4BfT69qU2G4GfzVjwqtdUiz2vwd2jEZA==
-
-
- MIIGbDCCBVSgAwIBAgIDFI9hMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYDVQQGEwJJVDEVMBMGA1UECgwMSU5GT0NFUlQgU1BBMRswGQYDVQQLDBJFbnRlIENlcnRpZmljYXRvcmUxFDASBgNVBAUTCzA3OTQ1MjExMDA2MS0wKwYDVQQDDCRJbmZvQ2VydCBTZXJ2aXppIGRpIENlcnRpZmljYXppb25lIDIwHhcNMTkwMTEwMTQ1NzI1WhcNMjIwMTEwMDAwMDAwWjCBsTEUMBIGA1UELhMLMDc5NDUyMTEwMDYxDzANBgkqhkiG9w0BCQEWADEUMBIGA1UEBRMLMDc5NDUyMTEwMDYxHTAbBgNVBAMMFGlkZW50aXR5LmluZm9jZXJ0Lml0MRQwEgYDVQQLDAtJbmZvQ2VydCBJRDEhMB8GA1UECgwYSW5mb0NlcnQgU3BBLzA3OTQ1MjExMDA2MQ0wCwYDVQQHDARSb21hMQswCQYDVQQGEwJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvEta2kscGXQoVAHK2tJi1od9FBEv/YovikioN91ohzG99gEsv5vojsroFsF4rITK9wk6syohwPjWjaKxN45x2b41Stz2llqInB9SOY8+yCANY9GyOjhj8PW2+X5KD+XBSgyOBPXienAGIviKW6wYReDR9Wmw3I3vODZr812B7VG1HwhEZHVxqJGkg9mozN7jN+1uHTzYw7UBIaVCyro89iRmTZpnQvo1gBG3FM5wlY1Vi+MDwX211YjaVVJnYXHg9g85B5ACvYDCpnpYnb5BdmrrtgSns2mRlHGlP+M/WZj+vcv5jHXRvomyS2ic0e/gZ4YYsHh1+gdWQktEYILNcCAwEAAaOCArQwggKwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMCUGA1UdEgQeMByBGmZpcm1hLmRpZ2l0YWxlQGluZm9jZXJ0Lml0MGUGA1UdIAReMFwwWgYGK0wkAQEIMFAwTgYIKwYBBQUHAgIwQgxASW5mb0NlcnQgU3BBIFNTTCwgU01JTUUgYW5kIGRpZ2l0YWwgc2lnbmF0dXJlIENsaWVudCBDZXJ0aWZpY2F0ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnNjLmluZm9jZXJ0Lml0LzCB7AYDVR0fBIHkMIHhMDSgMqAwhi5odHRwOi8vY3JsLmluZm9jZXJ0Lml0L2NybHMvc2Vydml6aTIvQ1JMMDMuY3JsMIGooIGloIGihoGfbGRhcDovL2xkYXAuaW5mb2NlcnQuaXQvY24lM0RJbmZvQ2VydCUyMFNlcnZpemklMjBkaSUyMENlcnRpZmljYXppb25lJTIwMiUyMENSTDAzLG91JTNERW50ZSUyMENlcnRpZmljYXRvcmUsbyUzRElORk9DRVJUJTIwU1BBLEMlM0RJVD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MA4GA1UdDwEB/wQEAwIEsDCBswYDVR0jBIGrMIGogBTpNppkKVKhWv5ppMSDt4B9D2oSeKGBjKSBiTCBhjELMAkGA1UEBhMCSVQxFTATBgNVBAoMDElORk9DRVJUIFNQQTEbMBkGA1UECwwSRW50ZSBDZXJ0aWZpY2F0b3JlMRQwEgYDVQQFEwswNzk0NTIxMTAwNjEtMCsGA1UEAwwkSW5mb0NlcnQgU2Vydml6aSBkaSBDZXJ0aWZpY2F6aW9uZSAyggECMB0GA1UdDgQWBBRtxPZ78wWulPjzok0OM9Rih9WYmzANBgkqhkiG9w0BAQsFAAOCAQEAXm9OL+hVgFtZL5QTRqxQf4LrFwDn+IzUfSKMaiwh85WexK5DSW3eZ/+HFS2nQvF2WPls00wHvAfQ99U6NWLRps7a5Nswzo0ZBCtiG0Jh9Jp60U4J+e6HTqjmMokrV5Q+21hzurCsV3lLY986mNOoulJLrq421WFNBVV4ngiegYS6uIhRjBOO6v+xA6rRUPdMYd8rEhEyD3XSiQfedkqghJQmJ0t29kYRphdFws9JcLMiOwYmUZohjfbXBnhJtgn9eyuPRIBFx/WUC4PaYMFL62i+9GYVV+Dn3/L23HJm0it8fKtYEhcgQbHJxa4QByfpGbE3li+ojHsCpN/XKHeDbA==
-
-
-
-
-
-
-
- MIIGbDCCBVSgAwIBAgIDFI9hMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYDVQQGEwJJVDEVMBMGA1UECgwMSU5GT0NFUlQgU1BBMRswGQYDVQQLDBJFbnRlIENlcnRpZmljYXRvcmUxFDASBgNVBAUTCzA3OTQ1MjExMDA2MS0wKwYDVQQDDCRJbmZvQ2VydCBTZXJ2aXppIGRpIENlcnRpZmljYXppb25lIDIwHhcNMTkwMTEwMTQ1NzI1WhcNMjIwMTEwMDAwMDAwWjCBsTEUMBIGA1UELhMLMDc5NDUyMTEwMDYxDzANBgkqhkiG9w0BCQEWADEUMBIGA1UEBRMLMDc5NDUyMTEwMDYxHTAbBgNVBAMMFGlkZW50aXR5LmluZm9jZXJ0Lml0MRQwEgYDVQQLDAtJbmZvQ2VydCBJRDEhMB8GA1UECgwYSW5mb0NlcnQgU3BBLzA3OTQ1MjExMDA2MQ0wCwYDVQQHDARSb21hMQswCQYDVQQGEwJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvEta2kscGXQoVAHK2tJi1od9FBEv/YovikioN91ohzG99gEsv5vojsroFsF4rITK9wk6syohwPjWjaKxN45x2b41Stz2llqInB9SOY8+yCANY9GyOjhj8PW2+X5KD+XBSgyOBPXienAGIviKW6wYReDR9Wmw3I3vODZr812B7VG1HwhEZHVxqJGkg9mozN7jN+1uHTzYw7UBIaVCyro89iRmTZpnQvo1gBG3FM5wlY1Vi+MDwX211YjaVVJnYXHg9g85B5ACvYDCpnpYnb5BdmrrtgSns2mRlHGlP+M/WZj+vcv5jHXRvomyS2ic0e/gZ4YYsHh1+gdWQktEYILNcCAwEAAaOCArQwggKwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMCUGA1UdEgQeMByBGmZpcm1hLmRpZ2l0YWxlQGluZm9jZXJ0Lml0MGUGA1UdIAReMFwwWgYGK0wkAQEIMFAwTgYIKwYBBQUHAgIwQgxASW5mb0NlcnQgU3BBIFNTTCwgU01JTUUgYW5kIGRpZ2l0YWwgc2lnbmF0dXJlIENsaWVudCBDZXJ0aWZpY2F0ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnNjLmluZm9jZXJ0Lml0LzCB7AYDVR0fBIHkMIHhMDSgMqAwhi5odHRwOi8vY3JsLmluZm9jZXJ0Lml0L2NybHMvc2Vydml6aTIvQ1JMMDMuY3JsMIGooIGloIGihoGfbGRhcDovL2xkYXAuaW5mb2NlcnQuaXQvY24lM0RJbmZvQ2VydCUyMFNlcnZpemklMjBkaSUyMENlcnRpZmljYXppb25lJTIwMiUyMENSTDAzLG91JTNERW50ZSUyMENlcnRpZmljYXRvcmUsbyUzRElORk9DRVJUJTIwU1BBLEMlM0RJVD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MA4GA1UdDwEB/wQEAwIEsDCBswYDVR0jBIGrMIGogBTpNppkKVKhWv5ppMSDt4B9D2oSeKGBjKSBiTCBhjELMAkGA1UEBhMCSVQxFTATBgNVBAoMDElORk9DRVJUIFNQQTEbMBkGA1UECwwSRW50ZSBDZXJ0aWZpY2F0b3JlMRQwEgYDVQQFEwswNzk0NTIxMTAwNjEtMCsGA1UEAwwkSW5mb0NlcnQgU2Vydml6aSBkaSBDZXJ0aWZpY2F6aW9uZSAyggECMB0GA1UdDgQWBBRtxPZ78wWulPjzok0OM9Rih9WYmzANBgkqhkiG9w0BAQsFAAOCAQEAXm9OL+hVgFtZL5QTRqxQf4LrFwDn+IzUfSKMaiwh85WexK5DSW3eZ/+HFS2nQvF2WPls00wHvAfQ99U6NWLRps7a5Nswzo0ZBCtiG0Jh9Jp60U4J+e6HTqjmMokrV5Q+21hzurCsV3lLY986mNOoulJLrq421WFNBVV4ngiegYS6uIhRjBOO6v+xA6rRUPdMYd8rEhEyD3XSiQfedkqghJQmJ0t29kYRphdFws9JcLMiOwYmUZohjfbXBnhJtgn9eyuPRIBFx/WUC4PaYMFL62i+9GYVV+Dn3/L23HJm0it8fKtYEhcgQbHJxa4QByfpGbE3li+ojHsCpN/XKHeDbA==
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- InfoCert S.p.A.
- InfoCert S.p.A.
- InfoCert S.p.A.
- InfoCert S.p.A.
- InfoCert S.p.A.
- InfoCert S.p.A.
- InfoCert S.p.A.
- InfoCert S.p.A.
