ndmanvar/gist:67b5358357d90a4231d70a7cafe7b26a

## gistfile1.txt
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_8e843b0b-c296-4e57-a7d7-4ec6ddc1f724" entityID="https://sts.windows.net/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/">
   <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
      <KeyDescriptor use="signing">
         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data>
               <X509Certificate>MIIC8DCCAdigAwIBAgIQOqpXXX/WqqRK2f2fwUSQ3TANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0xODA1MjMxNjQxMzVaFw0yMTA1MjMxNjQxMzVaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYy3nufhxToFxt98nkNZyYNwX6nymBaja4zr3V4jlhnrf6C75omOwRYcs7MR3ENeFexudasXqernoKodHgl+/HFpFXL1uputm4ouYINunpjMrirUMfuYOcMWTGKAInzuEH2eHSCXVachD2sYNIOR9WqttVQvDTVZrkARHW9x7GcFefwzvT61LkbC+mBQm/XfauKy1B8tFEBL48AcdWjbS0BDROANjNKrBVy9U7ozOnCuymYY5gRFDvCSZvKWeEpJj9cgwkgpAmfWgXv1HiCJrVFpxE3eRPh+2fgMyd+jeBf2PdZPlyxsrHA+507BZCLFQ0Ah9SHnEYMSuIuSVbQOBQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBc+6x7vaSCu0gh92HKGTxwc/3AkE0ddISG5mFyk5iOWs129R9bJ7ZE25XLsF/xysfWnLSo1p0gIoyV1+EkgAzaznA0RsUHIXRkMmH+oSYrDRocBZAGddHP2nMnkfgFQgQDjvOhTvgXspnjKawJvPQ/g6p1Xpnnb4HTcudR6h917061W519o7rBZo4QWKv3erPhkeioQz8YETi+29SoHSUn8T3421V5q1Da4VOd0UHj8qQxasW+ba4bUXYKF83cjwSXd0WmmTyzpdKqPTc/o+jP5rjRtwOHVGgZiLGMhC7i7X2XRfVTI7TohVbcPCsRWeY4WNgE3xy6lKQvUf5XNsTw</X509Certificate>
            </X509Data>
         </KeyInfo>
      </KeyDescriptor>
      <fed:ClaimTypesOffered>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
            <auth:DisplayName>Name</auth:DisplayName>
            <auth:Description>The mutable display name of the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
            <auth:DisplayName>Subject</auth:DisplayName>
            <auth:Description>An immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
            <auth:DisplayName>Given Name</auth:DisplayName>
            <auth:Description>First name of the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
            <auth:DisplayName>Surname</auth:DisplayName>
            <auth:Description>Last name of the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/displayname" Optional="true">
            <auth:DisplayName>Display Name</auth:DisplayName>
            <auth:Description>Display name of the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/nickname" Optional="true">
            <auth:DisplayName>Nick Name</auth:DisplayName>
            <auth:Description>Nick name of the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
            <auth:DisplayName>Authentication Instant</auth:DisplayName>
            <auth:Description>The time (UTC) when the user is authenticated to Windows Azure Active Directory.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
            <auth:DisplayName>Authentication Method</auth:DisplayName>
            <auth:Description>The method that Windows Azure Active Directory uses to authenticate users.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/objectidentifier" Optional="true">
            <auth:DisplayName>ObjectIdentifier</auth:DisplayName>
            <auth:Description>Primary identifier for the user in the directory. Immutable, globally unique, non-reusable.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/tenantid" Optional="true">
            <auth:DisplayName>TenantId</auth:DisplayName>
            <auth:Description>Identifier for the user's tenant.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/identityprovider" Optional="true">
            <auth:DisplayName>IdentityProvider</auth:DisplayName>