- https://www.infocert.it
- https://www.infocert.it/international/?lang=en
- https://www.infocert.it/international/?lang=fr
- https://www.infocert.it/international/?lang=de
-
-
-
-
-
-
-
-
-
- MIIEDjCCAvagAwIBAgIIIT1A+ywbIQAwDQYJKoZIhvcNAQELBQAwXjEzMDEGA1UE AwwqSU4uVEUuUy5BLiBTLnAuQSAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRow GAYDVQQKDBFJTi5URS5TLkEuIFMucC5BLjELMAkGA1UEBhMCSVQwHhcNMTcwOTE1 MTMyMzQ1WhcNMzYwNzAxMTk1OTAwWjBQMSUwDwYDVQQuEwgyMDA3OTc5NzASBgNV BAMMC1NBTUwgU2lnbmVyMRowGAYDVQQKDBFJTi5URS5TLkEuIFMucC5BLjELMAkG A1UEBhMCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhYXkP+eQB URgmslDXBjG0ad+DkSAkWt7hUoaTyiK0e34QiyArq043plqTrt+6FzTGeX7960Qr 3tCLGCiVOi47QuE09IKfJmKGEaUQnJQehHYZs/XV0OYQl18WrCxUX6ALOcqPs+4y pCbJV1WzSosfBcPBzivJER8kvrynMXI3or18e9XPTGBn8qNFyNF1E3BJ5UhrDvk5 W2gKyYKz0M/CIu9PiHuO/ne6HbeNrCS/xzXtjsTusk41AOxIQoFbEzS08xcRY+QD E8oLcAmecSjT3xv3r9dWke6KTTAahS3K+5mOYRcBXj2FFegiUp+xh4OAWdH1+gGD Ym+3aAmMpaLtAgMBAAGjgd0wgdowHQYDVR0OBBYEFEw9xWg4qvQGdlGMCqmJcVDg dE8aMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUySnWJ2sw0ljDpJVrtrxCCP0b 1CYwGgYDVR0QBBMwEYAPMjAxNzA5MTUxMzIzNDVaMD8GA1UdHwQ4MDYwNKAyoDCG Lmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNBX25DQS5jcmww DgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN BgkqhkiG9w0BAQsFAAOCAQEAVRHyFRZZFpW/qjJpKftd86h3wOdUqOhc2W8ZHv0s t8ptG+mZk3l1iWAsEPqKMIBhksgTvalnHC1lHUt11xsZ2mzUjVpiG8XiWXYXQnY2 D+q7Dc4n20kJ717qf4SDN8wX1A6XvT3Wrsfh87vg3ZFD56/eyur2snWu4OilsFqA yLhnExG4puJ4JKBWnlwAGXD9SFgkSZ8FC66KQs6CAwVkvCIom3IwJeU/VrYQF6XH kVCQgr5mojXgCkrlRNl53WAKfQHCT4QH+oQVP97PCEL/wQ1zi0UzWauKT6u2wDym 9rcpch+WLa0GUtYNhuoLU2SregPKwTWg2DfINJObyWRpww==
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- IN.TE.S.A. S.p.A.
- Intesa S.p.A.
- https://www.intesa.it/
-
-
-
-
-
-
-
-
-
- MIIDHDCCAgSgAwIBAgIVALisbudTRxLy3vlMcEDfaqr3iW89MA0GCSqGSIb3DQEB CwUAMBcxFTATBgNVBAMMDGlkLmxlcGlkYS5pdDAeFw0xODA4MDgxMDIzMTJaFw0z ODA4MDgxMDIzMTJaMBcxFTATBgNVBAMMDGlkLmxlcGlkYS5pdDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMOFERgxPEYPqAjN7oW6y8oSSY6tGm2OCIU+ VyKhb2OqfNLpF8tPrytX17pgwVYHzjxRCNMTC83frbmtBapABtm9KuX7qaSPvaJx 0+UqYk9FdKCKQOEkmWcNOJfwzNMP65B+cDxP3sa1JoAMeAO0x95bnYoX0ZHcssKk wpgMb8/JHZHzqu3odxADtO5PaT3xaCyMIcqIp1O2nVn7SizUE1gNucLAdaP4kh0o 7nU61pz4pG3gQXK+uROteDD8cTU2Nxi7W1T73tQSuwst54BS2p9IBXzWrA9V0Ck1 0oiQTcIC8X9McepCrNzgCOBdap00Tifusb30t74BREARgwjp1N8CAwEAAaNfMF0w HQYDVR0OBBYEFL32/n7uf1Re14pW+gwGxZQHUZBCMDwGA1UdEQQ1MDOCDGlkLmxl cGlkYS5pdIYjaHR0cHM6Ly9pZC5sZXBpZGEuaXQvaWRwL3NoaWJib2xldGgwDQYJ KoZIhvcNAQELBQADggEBAK80B1mEWKOTJkVJOJot2xU79Lhs1+domUSYQiA+tlS4 6IAfWwDZqI1llIjgL85n7qMsKFvYTIskInoG51Iezv2dTxlB6IMI8NPRfiFXo2s8 NYjbzWyETbdXzCbDR0tKNke0TFE0oxunNfE5YRsmH4bPnjhPUjCSHX7wIhlNrLae 3FjMQp1OLDs7HmJo3AhuAVmHCoG7QV/ly4ZHcVYx4F7HUsFg5uxNYjZbo+XMutJz 4nZFOFE+uRzTwwfdR2sxny+ppkruTwIhEXyzknoiw1mGIEWZc6scnOAiwZeqTccU YVNHp+PSFs9SD8l+2PO4Oh8Y3dYT+5ojv+S6T7vy5xE=
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Lepida S.p.A.
- Lepida S.p.A.
- https://www.lepida.it/
-
-
-
-
-
-
-
-
-
- CN=*.namirialtsp.com,OU=Security Departement,O=Namirial Spa,L=Senigallia,ST=Ancona,C=IT
- MIIDNzCCAh+gAwIBAgIUNGvDUjTpLSPlP4sEfO0+JARITnEwDQYJKoZIhvcNAQEL BQAwHjEcMBoGA1UEAwwTaWRwLm5hbWlyaWFsdHNwLmNvbTAeFw0xNzAzMDgwOTE3 NTZaFw0zNzAzMDgwOTE3NTZaMB4xHDAaBgNVBAMME2lkcC5uYW1pcmlhbHRzcC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrcJvYRh49nNijgzwL 1OOwgzeMDUWcMSwoWdtMpx3kDhZwMFQ3ITDmNvlz21I0QKaP0BDg/UAjfCbDtLqU y6wHtI6NWVJoqIziw+dLfg7S5Sr2nOzJ/sKhzadWH1kDsetIenOLU2ex+7Vf/+4P 7nIrS0c+xghi9/zN8dH6+09wWYnloGmcW3qWRFMKJjR3ctBmsmqCKWNIIq2QfeFs zSSeG0xaNlLKBrj6TyPDxDqPAskq038W1fCuh7aejCk7XTTOxuuIwDGJiYsc8rfX SG9/auskAfCziGEm304/ojy5MRcNjekz4KgWxT9anMCipv0I2T7tCAivc1z9QCsE Pk5pAgMBAAGjbTBrMB0GA1UdDgQWBBQi8+cnv0Nw0lbuICzxlSHsvBw5SzBKBgNV HREEQzBBghNpZHAubmFtaXJpYWx0c3AuY29thipodHRwczovL2lkcC5uYW1pcmlh bHRzcC5jb20vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAEp953KM WY7wJbJqnPTmDkXaZJVoubcjW86IY494RgVBeZ4XzAGOifa3ScDK6a0OWfIlRTba KKu9lEVw9zs54vLp9oQI4JulomSaL805Glml4bYqtcLoh5qTnKaWp5qvzBgcQ7i2 GcDC9F+qrsJYreCA7rbHXzF0hu5yIfz0BrrCRWvuWiop92WeKvtucI4oBGfoHhYO ZsLuoTT3hZiEFJT60xS5Y2SNdz+Eia9Dgt0cvAzoOVk93Cxg+XBdyyEEiZn/zvhj us29KyFrzh3XYznh+4jq3ymt7Os4JKmY0aJm7yNxw+LyPjkdaB0icfo3+hD7PiuU jC3Y67LUWQ8YgOc=
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Namirial
- Namirial S.p.a. Trust Service Provider
- https://www.namirialtsp.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- HuZp3BIFRsUQLvzPnebPMaMFL48slyJzdoPJfH96GIk=
-
-
- DRYpdyQk7aK2mHKUKw3JY6aj71NO0eR8FhnQccA/WOJmUs3uuty3sVn4PGSWf/DrSQ0U6x0Q1pZx IY1+N0/Y4C/sdts5jZCY6TW44BiSPe0jJxuOVq1MaFMsoITIb0Me/aX6s1Sv0EFAXLFWtrrbGJma V2wlJL7E/NQUJqGeNmc1Y8DrdBRzPwsMNi7NVHewx89F/raOL1y5Fr4m7NF7ES1XG9bpV/eVyeYj pV6sU9JqgZ9nz/JuUvFAoRj8OaWwoyEZo/y7mq46sLPEeCQMLSuRK67vDBsQuZUZu14Oc4lmOUiQ 17jTJh6hBNkpuE3/kEk8P2dgRPtJRvoxzLxpYw==
-
-
- MIIFgzCCA2ugAwIBAgIIJSppAZKg/XQwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCSVQxHjAc BgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEaMBgGA1UEYQwRVkFUSVQtMDExMTQ2MDEwMDYx GjAYBgNVBAMMEVBvc3RlIEl0YWxpYW5lIENBMB4XDTIxMDIxODExNDYzMVoXDTI0MDIxOTExNDYz MVowQzELMAkGA1UEBhMCSVQxHjAcBgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEUMBIGA1UE AwwLaWRwLXBvc3RlaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZFEtJoEHFAjpC aZcj5DVWrRDyaLZyu31XApslbo87CyWz61OJMtw6QQU0MdCtrYbtSJ6vJwx7/6EUjsZ3u4x3EPLd lkyiGOqukPwATv4c7TVOUVs5onIqTphM9b+AHRg4ehiMGesm/9d7RIaLuN79iPUvdLn6WP3idAfE w+rhJ/wYEQ0h1Xm5osNUgtWcBGavZIjLssWNrDDfJYxXH3QZ0kI6feEvLCJwgjXLGkBuhFehNhM4 fhbX9iUCWwwkJ3JsP2++Rc/iTA0LZhiUsXNNq7gBcLAJ9UX2V1dWjTzBHevfHspzt4e0VgIIwbDR qsRtF8VUPSDYYbLoqwbLt18XAgMBAAGjggFXMIIBUzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUH MAGGI2h0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQvcGktb2NzcENBMB0GA1UdDgQWBBRL64pGUJHw Y7ok6cRMUgXvMBoLMjAfBgNVHSMEGDAWgBRs0025F7hHd0d+ULyAaELPZ7w/eTA+BgNVHSAENzA1 MDMGCCtMMAEFAQEEMCcwJQYIKwYBBQUHAgEWGWh0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQwOAYD VR0fBDEwLzAtoCugKYYnaHR0cDovL3Bvc3RlY2VydC5wb3N0ZS5pdC9waS1DQS9jcmwuY3JsMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwJwYDVR0RBCAwHoEc aWRwLXBvc3RlaWRAcG9zdGVpdGFsaWFuZS5pdDANBgkqhkiG9w0BAQsFAAOCAgEAp0EhITlTx+cO aoXw//nBl6Q4y82MfSGfPJIw3ROV1z3tHBctaksi/RxAzyMD5beO2s8Q6lXx0sLMCcuUQmzHj3eJ bqn+6sIUr000dSlX/iPgVUc2dvPIZZg9xu38J8NvCfrtgAGY5iMVFMd3CZLFw0ybr+Bx/1K/NhQO 7jxn0RSGA1J4mM2syVhEDUODs9kz3T4kXYUofwwvPL1a9xB9RBqbp7plYtbBBdftEORUQrWzH1mz NO4nlFkX9qgVrgFIIJJT2KadHoop1r65O9ffncK14qpNo3eTsNDq3hRlteb7ylmlJ8CoakUWZeXD DP9ZboWxZkyp+9903OrToRvOgeWSc+YrqcRZOv7r6tTALTk4U9OTKDG9/eNWSGQqD7Qd/9rssfF0 uJEGHnbsk/Hvdxn8apgWN1Zwt6tsT7f/DO0Pdlaso9g7PVy8R+B3VkWAh76uCcICIPFBluC/ljaH V8hI+VsCLpMClo83YMCEM6E6nAPD22+fDR/DF9P73P04yUvJVHx4cnHPrpxVrPbaJoKrr9mUOLFy VRekX78ZRgiFiKYDNsiq9+148oRy+VehpmBoQ+T2EPeDFQ8JJ4xT8H7qdyr1swSk/9Lu4K0kw/yC TSb9K/wCuiHiuoSB54rzJoQxz90gS868r/+JGahYwHY5dUh1RbA4g5N8H3TDThc=