            <auth:Description>Identity provider for the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
            <auth:DisplayName>Email</auth:DisplayName>
            <auth:Description>Email address of the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" Optional="true">
            <auth:DisplayName>Groups</auth:DisplayName>
            <auth:Description>Groups of the user.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/accesstoken" Optional="true">
            <auth:DisplayName>External Access Token</auth:DisplayName>
            <auth:Description>Access token issued by external identity provider.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" Optional="true">
            <auth:DisplayName>External Access Token Expiration</auth:DisplayName>
            <auth:Description>UTC expiration time of access token issued by external identity provider.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/openid2_id" Optional="true">
            <auth:DisplayName>External OpenID 2.0 Identifier</auth:DisplayName>
            <auth:Description>OpenID 2.0 identifier issued by external identity provider.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/groups.link" Optional="true">
            <auth:DisplayName>GroupsOverageClaim</auth:DisplayName>
            <auth:Description>Issued when number of user's group claims exceeds return limit.</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
            <auth:DisplayName>Role Claim</auth:DisplayName>
            <auth:Description>Roles that the user or Service Principal is attached to</auth:Description>
         </auth:ClaimType>
         <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/wids" Optional="true">
            <auth:DisplayName>RoleTemplate Id Claim</auth:DisplayName>
            <auth:Description>Role template id of the Built-in Directory Roles that the user is a member of</auth:Description>
         </auth:ClaimType>
      </fed:ClaimTypesOffered>
      <fed:SecurityTokenServiceEndpoint>
         <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
         </EndpointReference>
      </fed:SecurityTokenServiceEndpoint>
      <fed:PassiveRequestorEndpoint>
         <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
         </EndpointReference>
      </fed:PassiveRequestorEndpoint>
   </RoleDescriptor>
   <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
      <KeyDescriptor use="signing">
         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data>
               <X509Certificate>MIIC8DCCAdigAwIBAgIQOqpN68/WqqRK2f2fwUSQ3TANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0xODA1MjMxNjQxMzVaFw0yMTA1MjMxNjQxMzVaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYy3nufhxToFxt98nkNZyYNwX6nymBaja4zr3V4jlhnrf6C75omOwRYcs7MR3ENeFexudasXqernoKodHgl+/HFpFXL1uputm4ouYINunpjMrirUMfuYOcMWTGKAInzuEH2eHSCXVachD2sYNIOR9WqttVQvDTVZrkARHW9x7GcFefwzvT61LkbC+mBQm/XfauKy1B8tFEBL48AcdWjbS0BDROANjNKrBVy9U7ozOnCuymYY5gRFDvCSZvKWeEpJj9cgwkgpAmfWgXv1HiCJrVFpxE3eRPh+2fgMyd+jeBf2PdZPlyxsrHA+507BZCLFQ0Ah9SHnEYMSuIuSVbQOBQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBc+6x7vaSCu0gh92HKGTxwc/3AkE0ddISG5mFyk5iOWs129R9bJ7ZE25XLsF/xysfWnLSo1p0gIoyV1+EkgAzaznA0RsUHIXRkMmH+oSYrDRocBZAGddHP2nMnkfgFQgQDjvOhTvgXspnjKawJvPQ/g6p1Xpnnb4HTcudR6h917061W519o7rBZo4QWKv3erPhkeioQz8YETi+29SoHSUn8T3421V5q1Da4VOd0UHj8qQxasW+ba4bUXYKF83cjwSXd0WmmTyzpdKqPTc/o+jP5rjRtwOHVGgZiLGMhC7i7X2XRfVTI7TohVbcPCsRWeY4WNgE3xy6lKQvUf5XNsTw</X509Certificate>
            </X509Data>
         </KeyInfo>
      </KeyDescriptor>
      <fed:TargetScopes>