-
-
-
-
-
-
-
- MIIEKzCCAxOgAwIBAgIDE2Y0MA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAklUMRgwFgYDVQQKDA9Qb3N0ZWNvbSBTLnAuQS4xIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxQb3N0ZWNvbSBDQTMwHhcNMTYwMjI2MTU1MjQ0WhcNMjEwMjI2MTU1MjQ0WjBxMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDTALBgNVBAcMBFJvbWUxHjAcBgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjENMAsGA1UECwwEU1BJRDEUMBIGA1UEAwwLSURQLVBvc3RlSUQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZFEtJoEHFAjpCaZcj5DVWrRDyaLZyu31XApslbo87CyWz61OJMtw6QQU0MdCtrYbtSJ6vJwx7/6EUjsZ3u4x3EPLdlkyiGOqukPwATv4c7TVOUVs5onIqTphM9b+AHRg4ehiMGesm/9d7RIaLuN79iPUvdLn6WP3idAfEw+rhJ/wYEQ0h1Xm5osNUgtWcBGavZIjLssWNrDDfJYxXH3QZ0kI6feEvLCJwgjXLGkBuhFehNhM4fhbX9iUCWwwkJ3JsP2++Rc/iTA0LZhiUsXNNq7gBcLAJ9UX2V1dWjTzBHevfHspzt4e0VgIIwbDRqsRtF8VUPSDYYbLoqwbLt18XAgMBAAGjgdwwgdkwRgYDVR0gBD8wPTAwBgcrTAsBAgEBMCUwIwYIKwYBBQUHAgEWF2h0dHA6Ly93d3cucG9zdGVjZXJ0Lml0MAkGBytMCwEBCgIwDgYDVR0PAQH/BAQDAgSwMB8GA1UdIwQYMBaAFKc0XP2FByYU2l0gFzGKE8zVSzfmMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQvcG9zdGVjb21jYTMvY3JsMy5jcmwwHQYDVR0OBBYEFEvrikZQkfBjuiTpxExSBe8wGgsyMA0GCSqGSIb3DQEBCwUAA4IBAQBNAw8UoeiCF+1rFs27d3bEef6CLe/PJga9EfwKItjMDD9QzT/FShRWKLHlK69MHL1ZLPRPvuWUTkIOHTpNqBPILvO1u13bSg+6o+2OdqAkCBkbTqbGjWSPLaTUVNV6MbXmvttD8Vd9vIZg1xBBG3Fai13dwvSj3hAZd8ug8a8fW1y/iDbRC5D1O+HlHDuvIW4LbJ093jdj+oZwSyd216gtXL00QA0C1uMuDv9Wf9IxniTb710dRSgIcM4/eR7832fZgdOsoalFzGYWxSCs8WOZrjpub1fdaRSEuCQk2+gmdsiRcTs9EqPCCNiNlrNAiWEyGtL8A4ao3pDMwCtrb2yr
-
-
-
-
-
-
- MIIFgzCCA2ugAwIBAgIIJSppAZKg/XQwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCSVQxHjAc BgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEaMBgGA1UEYQwRVkFUSVQtMDExMTQ2MDEwMDYx GjAYBgNVBAMMEVBvc3RlIEl0YWxpYW5lIENBMB4XDTIxMDIxODExNDYzMVoXDTI0MDIxOTExNDYz MVowQzELMAkGA1UEBhMCSVQxHjAcBgNVBAoMFVBvc3RlIEl0YWxpYW5lIFMucC5BLjEUMBIGA1UE AwwLaWRwLXBvc3RlaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZFEtJoEHFAjpC aZcj5DVWrRDyaLZyu31XApslbo87CyWz61OJMtw6QQU0MdCtrYbtSJ6vJwx7/6EUjsZ3u4x3EPLd lkyiGOqukPwATv4c7TVOUVs5onIqTphM9b+AHRg4ehiMGesm/9d7RIaLuN79iPUvdLn6WP3idAfE w+rhJ/wYEQ0h1Xm5osNUgtWcBGavZIjLssWNrDDfJYxXH3QZ0kI6feEvLCJwgjXLGkBuhFehNhM4 fhbX9iUCWwwkJ3JsP2++Rc/iTA0LZhiUsXNNq7gBcLAJ9UX2V1dWjTzBHevfHspzt4e0VgIIwbDR qsRtF8VUPSDYYbLoqwbLt18XAgMBAAGjggFXMIIBUzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUH MAGGI2h0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQvcGktb2NzcENBMB0GA1UdDgQWBBRL64pGUJHw Y7ok6cRMUgXvMBoLMjAfBgNVHSMEGDAWgBRs0025F7hHd0d+ULyAaELPZ7w/eTA+BgNVHSAENzA1 MDMGCCtMMAEFAQEEMCcwJQYIKwYBBQUHAgEWGWh0dHA6Ly9wb3N0ZWNlcnQucG9zdGUuaXQwOAYD VR0fBDEwLzAtoCugKYYnaHR0cDovL3Bvc3RlY2VydC5wb3N0ZS5pdC9waS1DQS9jcmwuY3JsMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwJwYDVR0RBCAwHoEc aWRwLXBvc3RlaWRAcG9zdGVpdGFsaWFuZS5pdDANBgkqhkiG9w0BAQsFAAOCAgEAp0EhITlTx+cO aoXw//nBl6Q4y82MfSGfPJIw3ROV1z3tHBctaksi/RxAzyMD5beO2s8Q6lXx0sLMCcuUQmzHj3eJ bqn+6sIUr000dSlX/iPgVUc2dvPIZZg9xu38J8NvCfrtgAGY5iMVFMd3CZLFw0ybr+Bx/1K/NhQO 7jxn0RSGA1J4mM2syVhEDUODs9kz3T4kXYUofwwvPL1a9xB9RBqbp7plYtbBBdftEORUQrWzH1mz NO4nlFkX9qgVrgFIIJJT2KadHoop1r65O9ffncK14qpNo3eTsNDq3hRlteb7ylmlJ8CoakUWZeXD DP9ZboWxZkyp+9903OrToRvOgeWSc+YrqcRZOv7r6tTALTk4U9OTKDG9/eNWSGQqD7Qd/9rssfF0 uJEGHnbsk/Hvdxn8apgWN1Zwt6tsT7f/DO0Pdlaso9g7PVy8R+B3VkWAh76uCcICIPFBluC/ljaH V8hI+VsCLpMClo83YMCEM6E6nAPD22+fDR/DF9P73P04yUvJVHx4cnHPrpxVrPbaJoKrr9mUOLFy VRekX78ZRgiFiKYDNsiq9+148oRy+VehpmBoQ+T2EPeDFQ8JJ4xT8H7qdyr1swSk/9Lu4K0kw/yC TSb9K/wCuiHiuoSB54rzJoQxz90gS868r/+JGahYwHY5dUh1RbA4g5N8H3TDThc=
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Poste Italiane SpA
- Poste Italiane SpA
- https://www.poste.it
-
-
-
-
-
-
-
-
-
- MIIDczCCAlugAwIBAgIJAMsX0iEKQM6xMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTAeFw0xNTEyMTQwODE0MTVaFw0yNTEyMTMwODE0MTVaMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIRlOjM/tS9V9jYjJreqZSctuYriLfPTDgX2XdhWEbMpMpwA9p0bsbLQoC1gP0piLO+qbCsIh9+boPfb4/dLIA7E+Vmm5/+evOtzvjfHG4oXjZK6jo08QwkVV8Bm1jkakJPVZ57QFbyDSr+uBbIMY7CjA2LdgnIIwKN/kSfFhrZUMJ6ZxwegM100X5psfNPSV9WUtgHsvqlIlvydPo2rMm21sg+2d3Vtg8DthNSYRLqgazCc0NTsigrH7niSbJCO0nq/svMX2rSFdh5GFK7/pxT+c3OFWqIR8r+RX4qW+auJqkbTuNRwxV22Sm6r69ZJwV0WspvsVJi+FYqiyoWhgUCAwEAAaNQME4wHQYDVR0OBBYEFCUx063GwUhEFDllwCBe/+jdeW+XMB8GA1UdIwQYMBaAFCUx063GwUhEFDllwCBe/+jdeW+XMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADF94c3JwyBM86QBLeoUZxRYKPniba8B39FfJk0pb+LejKfZMvspOrOFgYQQ9UrS8IFkBX9Xr7/tjRbr2cPwZNjrEZhoq+NfcE09bnaWTyEl1IEKK8TWOupJj9UNVpYXX0LfIRrMwNEzAPQykOaqPOnyHxOCPTY957xXSo3jXOyvugtvPHbd+iliAzUoPm1tgiTKWS+EkQ/e22eFv5NEyT+oHiKovrQ+voPWOIvJVMjiTyxRic8fEnI9zzV0SxWvFvty77wgcYbeEuFZa3iidhojUge8o1uY/JUyQjFxcvvfAgWSIZwdHiNyWaAgwzLPmPCPsvBdR3xrlcDg/9Bd3D0=
-
-
-
-
-
-
- MIIDczCCAlugAwIBAgIJAMsX0iEKQM6xMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTAeFw0xNTEyMTQwODE0MTVaFw0yNTEyMTMwODE0MTVaMFAxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEgMB4GA1UEBwwXU2FuIEdyZWdvcmlvIGRpIENhdGFuaWExDzANBgNVBAoMBlNpZWx0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIRlOjM/tS9V9jYjJreqZSctuYriLfPTDgX2XdhWEbMpMpwA9p0bsbLQoC1gP0piLO+qbCsIh9+boPfb4/dLIA7E+Vmm5/+evOtzvjfHG4oXjZK6jo08QwkVV8Bm1jkakJPVZ57QFbyDSr+uBbIMY7CjA2LdgnIIwKN/kSfFhrZUMJ6ZxwegM100X5psfNPSV9WUtgHsvqlIlvydPo2rMm21sg+2d3Vtg8DthNSYRLqgazCc0NTsigrH7niSbJCO0nq/svMX2rSFdh5GFK7/pxT+c3OFWqIR8r+RX4qW+auJqkbTuNRwxV22Sm6r69ZJwV0WspvsVJi+FYqiyoWhgUCAwEAAaNQME4wHQYDVR0OBBYEFCUx063GwUhEFDllwCBe/+jdeW+XMB8GA1UdIwQYMBaAFCUx063GwUhEFDllwCBe/+jdeW+XMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADF94c3JwyBM86QBLeoUZxRYKPniba8B39FfJk0pb+LejKfZMvspOrOFgYQQ9UrS8IFkBX9Xr7/tjRbr2cPwZNjrEZhoq+NfcE09bnaWTyEl1IEKK8TWOupJj9UNVpYXX0LfIRrMwNEzAPQykOaqPOnyHxOCPTY957xXSo3jXOyvugtvPHbd+iliAzUoPm1tgiTKWS+EkQ/e22eFv5NEyT+oHiKovrQ+voPWOIvJVMjiTyxRic8fEnI9zzV0SxWvFvty77wgcYbeEuFZa3iidhojUge8o1uY/JUyQjFxcvvfAgWSIZwdHiNyWaAgwzLPmPCPsvBdR3xrlcDg/9Bd3D0=
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Sielte S.p.A.
- Sielte S.p.A.
- http://www.sielte.it
- http://www.sielte.it
- http://www.sielte.it
- http://www.sielte.it
-
-
-
-
-
-
-
-
-
- MIIDazCCAlOgAwIBAgIED8R+MDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJJVDELMAkGA1UECBMCRkkxETAPBgNVBAcTCGZsb3JlbmNlMREwDwYDVQQKEwhyZWdpc3RlcjERMA8GA1UECxMIcmVnaXN0ZXIxETAPBgNVBAMTCHJlZ2lzdGVyMB4XDTE3MDcxMDEwMzM0OVoXDTI3MDcwODEwMzM0OVowZjELMAkGA1UEBhMCSVQxCzAJBgNVBAgTAkZJMREwDwYDVQQHEwhmbG9yZW5jZTERMA8GA1UEChMIcmVnaXN0ZXIxETAPBgNVBAsTCHJlZ2lzdGVyMREwDwYDVQQDEwhyZWdpc3RlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkYXHbm3q6xt3wrLAXnytswtj2JE1MM8aYmNXkTgDMCwO/+ahQOoQru6IBTbjfWH9jr+Woy54FDdX6bHl+5/mO6l/yAB/bKgwe5HmUjZJ5oakJjWucsSm+VkEwN2HquBZoN+mktju00xvLX5VAjmDHvZc/b8NhNr/FRKlYITboygkhGiUwGI3wLf3IaB76J0o7ugpW2WNLcywpX+p1VWZAMCdHBveBe/e42hh6WnWPqdwYUWHOgJ8HX4IzCHifiS1n6eUMgtoTQOmSvTQDwSjD0WWJE8tWSYt+txXg1t+3A3tbZOFu7T442wE7DtMdUL4+8gimQS+e8PxDK1uTqIPUCAwEAAaMhMB8wHQYDVR0OBBYEFMCgo1gzCIcUThQIs5g5ikfv1D7eMA0GCSqGSIb3DQEBCwUAA4IBAQBnGw3i3hQ37L8vyelkyZMeO3tLK65Cqti4oVrQZxClGV5zNA6fIMDY8Mci1UhLwjzp29POd/sez0vuHZ/Vmmygzoye4jTKr6c3jAh0u81FTzefBU+vIietm9RuV3sd7D9xq6EqOY1NDL+rkvBcTFtiwLEUm2kHYu/U67jk73pxOtmqxQvQeMU8oi42tehMZGLIGp3U5lGS8YGGl+GtkkQ2Z5/PSm67HGP81kTArG/QX+bX+ykypTJVg9hfb9zOFQidp1HkCRIez6YhDiP/ZLurd6Grt/wVfZPNBO8EOgy25AkRZlp+UD686BFg7qq5KKEbz3qmPrj8deHL3duacZcp
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Register.it S.p.A.
- Register.it S.p.A.
- https//www.register.it
-
-
-
-
-
-
-
-
-
-
- CN=TI Trust Technologies srl,OU=Servizi per l'identita digitale,O=Telecom Italia Trust Technologies srl,L=Pomezia,ST=RM,C=IT
- 16181073618410851771
-
- MIIEKTCCAxGgAwIBAgIJAOCOuLmV0s27MA0GCSqGSIb3DQEBCwUAMIGqMSIwIAYDVQQDDBlUSSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMSgwJgYDVQQLDB9TZXJ2aXppIHBlciBsJ2lkZW50aXRhIGRpZ2l0YWxlMS4wLAYDVQQKDCVUZWxlY29tIEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMRAwDgYDVQQHDAdQb21lemlhMQswCQYDVQQIDAJSTTELMAkGA1UEBhMCSVQwHhcNMTcxMTE3MTUzNzIyWhcNMjExMTE2MTUzNzIyWjCBqjEiMCAGA1UEAwwZVEkgVHJ1c3QgVGVjaG5vbG9naWVzIHNybDEoMCYGA1UECwwfU2Vydml6aSBwZXIgbCdpZGVudGl0YSBkaWdpdGFsZTEuMCwGA1UECgwlVGVsZWNvbSBJdGFsaWEgVHJ1c3QgVGVjaG5vbG9naWVzIHNybDEQMA4GA1UEBwwHUG9tZXppYTELMAkGA1UECAwCUk0xCzAJBgNVBAYTAklUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEBMMNhDczJh9ewCYX/Ag135q4c0n4Qg6FGfX7mZcg6TVI8IBKdeLHUC/e80iyVkufmqeu0udaFPWywyWJ4nhP10oi0ft1ftO+7XYzX4yDPoiRtsF6dtI3drjyaHVgWcDOWJIVGAJtLbdp5vcFLcboDlw4d2JC9if8wndMK9d4Kbb1P4+6v/ERaGozBFFntzuGRUAq5f5tsk9mh6D+g38xdHnK1tj1PcDIvw0DaRkD6/JL1rjHss+5sLSHCRtT7FG0ynQne1PjnEgUXL9M0xeeS7cV2hSxDU2ghZ7t8pzcEY8vJp/mWA7PHT07Nonp3yoh8dgqBvAa+sS6wqpiPBfQIDAQABo1AwTjAdBgNVHQ4EFgQURVRGXUUj2q6nPlqzvIKHtQx4VrAwHwYDVR0jBBgwFoAURVRGXUUj2q6nPlqzvIKHtQx4VrAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOIndKJCOyi0qP0IK894er7/jGxV6XCEXY5PLlFa9ibnaPjusYXlMPn6rIjDUAkcMj/fVF0XYa862At1GWclS6S6yYDt06W/GoMknM5XsByxO5HzA7iuTc4MheUTdlvD05PtY6n3SXVQLTNp+zHdh/LlhI1d380DFDR8wZJzUnYJ+vb+2DU62+4gVytk0C6b4RNEK4kfHkQGdJyKnLjxtm66iJBP5w+cC1A0UdGx7xLv8EIVued0L9agJi5CCbly5UGXEGvGUZf7vSSMV0UM2tGbNY5vsZQX0aRl9NGZOsKBydY5FEgCk+SLYAHDq29EZZRcPE6dJqB1d5zLwUQ/vZg==
- CN=TI Trust Technologies srl,OU=Servizi per l'identita digitale,O=Telecom Italia Trust Technologies srl,L=Pomezia,ST=RM,C=IT
-
-
-
-
-
-
- MIID0jCCArqgAwIBAgIUXDUOKL3WuolxDw96Fk9es8rIt6kwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAklUMS4wLAYDVQQKDCVUZWxlY29tIEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMSgwJgYDVQQLDB9TZXJ2aXppIHBlciBsJ2lkZW50aXRhIGRpZ2l0YWxlMSIwIAYDVQQDDBlUSSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMB4XDTIxMTExMTE3MDMyMFoXDTI1MTExMDE3MDMyMFowgYsxCzAJBgNVBAYTAklUMS4wLAYDVQQKDCVUZWxlY29tIEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMSgwJgYDVQQLDB9TZXJ2aXppIHBlciBsJ2lkZW50aXRhIGRpZ2l0YWxlMSIwIAYDVQQDDBlUSSBUcnVzdCBUZWNobm9sb2dpZXMgc3JsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sIS3+3iZSaAIyVywahlbpua2uJ/XmpV68P1e1STJpHoaj32STdHhqZnnb4Y/FshP1NUolzNolPXAYDmDduW1OnGndJZ+G9Hjh1PCkdiRw+p0FjhQAsGJkn8NdgTIHLJjqN1qQwtOsVGab8ScyA3mtmj3xKYuBhUoweuATzC7f5r7FfIoc3cy6N5lgrpZpfeAChxLwoHVjoAVgIBuemi6HAzmd4/BI06KzOcR7+dBVi4+uiseldxrJ5bhnjZKIwgkX14y9UA84Y+e+rMtyT8cT3XXi9NazZl5Ej5/bQPqqVsbg6tXzQSfEJD6JEjuYeC0RUKMS/EJn3hL5VLzTJ1NwIDAQABoywwKjAdBgNVHQ4EFgQUfctFZ8bRtmEvXPRlqgVDuggY/ZwwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA0lszHadknPfE17IWGWsgvlXOdKMnWcl9H5rEYmsWwDB9FJG9XAZvPMcVv1kkWi6XZI/8N2Twhu1BdZkdvntDRscuck8wxxIpkRV7CwlcqNFZ/IwjDBxOBa8Q1J850p+qP8A9apsLLPUlu/oLygNDWIXzcOjMqnPkEP+XXUNYPto5iV+OyDzLLacCYqDDHcvDewWLmEjt35X967KcM+m7K2zGRLWfqcZPIjJJOkpNjgcs+MaisMrGDyOKiD16v0LpwVyIpTqXvDk7KHo8CUNXDxyLxZzB6WffgnOgjXTfU3vluweOx0qQy/VxIupDlNBKiZB4gnt1oAfnaMbqla9wcw==
- CN=TI Trust Technologies srl,OU=Servizi per l'identita digitale,O=Telecom Italia Trust Technologies srl,C=IT
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- TI Trust Technologies srl
- Trust Technologies srl
- https://www.trusttechnologies.it
-
-
-
-
+ZSBwcm9nZXR0byBTUElEMTwwOgYDVQQDDDNQcm9nZXR0byBTUElEIC0gR2VzdG9y
+aSBkaSBJZGVudGl0w6AgRGlnaXRhbGUgKElkUCkxKTAnBgkqhkiG9w0BCQEWGnBy
+b3RvY29sbG9AcGVjLmFnaWQuZ292Lml0MRowGAYDVQQFExFWQVRJVC05NzczNTAy
+MDU4NDAeFw0yMjA1MTAwMDAwMDBaFw0zMjA1MDkyMzU5NTlaMIGrMRowGAYDVQRh
+DBFWQVRJVC0wMTAzNTMxMDQxNDEcMBoGA1UEAwwTc3BpZC50ZWFtc3lzdGVtLmNv
+bTEaMBgGA1UECgwRVGVhbVN5c3RlbSBTLnAuQS4xKDAmBgNVBFMMH2h0dHBzOi8v
+c3BpZC50ZWFtc3lzdGVtLmNvbS9pZHAxCzAJBgNVBAYTAklUMQ8wDQYDVQQHDAZQ
+ZXNhcm8xCzAJBgNVBAgMAlBVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAyNJMgyn+iquzTvLR5Z/eYBfOoyJIfI3rYcj5WOSlTzlqXXBCzdcROm/JKgrf
+3MOTEzH8RAn6XkSHXtJDtMpD7GlwYB0mo8scqDNtpszbhm/UXapJTrP7gy/UI3yf
+n99n4hvqkGOdld7w5vaAPS0w9PdcaRxY/7X4olHKBAx2cHAwiqhKuiFEDhfACRWs
+bw4gaIjVM7NuUtL/jG+PJV1NHrEn10vizE7IneMxDNqiQ14IjLL7pJMEPXwbXedz
+ZsModKKAXIX5reNSegEU1Y386BCkmg4IMWd+DglmMJ4uuzcga1AppgjDuqb8yFDa
+NOKy/0Jivh2rs7u9boE4cLVBPQIDAQABo4IDCTCCAwUwCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU/q5NWlPmylmZTsX0C2MwZkrx3b4wHwYDVR0jBBgwFoAUyF8jl8Jbn9To
+hwSTF77f5QNJd18wDgYDVR0PAQH/BAQDAgbAMBEGA1UdEQQKMAiCBmlkcC5pdDAW
+BgNVHRIEDzANggtzcGlkLmdvdi5pdDA/BgNVHR8EODA2MDSgMqAwhi5odHRwczov
+L2VpZGFzLmFnaWQuZ292Lml0L2NybC9jcmxfU1BJRF9JZFAuY3JsMGoGCCsGAQUF
+BwEBBF4wXDBEBggrBgEFBQcwAoY4aHR0cDovL2VpZGFzLmFnaWQuZ292Lml0L2Nl
+cnRpZmljYXRpL1N1Yl9DQV9TUElEX0lkUC5jZXIwFAYIKwYBBQUHMAGGCGh0dHBz
+Oi8vMIIBzgYDVR0gBIIBxTCCAcEwCQYHBACORgEGAjCBlQYEK0wQBjCBjDBEBggr
+BgEFBQcCAjA4GjZFbGVjdHJvbmljIGNlcnRpZmljYXRlIGNvbmZvcm1pbmcgd2l0
+aCBBR0lEIEd1aWRlbGluZXMwRAYIKwYBBQUHAgIwOBo2Q2VydGlmaWNhdG8gZWxl
+dHRyb25pY28gY29uZm9ybWUgYWxsZSBMaW5lZSBndWlkYSBBZ0lEMHIGBitMEAQB
+AjBoMDkGCCsGAQUFBwICMC0aK1NQSUQ6IGdlc3RvcmUgZGVsbGUgaWRlbnRpdOAg