         <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>https://sts.windows.net/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/</Address>
         </EndpointReference>
      </fed:TargetScopes>
      <fed:ApplicationServiceEndpoint>
         <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
         </EndpointReference>
      </fed:ApplicationServiceEndpoint>
      <fed:PassiveRequestorEndpoint>
         <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
         </EndpointReference>
      </fed:PassiveRequestorEndpoint>
   </RoleDescriptor>
   <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <KeyDescriptor use="signing">
         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data>
               <X509Certificate>MIIC8DCCAdigAwIBAgIQOqpN68/WqqRK2f2fwUSQ3TANBgkqhkiG9w0BAQsFADXXXXwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0xODA1MjMxNjQxMzVaFw0yMTA1MjMxNjQxMzVaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYy3nufhxToFxt98nkNZyYNwX6nymBaja4zr3V4jlhnrf6C75omOwRYcs7MR3ENeFexudasXqernoKodHgl+/HFpFXL1uputm4ouYINunpjMrirUMfuYOcMWTGKAInzuEH2eHSCXVachD2sYNIOR9WqttVQvDTVZrkARHW9x7GcFefwzvT61LkbC+mBQm/XfauKy1B8tFEBL48AcdWjbS0BDROANjNKrBVy9U7ozOnCuymYY5gRFDvCSZvKWeEpJj9cgwkgpAmfWgXv1HiCJrVFpxE3eRPh+2fgMyd+jeBf2PdZPlyxsrHA+507BZCLFQ0Ah9SHnEYMSuIuSVbQOBQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBc+6x7vaSCu0gh92HKGTxwc/3AkE0ddISG5mFyk5iOWs129R9bJ7ZE25XLsF/xysfWnLSo1p0gIoyV1+EkgAzaznA0RsUHIXRkMmH+oSYrDRocBZAGddHP2nMnkfgFQgQDjvOhTvgXspnjKawJvPQ/g6p1Xpnnb4HTcudR6h917061W519o7rBZo4QWKv3erPhkeioQz8YETi+29SoHSUn8T3421V5q1Da4VOd0UHj8qQxasW+ba4bUXYKF83cjwSXd0WmmTyzpdKqPTc/o+jP5rjRtwOHVGgZiLGMhC7i7X2XRfVTI7TohVbcPCsRWeY4WNgE3xy6lKQvUf5XNsTw</X509Certificate>
            </X509Data>
         </KeyInfo>
      </KeyDescriptor>
      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/saml2" />
      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/saml2" />
      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/saml2" />
   </IDPSSODescriptor>
</EntityDescriptor>
	<?xml version="1.0" encoding="UTF-8"?>
	<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_8e843b0b-c296-4e57-a7d7-4ec6ddc1f724" entityID="https://sts.windows.net/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/">
	<RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
	<KeyDescriptor use="signing">
	<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
	<X509Data>
	<X509Certificate>MIIC8DCCAdigAwIBAgIQOqpXXX/WqqRK2f2fwUSQ3TANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0xODA1MjMxNjQxMzVaFw0yMTA1MjMxNjQxMzVaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYy3nufhxToFxt98nkNZyYNwX6nymBaja4zr3V4jlhnrf6C75omOwRYcs7MR3ENeFexudasXqernoKodHgl+/HFpFXL1uputm4ouYINunpjMrirUMfuYOcMWTGKAInzuEH2eHSCXVachD2sYNIOR9WqttVQvDTVZrkARHW9x7GcFefwzvT61LkbC+mBQm/XfauKy1B8tFEBL48AcdWjbS0BDROANjNKrBVy9U7ozOnCuymYY5gRFDvCSZvKWeEpJj9cgwkgpAmfWgXv1HiCJrVFpxE3eRPh+2fgMyd+jeBf2PdZPlyxsrHA+507BZCLFQ0Ah9SHnEYMSuIuSVbQOBQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBc+6x7vaSCu0gh92HKGTxwc/3AkE0ddISG5mFyk5iOWs129R9bJ7ZE25XLsF/xysfWnLSo1p0gIoyV1+EkgAzaznA0RsUHIXRkMmH+oSYrDRocBZAGddHP2nMnkfgFQgQDjvOhTvgXspnjKawJvPQ/g6p1Xpnnb4HTcudR6h917061W519o7rBZo4QWKv3erPhkeioQz8YETi+29SoHSUn8T3421V5q1Da4VOd0UHj8qQxasW+ba4bUXYKF83cjwSXd0WmmTyzpdKqPTc/o+jP5rjRtwOHVGgZiLGMhC7i7X2XRfVTI7TohVbcPCsRWeY4WNgE3xy6lKQvUf5XNsTw</X509Certificate>
	</X509Data>
	</KeyInfo>
	</KeyDescriptor>
	<fed:ClaimTypesOffered>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
	<auth:DisplayName>Name</auth:DisplayName>
	<auth:Description>The mutable display name of the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