+ZGlnaXRhbGkgKElkUCkwKwYIKwYBBQUHAgIwHxodU1BJRDogSWRlbnRpdHkgUHJv
+dmlkZXIgKElkUCkwCAYGBACPegEDME0GBCtMEAQwRTBDBggrBgEFBQcCARY3aHR0
+cHM6Ly9laWRhcy5hZ2lkLmdvdi5pdC9jcHMvQWdJRF9lSURBU19yb290Q0FfY3Bz
+LnBkZjBPBgYEAI5GAQUwRTBDBggrBgEFBQcCARY3aHR0cHM6Ly9laWRhcy5hZ2lk
+Lmdvdi5pdC9jcHMvQWdJRF9lSURBU19yb290Q0FfY3BzLnBkZjANBgkqhkiG9w0B
+AQ0FAAOCAgEAG9XZeAkIuqSmYb6bq5WrcI2FQtVrfbMH1CXGDKytZUsH5phkGfk/
+8UaIfkbHhnWakM4H9J2gnvfhKorfMt2FHyXFFJ38hlWR8MhFziqthXLUxyLZpUMn
+h8CcNQyFpNz7xbZk/qN5yFfJyY4Rggm1qdgCNR1LsVI3hjuaORTAzvy4kLjfuU5r
+nVYPcxpHF7feJKlN03d8JRKYaIi5U+QVYtYJpTcE7jeYmn4Ewfry2BDCOsnljeYl
+gm3fF8EEVpMfHIhvJg8evATWmKWHpXL2BRtVrl7TfhvtWqKv4tLff+Lv2YqRpmYu
+oApA48/MB4QxwAPUBnmQb3CxVGs6OCbE/tdUfda9HuHP5MXYLtTVbRYu8pHEPnaN
+jPA8y90KRw2wiedgjgOG8BxOkhVF/cYs3yH+0hbPS5Oji27t0P2g9eG/p9TOy4AI
+gUykFimVFk6HV9znknrFSdgsePSp+T5zy45Jdi1z4/RgJN10szJfqEBuvd8MhUu4
+meVgfDqXrqavCVzGpSLuicdk41sTOviBz+PEgbQ/qP9KHQv67SHoF4US9Pp9tkyj
+VFUs7lBnrlFAPpOzd97XdiZfotCA5umibqlxLshy4UK7yl2LZFllpxrfiXTCDASM
+KlMMIcIsWx0lU/qw5KPpqvXELiya791kohJTi+9pyG7LXIOHHA0whr0=
+
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ TeamSystem s.p.a.
+ TeamSystem s.p.a.
+ TeamSystem
+ TeamSystem
+ https://www.teamsystem.com
+ https://international.teamsystem.com/ww/
+
+
\ No newline at end of file
diff --git a/example/pki/idem-mdx-service-crt.pem b/example/pki/idem-mdx-service-crt.pem
new file mode 100644
index 00000000..199945bd
--- /dev/null
+++ b/example/pki/idem-mdx-service-crt.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUTCCArmgAwIBAgIUXzl4U3k41WwjRPk/wVrxklYuLZwwDQYJKoZIhvcNAQEL
+BQAwNzEZMBcGA1UEAwwQbWR4LmlkZW0uZ2Fyci5pdDENMAsGA1UECgwER0FSUjEL
+MAkGA1UECgwCSVQwIBcNMjExMTA1MTUxMjAzWhgPMjEyMTEwMTIxNTEyMDNaMDcx
+GTAXBgNVBAMMEG1keC5pZGVtLmdhcnIuaXQxDTALBgNVBAoMBEdBUlIxCzAJBgNV
+BAoMAklUMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA32nIKnrjRK7I
+b+bpKKftiEw7/wte3bVAoYfEg6767QnnZrF4yT0VPygAHCRdM0No2zvXtOpH8oKp
+JgwSdpesC2F6EK7MiplSD2Y2LrKhJOeFUvYgKjOb2vsiGRmv5IxHPrrkJOW61pma
+9t8CobBvi2LC3SZRWTA4Vgpzp8GJDk+y2MPJRIOK7EOVeB35czY8aTHVeh195URe
+Nf6cuUKkkJMcJXqQPl00PT8eFiC3R/VJOtgqSuhEPBI00VvOSC7mgRuuzLIrZVPe
+41vtTHj3+z+7DRgOu/3dFB65WS8v/EKWlwWm3vYBim9BdNMOZuKSQB/xN53OHNP2
+ZKcV1M+agu0yULbPRQxURmoDKhE+Tp0WRv9Hy18xymFBoaq5Rt+30cPgn3SPbNek
+guE5K3Am6GX9rw0Q+Wkyks1QRQvpdl7NhEJRInvZe2Xl0LR1Bl6bBmPVx2Qbcu5Z
+uDGYYq3sdhP/0UGOwHUWnIllq7lx5+FdVH6DVdLeFVJh5LCbNO+rAgMBAAGjUzBR
+MB0GA1UdDgQWBBShvCarAhCIYI7ZaXbC/vh9KlFHcDAfBgNVHSMEGDAWgBShvCar
+AhCIYI7ZaXbC/vh9KlFHcDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBgQDWBzoJlQ5W0zEp/hgVtLBwRDTwmmkAwBwsTbztZ+ecULGY+Kbg07L5XgD7
+WTzrTMRrXFeq4GbMrXZKe5SDHwDIeyMVERHwDXuUAoMPANL5Rtgyqzr4YHVNAAFo
+WsJ9rtfKUiWidbLLpTFclOiE2HscBYORp2njxvai4picOyvrvFA+iyIpVvhc/YYq
+fb+5KIsCfIaJmZaL9lhjgMtCoTK3G3gDRihBFNTGIKJ9IhTnBdJ0HJIxNoiAo31A
+Y5/yGrBAX0qNG+/rNaoU6YDK/sgshPk45zYpuQZlE8MlRP16nySKbC1CmoX+PqBl
+yf7FRj8uINJOoEIsqsDH1EBCaGo6gtY+3h2y+P6YAk/qM61Bw4qWPiX69DlDbFHf
+QUxVq7Di72M/b6ruiZp7OioRAxdgkY+HypN9FLPjBg+59hrkVrnAuTlyF2QYUnm6
+E+FD3RNV/jjzesINP8r8eepteZkvwU/kdnS15tGwVJ3NQFOodtJJuwGo4s1GSFA0
++jt93xQ=
+-----END CERTIFICATE-----
diff --git a/example/plugins/backends/ciesaml2_backend.yaml b/example/plugins/backends/ciesaml2_backend.yaml
new file mode 100644
index 00000000..8a6a9aab
--- /dev/null
+++ b/example/plugins/backends/ciesaml2_backend.yaml
@@ -0,0 +1,150 @@
+module: backends.ciesaml2.CieSAMLBackend
+
+name: cieSaml2
+config:
+ # idp_blacklist_file: /path/to/blacklist.json
+
+ # error templates
+ static_storage_url: "https://localhost:9999"
+ error_template: "spid_login_error.html"
+ template_folder: "templates" # project root
+
+ # make metadata downloadable from entityid url
+ entityid_endpoint: true
+
+ spid_allowed_acrs:
+ - https://www.spid.gov.it/SpidL1
+ - https://www.spid.gov.it/SpidL2
+ - https://www.spid.gov.it/SpidL3
+
+ spid_acr_comparison: "minimum"
+
+ acr_mapping:
+ "": 'https://www.spid.gov.it/SpidL2'
+ # "": 'https://www.spid.gov.it/SpidL3'
+ # specify AuthnContext per IdP
+ # "https://identity.sieltecloud.it": 'https://www.spid.gov.it/SpidL1'
+ # "https://idp.namirialtsp.com/idp": 'https://www.spid.gov.it/SpidL1'
+ # "https://identity.infocert.it": 'https://www.spid.gov.it/SpidL1'
+
+ sp_config:
+ key_file: ./pki/privkey.pem
+ cert_file: ./pki/cert.pem
+ encryption_keypairs:
+ - {'key_file': ./pki/privkey.pem, 'cert_file': ./pki/cert.pem}
+
+ attribute_map_dir: 'attributes-map'
+
+ organization:
+ display_name:
+ - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it']
+ name:
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it']
+ url:
+ - [ 'https://change_with_SATOSA_ORGANIZATION_URL_EN', 'en']
+ - [ 'https://change_with_SATOSA_ORGANIZATION_URL_IT', 'it']
+
+ contact_person:
+ - contact_type: 'administrative'
+ company: change_with_SATOSA_ORGANIZATION_NAME_IT
+ email_address: satosa_contact_person_email_address@example.it
+ telephone_number: change_with_SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER
+ cie_info:
+ Public: ''
+ IPACode: ispra_rm
+ Municipality: H501
+
+
+ metadata:
+ local: [./metadata/idp/]
+ # using pyFF or other MDX server
+ # mdq:
+ # - url: "http://mdq.auth.unical.it/static/sha1"
+ # cert: mdq.pem
+
+ entityid: '//metadata'
+ accepted_time_diff: 10
+
+ service:
+ sp:
+ ui_info:
+ display_name:
+ - lang: en
+ text: change with $SATOSA_UI_DISPLAY_NAME_EN
+ - lang: it
+ text: change with $SATOSA_UI_DISPLAY_NAME_IT
+ description:
+ - lang: en
+ text: change with $SATOSA_UI_DESCRIPTION_EN
+ - lang: it
+ text: change with $SATOSA_UI_DESCRIPTION_IT
+ information_url:
+ - lang: en
+ text: change with $SATOSA_UI_INFORMATION_URL_EN
+ - lang: it
+ text: change with $SATOSA_UI_INFORMATION_URL_IT
+ privacy_statement_url:
+ - lang: en
+ text: change with $SATOSA_UI_PRIVACY_URL_EN
+ - lang: it
+ text: change with $SATOSA_UI_PRIVACY_URL_IT
+ logo:
+ text: change with $SATOSA_UI_LOGO_URL
+ width: change with $SATOSA_UI_LOGO_WIDTH
+ height: change with $SATOSA_UI_LOGO_HEIGHT
+
+ # sign dig and enc
+ authn_requests_signed: true
+ want_response_signed: true
+ want_assertions_signed: true
+
+ signing_algorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+ digest_algorithm: "http://www.w3.org/2001/04/xmlenc#sha256"
+
+ # security
+ only_use_keys_in_metadata: true
+
+ # it depends by acr level, see spidsaml2.authn_request
+ # force_authn: false
+
+ name_id_format_allow_create: false
+ name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+ requested_attribute_name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'
+ allow_unknown_attributes: true
+
+ # in production different workers do not share the same storage!
+ allow_unsolicited: true
+
+ # this instantiate the attribute_consuming_service
+ required_attributes: [
+ 'name',
+ 'familyName',
+ 'dateOfBirth',
+ 'fiscalNumber',
+ ]
+
+ #optional_attributes: ['gender',
+ # 'companyName',
+ # 'registeredOffice',
+ # 'ivaCode',
+ # 'idCard',
+ # 'digitalAddress',
+ # 'placeOfBirth',
+ # 'countyOfBirth',
+ # 'dateOfBirth',
+ # 'address',
+ # 'mobilePhone',
+ # 'expirationDate']
+
+ endpoints:
+ assertion_consumer_service:
+ - [//acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+ single_logout_service:
+ - [//ls/post/, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+ discovery_response:
+ - [//disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
+
+ # disco_srv must be defined if there is more than one IdP in the metadata specified above
+ disco_srv: "https://sso.isprambiente.it/static/disco.html"
diff --git a/example/plugins/backends/saml2_backend.yaml b/example/plugins/backends/saml2_backend.yaml
index 7013372c..efd35f42 100644
--- a/example/plugins/backends/saml2_backend.yaml
+++ b/example/plugins/backends/saml2_backend.yaml
@@ -12,17 +12,31 @@ config:
encryption_keypairs:
- {'key_file': ./pki/privkey.pem, 'cert_file': ./pki/cert.pem}
- organization: {display_name: 'Saml2 Authentication Proxy', name: 'proxy.auth', url: 'https://spid.proxy.example.org'}
+ organization:
+ display_name:
+ - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it']
+ name:
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it']
+ url:
+ - [ 'change with $SATOSA_ORGANIZATION_URL_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_URL_IT', 'it']
contact_person:
- - {contact_type: technical, email_address: "mailto:supporto.tecnico@example.org", given_name: Technical}
- - {contact_type: support, email_address: "mailto:richieste.ict@example.org", given_name: Support}
+ - contact_type: technical
+ given_name: change with $SATOSA_CONTACT_PERSON_GIVEN_NAME
+ email_address: change with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS
metadata:
local: [./metadata/idp/]
+ mdq:
+ - url: "https://mdx.idem.garr.it/edugain/"
+ cert: ./pki/dem-mdx-service-crt.pem
+ freshness_period: P0Y0M0DT1H0M0S
# using pyFF or other MDX server
# mdq:
# - url: "http://mdq.auth.unical.it/static/sha1"
- # cert: mdq.pem
+ # cert: mdq.pem
entityid: '//metadata'
accepted_time_diff: 300
@@ -32,25 +46,28 @@ config:
ui_info:
display_name:
- lang: en
- text: "Saml2 Authentication Proxy"
+ text: change with $SATOSA_UI_DISPLAY_NAME_EN
+ - lang: it
+ text: change with $SATOSA_UI_DISPLAY_NAME_IT
description:
- lang: en
- text: "Saml2 Authentication Proxy"
- # information_url:
- # - lang: en
- # text: "http://sp.information.url/"
- #privacy_statement_url:
- #- lang: en
- #text: "https://www.example.org/privacy/"
- keywords:
+ text: change with $SATOSA_UI_DESCRIPTION_EN
- lang: it
- text: ["Saml2 Authentication Proxy", "Service Provider IT"]
+ text: change with $SATOSA_UI_DESCRIPTION_IT
+ information_url:
+ - lang: en
+ text: change with $SATOSA_UI_INFORMATION_URL_EN
+ - lang: it
+ text: change with $SATOSA_UI_INFORMATION_URL_IT
+ privacy_statement_url:
- lang: en
- text: ["Saml2 Authentication Proxy", "Service Provider EN"]
+ text: change with $SATOSA_UI_PRIVACY_URL_EN
+ - lang: it
+ text: change with $SATOSA_UI_PRIVACY_URL_IT
logo:
- text: "https://www.example.org/static/img/logo.svg"
- width: "100"
- height: "50"
+ text: change with $SATOSA_UI_LOGO_URL
+ width: change with $SATOSA_UI_LOGO_WIDTH
+ height: change with $SATOSA_UI_LOGO_HEIGHT
only_use_keys_in_metadata: true
force_authn: true
@@ -66,6 +83,8 @@ config:
signing_algorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
digest_algorithm: "http://www.w3.org/2001/04/xmlenc#sha256"
+ required_attributes: [name, surname]
+
endpoints:
assertion_consumer_service:
- [//acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
@@ -78,4 +97,5 @@ config:
name_id_format_allow_create: false
# disco_srv must be defined if there is more than one IdP in the metadata specified above
- disco_srv: "https://localhost:9999/disco.html"
+ # disco_srv: "https://localhost:9999/disco.html"
+ disco_srv: change with $SATOSA_DISCO_SRV
diff --git a/example/plugins/backends/spidsaml2_backend.yaml b/example/plugins/backends/spidsaml2_backend.yaml
index 80ae4cd4..f0140899 100644
--- a/example/plugins/backends/spidsaml2_backend.yaml
+++ b/example/plugins/backends/spidsaml2_backend.yaml
@@ -34,18 +34,31 @@ config:
attribute_map_dir: 'attributes-map'
- organization: { display_name: [['Saml2 Authentication Proxy', 'it']], name: [['Spid Authentication Proxy', 'it']], url: [['https://spid.proxy.example.org', 'it']]}
+ organization:
+ display_name:
+ - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it']
+ name:
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it']
+ url:
+ - [ 'https://change_with_SATOSA_ORGANIZATION_URL_EN', 'en']
+ - [ 'https://change_with_SATOSA_ORGANIZATION_URL_IT', 'it']
contact_person:
- - {'contact_type': 'other', 'telephone_number': '+398475634785', 'email_address': 'tech-info@example.org', 'VATNumber': 'IT12345678901', 'FiscalCode': 'XYZABCAAMGGJ000W', 'Public': ''}
- # - {'contact_type': 'other', 'telephone_number': '+3984756344785', 'email_address': 'info@example.org', 'VATNumber': 'IT12345678901', 'FiscalCode': 'XYasdasdadasdGGJ000W', 'Private': '' }
- # - {'contact_type': 'billing', 'telephone_number': '+3984756344785', 'email_address': 'info@example.org', 'company': 'example s.p.a.', 'CodiceFiscale': 'NGLMRA80A01D086T', 'IdCodice': '983745349857', 'IdPaese': 'IT', 'Denominazione': 'Destinatario Fatturazione', 'Indirizzo': 'via tante cose', 'NumeroCivico': '12', 'CAP': '87100', 'Comune': 'Cosenza', 'Provincia': 'CS', 'Nazione': 'IT' }
+ - contact_type: 'other'
+ given_name: change with $SATOSA_CONTACT_PERSON_GIVEN_NAME
+ email_address: change_with@SATOSA_CONTACT_PERSON_EMAIL_ADDRESS.it
+ telephone_number: +398475634785
+ FiscalCode: change with $SATOSA_CONTACT_PERSON_FISCALCODE
+ Public: ''
+ # - {'contact_type': 'other', 'telephone_number': '+3984756344785', 'email_address': 'info@example.org', 'VATNumber': 'IT12345678901', 'FiscalCode': 'XYasdasdadasdGGJ000W', 'Private': '' }
+ # - {'contact_type': 'billing', 'telephone_number': '+3984756344785', 'email_address': 'info@example.org', 'company': 'example s.p.a.', 'CodiceFiscale': 'NGLMRA80A01D086T', 'IdCodice': '983745349857', 'IdPaese': 'IT', 'Denominazione': 'Destinatario Fatturazione', 'Indirizzo': 'via tante cose', 'NumeroCivico': '12', 'CAP': '87100', 'Comune': 'Cosenza', 'Provincia': 'CS', 'Nazione': 'IT' }
metadata:
local: [./metadata/idp/]
# using pyFF or other MDX server
# mdq:
- # - url: "http://mdq.auth.unical.it/static/sha1"
# cert: mdq.pem
ficep_enable: True
ficep_entity_id: https://sp-proxy.eid.gov.it/spproxy/idpit
@@ -59,25 +72,33 @@ config:
ui_info:
display_name:
- lang: en
- text: "SPID Authentication Proxy"
+ text: change with $SATOSA_UI_DISPLAY_NAME_EN
+ - lang: it
+ text: change with $SATOSA_UI_DISPLAY_NAME_IT
description:
- lang: en
- text: "SPID Authentication Proxy"
- # information_url:
- # - lang: en
- # text: "http://sp.information.url/"
- #privacy_statement_url:
- #- lang: en
- #text: "https://www.example.org/privacy/"
+ text: change with $SATOSA_UI_DESCRIPTION_EN
+ - lang: it
+ text: change with $SATOSA_UI_DESCRIPTION_IT
+ information_url:
+ - lang: en
+ text: change with $SATOSA_UI_INFORMATION_URL_EN
+ - lang: it
+ text: change with $SATOSA_UI_INFORMATION_URL_IT
+ privacy_statement_url:
+ - lang: en
+ text: https://change_with_SATOSA_UI_PRIVACY_URL_EN
+ - lang: it
+ text: https://change_with_SATOSA_UI_PRIVACY_URL_IT
keywords:
- lang: it
text: ["SPID Authentication Proxy", "SPID Service Provider IT"]
- lang: en
text: ["SPID Authentication Proxy", "SPID Service Provider EN"]
logo:
- text: "https://www.spid.gov.it/assets/img/spid-ico-circle-bb.svg"
- width: "100"
- height: "100"
+ text: change with $SATOSA_UI_LOGO_URL
+ width: change with $SATOSA_UI_LOGO_WIDTH
+ height: change with $SATOSA_UI_LOGO_HEIGHT
# sign dig and enc
authn_requests_signed: true
@@ -102,11 +123,7 @@ config:
allow_unsolicited: true
# this instantiate the attribute_consuming_service
- required_attributes: ['spidCode',
- 'name',
- 'familyName',
- 'fiscalNumber',
- 'email']
+ required_attributes: ['spidCode', 'name', 'familyName', 'fiscalNumber', 'email']
#optional_attributes: ['gender',
# 'companyName',
@@ -132,4 +149,6 @@ config:
- [//disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
# disco_srv must be defined if there is more than one IdP in the metadata specified above
+ # disco_srv: change with $SATOSA_DISCO_SRV
disco_srv: "https://localhost:9999/disco.html"
+
diff --git a/example/plugins/frontends/saml2_frontend.yaml b/example/plugins/frontends/saml2_frontend.yaml
index 236f21dd..e74b6fda 100644
--- a/example/plugins/frontends/saml2_frontend.yaml
+++ b/example/plugins/frontends/saml2_frontend.yaml
@@ -8,10 +8,20 @@ config:
entityid_endpoint: true