	<auth:DisplayName>Subject</auth:DisplayName>
	<auth:Description>An immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
	<auth:DisplayName>Given Name</auth:DisplayName>
	<auth:Description>First name of the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
	<auth:DisplayName>Surname</auth:DisplayName>
	<auth:Description>Last name of the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/displayname" Optional="true">
	<auth:DisplayName>Display Name</auth:DisplayName>
	<auth:Description>Display name of the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/nickname" Optional="true">
	<auth:DisplayName>Nick Name</auth:DisplayName>
	<auth:Description>Nick name of the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true">
	<auth:DisplayName>Authentication Instant</auth:DisplayName>
	<auth:Description>The time (UTC) when the user is authenticated to Windows Azure Active Directory.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true">
	<auth:DisplayName>Authentication Method</auth:DisplayName>
	<auth:Description>The method that Windows Azure Active Directory uses to authenticate users.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/objectidentifier" Optional="true">
	<auth:DisplayName>ObjectIdentifier</auth:DisplayName>
	<auth:Description>Primary identifier for the user in the directory. Immutable, globally unique, non-reusable.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/tenantid" Optional="true">
	<auth:DisplayName>TenantId</auth:DisplayName>
	<auth:Description>Identifier for the user's tenant.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/identityprovider" Optional="true">
	<auth:DisplayName>IdentityProvider</auth:DisplayName>
	<auth:Description>Identity provider for the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
	<auth:DisplayName>Email</auth:DisplayName>
	<auth:Description>Email address of the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" Optional="true">
	<auth:DisplayName>Groups</auth:DisplayName>
	<auth:Description>Groups of the user.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/accesstoken" Optional="true">
	<auth:DisplayName>External Access Token</auth:DisplayName>
	<auth:Description>Access token issued by external identity provider.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" Optional="true">
	<auth:DisplayName>External Access Token Expiration</auth:DisplayName>
	<auth:Description>UTC expiration time of access token issued by external identity provider.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/identity/claims/openid2_id" Optional="true">
	<auth:DisplayName>External OpenID 2.0 Identifier</auth:DisplayName>
	<auth:Description>OpenID 2.0 identifier issued by external identity provider.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/claims/groups.link" Optional="true">
	<auth:DisplayName>GroupsOverageClaim</auth:DisplayName>
	<auth:Description>Issued when number of user's group claims exceeds return limit.</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true">
	<auth:DisplayName>Role Claim</auth:DisplayName>
	<auth:Description>Roles that the user or Service Principal is attached to</auth:Description>
	</auth:ClaimType>
	<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/wids" Optional="true">
	<auth:DisplayName>RoleTemplate Id Claim</auth:DisplayName>
	<auth:Description>Role template id of the Built-in Directory Roles that the user is a member of</auth:Description>
	</auth:ClaimType>
	</fed:ClaimTypesOffered>
	<fed:SecurityTokenServiceEndpoint>
	<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
	<Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
	</EndpointReference>
	</fed:SecurityTokenServiceEndpoint>
	<fed:PassiveRequestorEndpoint>
	<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
	<Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
	</EndpointReference>
	</fed:PassiveRequestorEndpoint>
	</RoleDescriptor>
	<RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
	<KeyDescriptor use="signing">
	<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
	<X509Data>
	<X509Certificate>MIIC8DCCAdigAwIBAgIQOqpN68/WqqRK2f2fwUSQ3TANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0xODA1MjMxNjQxMzVaFw0yMTA1MjMxNjQxMzVaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYy3nufhxToFxt98nkNZyYNwX6nymBaja4zr3V4jlhnrf6C75omOwRYcs7MR3ENeFexudasXqernoKodHgl+/HFpFXL1uputm4ouYINunpjMrirUMfuYOcMWTGKAInzuEH2eHSCXVachD2sYNIOR9WqttVQvDTVZrkARHW9x7GcFefwzvT61LkbC+mBQm/XfauKy1B8tFEBL48AcdWjbS0BDROANjNKrBVy9U7ozOnCuymYY5gRFDvCSZvKWeEpJj9cgwkgpAmfWgXv1HiCJrVFpxE3eRPh+2fgMyd+jeBf2PdZPlyxsrHA+507BZCLFQ0Ah9SHnEYMSuIuSVbQOBQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBc+6x7vaSCu0gh92HKGTxwc/3AkE0ddISG5mFyk5iOWs129R9bJ7ZE25XLsF/xysfWnLSo1p0gIoyV1+EkgAzaznA0RsUHIXRkMmH+oSYrDRocBZAGddHP2nMnkfgFQgQDjvOhTvgXspnjKawJvPQ/g6p1Xpnnb4HTcudR6h917061W519o7rBZo4QWKv3erPhkeioQz8YETi+29SoHSUn8T3421V5q1Da4VOd0UHj8qQxasW+ba4bUXYKF83cjwSXd0WmmTyzpdKqPTc/o+jP5rjRtwOHVGgZiLGMhC7i7X2XRfVTI7TohVbcPCsRWeY4WNgE3xy6lKQvUf5XNsTw</X509Certificate>
	</X509Data>
	</KeyInfo>
	</KeyDescriptor>
	<fed:TargetScopes>
	<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
	<Address>https://sts.windows.net/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/</Address>
	</EndpointReference>
	</fed:TargetScopes>
	<fed:ApplicationServiceEndpoint>
	<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
	<Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
	</EndpointReference>
	</fed:ApplicationServiceEndpoint>
	<fed:PassiveRequestorEndpoint>
	<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
	<Address>https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/wsfed</Address>
	</EndpointReference>
	</fed:PassiveRequestorEndpoint>
	</RoleDescriptor>
	<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
	<KeyDescriptor use="signing">
	<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
	<X509Data>
	<X509Certificate>MIIC8DCCAdigAwIBAgIQOqpN68/WqqRK2f2fwUSQ3TANBgkqhkiG9w0BAQsFADXXXXwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0xODA1MjMxNjQxMzVaFw0yMTA1MjMxNjQxMzVaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYy3nufhxToFxt98nkNZyYNwX6nymBaja4zr3V4jlhnrf6C75omOwRYcs7MR3ENeFexudasXqernoKodHgl+/HFpFXL1uputm4ouYINunpjMrirUMfuYOcMWTGKAInzuEH2eHSCXVachD2sYNIOR9WqttVQvDTVZrkARHW9x7GcFefwzvT61LkbC+mBQm/XfauKy1B8tFEBL48AcdWjbS0BDROANjNKrBVy9U7ozOnCuymYY5gRFDvCSZvKWeEpJj9cgwkgpAmfWgXv1HiCJrVFpxE3eRPh+2fgMyd+jeBf2PdZPlyxsrHA+507BZCLFQ0Ah9SHnEYMSuIuSVbQOBQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBc+6x7vaSCu0gh92HKGTxwc/3AkE0ddISG5mFyk5iOWs129R9bJ7ZE25XLsF/xysfWnLSo1p0gIoyV1+EkgAzaznA0RsUHIXRkMmH+oSYrDRocBZAGddHP2nMnkfgFQgQDjvOhTvgXspnjKawJvPQ/g6p1Xpnnb4HTcudR6h917061W519o7rBZo4QWKv3erPhkeioQz8YETi+29SoHSUn8T3421V5q1Da4VOd0UHj8qQxasW+ba4bUXYKF83cjwSXd0WmmTyzpdKqPTc/o+jP5rjRtwOHVGgZiLGMhC7i7X2XRfVTI7TohVbcPCsRWeY4WNgE3xy6lKQvUf5XNsTw</X509Certificate>
	</X509Data>
	</KeyInfo>
	</KeyDescriptor>
	<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/saml2" />
	<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/saml2" />
	<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/7caf3409-bef6-4552-b9e8-27bfaf66eb0c/saml2" />
	</IDPSSODescriptor>
	</EntityDescriptor>