idp_config:
- organization: {display_name: 'Saml2 Authentication Proxy', name: 'proxy.auth', url: 'https://spid.proxy.example.org'}
+ organization:
+ display_name:
+ - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en']
+ - [ 'change with $SAOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it']
+ name:
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it']
+ url:
+ - [ 'change with $SATOSA_ORGANIZATION_URL_EN', 'en']
+ - [ 'change with $SATOSA_ORGANIZATION_URL_IT', 'it']
contact_person:
- - {contact_type: technical, email_address: "mailto:supporto.tecnico@example.org", given_name: Technical}
- - {contact_type: support, email_address: "mailto:richieste.ict@example.org", given_name: Support}
+ - contact_type: technical
+ given_name: change with $SATOSA_CONTACT_PERSON_GIVEN_NAME
+ email_address: change with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS
attribute_map_dir: 'attributes-map'
@@ -46,25 +56,28 @@ config:
ui_info:
display_name:
- lang: en
- text: "Authentication Proxy"
+ text: change with $SATOSA_UI_DISPLAY_NAME_EN
+ - lang: it
+ text: change with $SATOSA_UI_DISPLAY_NAME_IT
description:
- lang: en
- text: "Authentication Proxy"
- # information_url:
- # - lang: en
- # text: "http://sp.information.url/"
+ text: change with $SATOSA_UI_DESCRIPTION_EN
+ - lang: it
+ text: change with $SATOSA_UI_DESCRIPTION_IT
+ information_url:
+ - lang: en
+ text: change with $SATOSA_UI_INFORMATION_URL_EN
+ - lang: it
+ text: change with $SATOSA_UI_INFORMATION_URL_IT
privacy_statement_url:
- lang: en
- text: "https://www.example.org/privacy/"
- keywords:
+ text: change with $SATOSA_UI_PRIVACY_URL_EN
- lang: it
- text: ["Authentication Proxy", "IdP IT"]
- - lang: en
- text: ["Authentication Proxy", "IdP EN"]
+ text: change with $SATOSA_UI_PRIVACY_URL_IT
logo:
- text: "https://www.spid.gov.it/assets/img/spid-ico-circle-bb.svg"
- width: "100"
- height: "100"
+ text: change with $SATOSA_UI_LOGO_URL
+ width: change with $SATOSA_UI_LOGO_WIDTH
+ height: change with $SATOSA_UI_LOGO_HEIGHT
name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
# want_authn_requests_signed: true
diff --git a/example/plugins/microservices/target_based_routing.yaml b/example/plugins/microservices/target_based_routing.yaml
index 526ff9f3..74f28c5f 100644
--- a/example/plugins/microservices/target_based_routing.yaml
+++ b/example/plugins/microservices/target_based_routing.yaml
@@ -8,6 +8,7 @@ config:
"http://idpspid.testunical.it:8088": "spidSaml2"
"https://validator.spid.gov.it": "spidSaml2"
"https://localhost:8080": "spidSaml2"
+ "https://preproduzione.idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO": "cieSaml2"
# put here all the others
"https://loginspid.aruba.it": "spidSaml2"
"https://identity.infocert.it": "spidSaml2"
@@ -19,3 +20,5 @@ config:
"https://spid.register.it": "spidSaml2"
"https://login.id.tim.it/affwebservices/public/saml2sso": "spidSaml2"
"https://sp-proxy.eid.gov.it/spproxy/idpitmetadata": "spidSaml2"
+ "https://spid.teamsystem.com/idp": "spidSaml2"
+ "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO": "cieSaml2"
diff --git a/example/proxy_conf.yaml b/example/proxy_conf.yaml
index 495ad710..f60862ee 100644
--- a/example/proxy_conf.yaml
+++ b/example/proxy_conf.yaml
@@ -27,6 +27,7 @@ CUSTOM_PLUGIN_MODULE_PATHS:
BACKEND_MODULES:
- "plugins/backends/saml2_backend.yaml"
- "plugins/backends/spidsaml2_backend.yaml"
+ - "plugins/backends/ciesaml2_backend.yaml"
FRONTEND_MODULES:
- "plugins/frontends/saml2_frontend.yaml"
- "plugins/frontends/oidc_op_frontend.yaml"
@@ -94,12 +95,12 @@ LOGGING:
satosa.frontends.saml2:
level: DEBUG
formatter: simple
- handlers: [saml2_debug_file]
+ handlers: [console]
propagate: no
satosa.backends.saml2:
level: DEBUG
formatter: simple
- handlers: [saml2_debug_file]
+ handlers: [console]
propagate: no
satosa.frontends.idpy_oidcop:
level: DEBUG
@@ -109,7 +110,7 @@ LOGGING:
backends.spidsaml2:
level: INFO
formatter: simple
- handlers: [spid_daily]
+ handlers: [console]
propagate: no
# root:
diff --git a/example/run.sh b/example/run.sh
new file mode 100644
index 00000000..bb7c6a51
--- /dev/null
+++ b/example/run.sh
@@ -0,0 +1,191 @@
+#!/bin/bash
+
+update_yaml () {
+ if [[ -n "${3}" ]]; then
+ UPDATE="${2} |= \"${3}\""
+ yq -yi "$UPDATE" $1
+ echo "yaml_update $1 (${2}) updated"
+ else
+ echo "yaml_update $1 (${2}) loaded with default value"
+ fi
+}
+
+# Update proxy_conf.yaml .BASE with SATOSA_BASE env
+update_yaml proxy_conf.yaml ".BASE" "$SATOSA_BASE"
+# Update proxy_conf.yaml .STATE_ENCRYPTION_KEY with $SATOSA_ENCRYPTION_KEY
+update_yaml proxy_conf.yaml ".STATE_ENCRYPTION_KEY" "$SATOSA_STATE_ENCRYPTION_KEY"
+# Update proxy_conf.yaml .USER_ID_HASH_SALT with $SATOSA_USER_ID_HASH_SALT
+update_yaml proxy_conf.yaml ".USER_ID_HASH_SALT" "$SATOSA_SALT"
+# Update proxy_conf.yaml .UNKNOW_ERROR_REDIRECT_PAGE with $SATOSA_UNKNOW_ERROR_REDIRECT_PAGE env
+update_yaml proxy_conf.yaml ".UNKNOW_ERROR_REDIRECT_PAGE" "$SATOSA_UNKNOW_ERROR_REDIRECT_PAGE"
+
+# Update spidsaml2_backend.yaml and cieSaml2_backend.saml with $SATOSA_BASE env
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.static_storage_url" "$SATOSA_BASE"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.static_storage_url" "$SATOSA_BASE"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN / IT
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN"
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_ORGANIZATION_NAME_EN / IT
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN"
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.name[1][0]" "$SATOSA_ORGANIZATION_NAME_IT"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.name[1][0]" "$SATOSA_ORGANIZATION_NAME_IT"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].company" "$SATOSA_ORGANIZATION_NAME_IT"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.name[1][0]" "$SATOSA_ORGANIZATION_NAME_IT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_ORGANIZATION_URL_EN / IT
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN"
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_GIVEN_NAME
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.contact_person[0].given_name" "$SATOSA_CONTACT_PERSON_GIVEN_NAME"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].given_name" "$SATOSA_CONTACT_PERSON_GIVEN_NAME"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.contact_person[0].given_name" "$SATOSA_CONTACT_PERSON_GIVEN_NAME"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS"
+
+# Update spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].telephone_number" "$SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].telephone_number" "$SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER"
+
+# Update spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_FISCALCODE
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].FiscalCode" "$SATOSA_CONTACT_PERSON_FISCALCODE"
+
+# Update ciesaml2_backend with $SATOSA_CONTACT_PERSON_IPA_CODE
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].cie_info.IPACode" "$SATOSA_CONTACT_PERSON_IPA_CODE"
+
+# Update ciesaml2_backend with $SATOSA_CONTACT_PERSON_MUNICIPALITY
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].cie_info.Municipality" "$SATOSA_CONTACT_PERSON_MUNICIPALITY"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_DISPLAY_NAME_EN / IT
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN"
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_DESCRIPTION_EN / IT
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN"
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_INFORMATION_URL_EN / IT
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN"
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_PRIVACY_URL_EN / IT
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN"
+update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT"
+update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT"
+update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT"
+update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_LOGO_URL / WIDTH / HEIGHT
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.service.idp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL"
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.service.idp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH"
+update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT"
+update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.service.idp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT"
+
+# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_DISCO_SRV
+update_yaml plugins/backends/saml2_backend.yaml ".config.disco_srv" "$SATOSA_DISCO_SRV"
+update_yaml plugins/backends/spidsaml2_backend.yaml ".config.disco_srv" "$SATOSA_DISCO_SRV"
+update_yaml plugins/backends/ciesaml2_backend.yaml ".config.disco_srv" "$SATOSA_DISCO_SRV"
+
+# Set username and password for mongodb in oidc_op_frontend with $SATOSA_MONGODB_USERNAME and $SATOSA_MONGODB_PASSWORD
+update_yaml plugins/frontends/oidc_op_frontend.yaml ".config.storage.kwargs.connection_params.username" "$MONGODB_USERNAME"
+update_yaml plugins/frontends/oidc_op_frontend.yaml ".config.storage.kwargs.connection_params.password" "$MONGODB_PASSWORD"
+
+# Set encrypt password and salt for oidc_op_frontend with $SATOSA_SALT and $
+update_yaml plugins/frontends/oidc_op_frontend.yaml ".config.op.server_info.session_params.password" "$SATOSA_ENCRYPTION_KEY"
+update_yaml plugins/frontends/oidc_op_frontend.yaml ".config.op.server_info.session_params.salt" "$SATOSA_SALT"
+update_yaml plugins/frontends/oidc_op_frontend.yaml ".config.op.server_info.session_params.sub_func.pairwise.kwargs.salt" "$SATOSA_SALT"
+update_yaml plugins/frontends/oidc_op_frontend.yaml ".config.op.server_info.session_params.sub_func.pairwise.kwargs.salt" "$SATOSA_SALT"
+
+# Update saml2_backend.yaml requested_attributes
+if [[ -v SATOSA_SAML2_REQUESTED_ATTRIBUTES ]]; then
+ yq -yi --argjson a "${SATOSA_SAML2_REQUESTED_ATTRIBUTES}" '.config.sp_config.service.sp.requested_attributes |= $a' plugins/backends/saml2_backend.yaml
+ echo "yaml_update plugins/backends/saml2_backend.yaml requested_attributes updated"
+else
+ echo "yaml_update plugins/backends/saml2_backend.yaml requested_attributes loaded with default value"
+fi
+
+# Update spidsaml2_backend requested_attributes
+if [[ -v SATOSA_SPID_REQUESTED_ATTRIBUTES ]]; then
+ yq -yi --argjson a "${SATOSA_SPID_REQUESTED_ATTRIBUTES}" '.config.sp_config.service.sp.requested_attributes |= $a' plugins/backends/spidsaml2_backend.yaml
+ echo "yaml_update plugins/backends/spidsaml2_backend.yaml requested_attributes updated"
+else
+ echo "yaml_update plugins/backends/spidsaml2_backend.yaml requested_attributes loaded with default value"
+fi
+
+# import satosa keys with $SATOSA_PUBLIC_KEY and $SATOSA_PRIVATE_KEY, both must be present
+if [[ -v SATOSA_PRIVATE_KEY && -v SATOSA_PUBLIC_KEY ]]; then
+ echo $SATOSA_PRIVATE_KEYS > pki/privkey.pem
+ echo $SATOSA_PUBLIC_KEY > pki/cert.pem
+ echo "Satosa keys imported"
+else
+ echo "satosa has loaded default keys"
+fi
+
+# get IDEM MDQ key
+wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O pki/idem-mdx-service-crt.pem
+
+if [[ -v SATOSA_BY_DOCKER ]]; then
+ SATOSA_APP=/usr/lib/python3.8/site-packages/satosa
+# in questo modo parla uwsgi, dal browser sulla porta 10000 si ha un errore e in nginx va utilizzato uwsgi_pass
+ uwsgi --wsgi-file $SATOSA_APP/wsgi.py --socket 0.0.0.0:10000 --callable app -b 32768 --processes 4 --threads 2
+
+# in questo modo parla in http, può essere raggiunto anche dal browser direttamente e in nginx occorre utilizzare il proxy http
+# uwsgi --wsgi-file $SATOSA_APP/wsgi.py --http 0.0.0.0:10000 --callable app -b 32768 --processes 4 --threads 2
+else
+ export SATOSA_APP=$VIRTUAL_ENV/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa
+ uwsgi --uid 1000 --https 0.0.0.0:9999,$BASEDIR/pki/cert.pem,$BASEDIR/pki/privkey.pem --check-static-docroot --check-static $BASEDIR/static/ --static-index disco.html &
+ P1=$!
+ uwsgi --uid 1000 --wsgi-file $SATOSA_APP/wsgi.py --https 0.0.0.0:10000,$BASEDIR/pki/cert.pem,$BASEDIR/pki/privkey.pem --callable app -b 32648
+ P2=$!
+ wait $P1 $P2
+fi
diff --git a/example/static/cie/cie_black.svg b/example/static/cie/cie_black.svg
new file mode 100644
index 00000000..7052f9c6
--- /dev/null
+++ b/example/static/cie/cie_black.svg
@@ -0,0 +1,62 @@
+
+
+
+ Risorsa 2
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Risorsa 2
+
+
+
+
diff --git a/example/static/cie/cie_white.svg b/example/static/cie/cie_white.svg
new file mode 100644
index 00000000..be1851ab
--- /dev/null
+++ b/example/static/cie/cie_white.svg
@@ -0,0 +1 @@
+Risorsa 2
\ No newline at end of file
diff --git a/example/static/disco.html b/example/static/disco.html
index 3e119491..0920a970 100644
--- a/example/static/disco.html
+++ b/example/static/disco.html
@@ -131,9 +131,12 @@ Benvenuto in Nome Organizzazione Spid Discovery Service
Se sei già in possesso di un'identità digitale, accedi con le credenziali del tuo gestore.
Se non hai ancora una identità SPID richiedila ad uno dei gestori.
-
+
eIDAS è il sistema di interoperabilità delle identità digitale europeo. Tramite eIDAS puoi accedere utilizzando il sistema di identità digitale degli altri paesi europei.
+
+ CIE è il sistema di accesso che consente di utilizzare la propria carta di identità elettronica come identità digitale.
+
Seleziona il Provider di Identità presso il quale desideri autenticarti
@@ -142,17 +145,7 @@
Benvenuto in Nome Organizzazione Spid Discovery Service
-
+
+
+
+
+
diff --git a/example/static/eidas/img/ficep-it-eidas-bn.svg b/example/static/eidas/img/ficep-it-eidas-bn.svg
new file mode 100644
index 00000000..1ce2c02c
--- /dev/null
+++ b/example/static/eidas/img/ficep-it-eidas-bn.svg
@@ -0,0 +1,88 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/example/static/idem/img/IDEM.svg b/example/static/idem/img/IDEM.svg
new file mode 100644
index 00000000..7c0f3b70
--- /dev/null
+++ b/example/static/idem/img/IDEM.svg
@@ -0,0 +1,199 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/example/static/spid/spid-ico-circle-bb.svg b/example/static/spid/spid-ico-circle-bb.svg
old mode 100644
new mode 100755
diff --git a/example/static/spid/spid-idp-infocertid.svg b/example/static/spid/spid-idp-infocertid.svg
old mode 100644
new mode 100755
diff --git a/example/static/spid/spid-idp-intesaid.svg b/example/static/spid/spid-idp-intesaid.svg
index 268f87f1..a83a7290 100644
--- a/example/static/spid/spid-idp-intesaid.svg
+++ b/example/static/spid/spid-idp-intesaid.svg
@@ -1,38 +1,57 @@
-
+
+ viewBox="0 0 608 181.8" style="enable-background:new 0 0 608 181.8;" xml:space="preserve">
-
-
-
+
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/example/static/spid/spid-idp-lepidaid.svg b/example/static/spid/spid-idp-lepidaid.svg
index 0eb4df31..88f05576 100644
--- a/example/static/spid/spid-idp-lepidaid.svg
+++ b/example/static/spid/spid-idp-lepidaid.svg
@@ -1,45 +1,52 @@
-
+
+ viewBox="0 0 366.19 133.57" style="enable-background:new 0 0 366.19 133.57;" xml:space="preserve">
-
-
-
-
-
+
-
-
+
+
+
+
+
-
+
diff --git a/example/static/spid/spid-idp-posteid.svg b/example/static/spid/spid-idp-posteid.svg
old mode 100644
new mode 100755
diff --git a/example/static/spid/spid-idp-sielteid.svg b/example/static/spid/spid-idp-sielteid.svg
index 8615bfcb..ae3a780b 100644
--- a/example/static/spid/spid-idp-sielteid.svg
+++ b/example/static/spid/spid-idp-sielteid.svg
@@ -1,76 +1,585 @@
-
-
-
-
-
-
-
-
-
-
+
+
+
+
diff --git a/example/static/spid/spid-idp-teamsystemid.svg b/example/static/spid/spid-idp-teamsystemid.svg
new file mode 100644
index 00000000..87a9904b
--- /dev/null
+++ b/example/static/spid/spid-idp-teamsystemid.svg
@@ -0,0 +1,410 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/example/static/spid/spid-idp-timid.svg b/example/static/spid/spid-idp-timid.svg
old mode 100644
new mode 100755
diff --git a/example/static/spid/spid-idps.js b/example/static/spid/spid-idps.js
index 0e6b0e11..90b78696 100644
--- a/example/static/spid/spid-idps.js
+++ b/example/static/spid/spid-idps.js
@@ -16,7 +16,8 @@ const idps = [
{"entityName": "Poste ID", "entityID": "https://posteid.poste.it", "logo": "spid/spid-idp-posteid.svg"},
{"entityName": "Sielte ID", "entityID": "https://identity.sieltecloud.it", "logo": "spid/spid-idp-sielteid.svg"},
{"entityName": "SPIDItalia Register.it", "entityID": "https://spid.register.it", "logo": "spid/spid-idp-spiditalia.svg"},
- {"entityName": "Tim ID", "entityID": "https://login.id.tim.it/affwebservices/public/saml2sso", "logo": "spid/spid-idp-timid.svg"}
+ {"entityName": "Tim ID", "entityID": "https://login.id.tim.it/affwebservices/public/saml2sso", "logo": "spid/spid-idp-timid.svg"},
+ {"entityName": "TeamSystem ID", "entityID": "https://spid.teamsystem.com/idp", "logo": "spid/spid-idp-teamsystemid.svg"}
].sort(() => Math.random() - 0.5)
// ** Values **
diff --git a/gallery/docker-design.svg b/gallery/docker-design.svg
new file mode 100644
index 00000000..3cf98d39
--- /dev/null
+++ b/gallery/docker-design.svg
@@ -0,0 +1,390 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Internet
+
+ Docker
+ 80 - 443
+ NGINX
+ Mongo DB
+ Satosa-SAML2Spid
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/mongo/docker-compose.yml b/mongo/docker-compose.yml
deleted file mode 100644
index 7a287967..00000000
--- a/mongo/docker-compose.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Use root/example as user/password credentials
-version: '3.1'
-
-services:
-
- mongo:
- image: mongo
- restart: always
- environment:
- MONGO_INITDB_ROOT_USERNAME: root
- MONGO_INITDB_ROOT_PASSWORD: example
-
- mongo-express:
- image: mongo-express
- restart: always
- ports:
- - 8081:8081
- environment:
- ME_CONFIG_MONGODB_ADMINUSERNAME: root
- ME_CONFIG_MONGODB_ADMINPASSWORD: example
- ME_CONFIG_MONGODB_URL: mongodb://root:example@mongo:27017/