<classpathentry kind="lib" path="testlib/mockrunner-servlet.jar"/>
<classpathentry kind="lib" path="testlib/nekohtml.jar"/>
<classpathentry kind="lib" path="webApplication/WEB-INF/lib/commons-codec-1.3.jar"/>
+ <classpathentry kind="lib" path="lib/commons-io-1.1.jar"/>
<classpathentry kind="output" path="webApplication/WEB-INF/classes"/>
</classpath>
--- /dev/null
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+ <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+ <AttributeQuery Resource="urn:x-shibtest:SP">
+ <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ </AttributeQuery>
+ </Request>
+</Body></Envelope>
--- /dev/null
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+ <Request IssueInstant="2005-03-01T15:58:17Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+ <AttributeQuery Resource="urn:x-shibtest:SP">
+ <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ </AttributeQuery>
+ </Request>
+</Body></Envelope>
--- /dev/null
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+ <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+ <AttributeQuery Resource="urn:x-shibtest:SP2">
+ <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ </AttributeQuery>
+ </Request>
+</Body></Envelope>
--- /dev/null
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+ <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+ <AttributeQuery Resource="urn:x-shibtest:SP">
+ <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ </AttributeQuery>
+ </Request>
+</Body></Envelope>
--- /dev/null
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+ <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+ <AttributeQuery Resource="urn:x-shibtest:SP">
+ <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ <NameIdentifier Format="urn:mace:shibboleth:test:unknownNameIdentifier" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ </AttributeQuery>
+ </Request>
+</Body></Envelope>
--- /dev/null
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+ <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+ <AttributeQuery Resource="urn:x-shibtest:SP">
+ <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="bar" />
+ <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="bar" />
+ </AttributeQuery>
+ </Request>
+</Body></Envelope>
--- /dev/null
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+ <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+ <AttributeQuery Resource="urn:x-shibtest:SP">
+ <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ </AttributeQuery>
+ </Request>
+</Body></Envelope>
--- /dev/null
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+ <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP</Audience>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AttributeStatement>
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue Scope="example.org">member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>test-handle</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ </Assertion>
+ </Response>
+</soap:Body></soap:Envelope>
--- /dev/null
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+ <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP</Audience>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AttributeStatement>
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue Scope="example.org">member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>test-handle</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ </Assertion>
+ </Response>
+</soap:Body></soap:Envelope>
--- /dev/null
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+ <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP2</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AttributeStatement>
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue Scope="example.org">member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>test-handle</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ </Assertion>
+ </Response>
+</soap:Body></soap:Envelope>
--- /dev/null
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+ <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP</Audience>
+ <Audience>urn:x-shibtest:federation</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AttributeStatement>
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">
+ test-handle
+ </NameIdentifier>
+ </Subject>
+ <Attribute
+ AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation"
+ AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>member</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ </Assertion>
+ </Response>
+</soap:Body></soap:Envelope>
--- /dev/null
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+ <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP</Audience>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AttributeStatement>
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+ </Subject>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>member</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ </Assertion>
+ </Response>
+</soap:Body></soap:Envelope>
--- /dev/null
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+ <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP</Audience>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AttributeStatement>
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">
+ test-handle
+ </NameIdentifier>
+ </Subject>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue Scope="example.org">member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>member</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>test-handle</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+ <ds:Reference URI="[^"]+">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi">
+ </ec:InclusiveNamespaces>
+ </ds:Transform>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+ <ds:DigestValue>[^<]+</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>[^<]+</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>[^<]+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </Assertion>
+ </Response>
+</soap:Body></soap:Envelope>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Simple ARP.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org/shibboleth-idp/AA"
+ resolverConfig="$IDP_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+ providerId="urn:x-shibtest:IdP">
+
+ <RelyingParty name="urn:x-shibtest:SP2" signingCredential="test_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$IDP_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <Logging>
+ <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+ <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+ </Logging>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ type="Principal"
+ handleTTL="1800"/>
+
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <FileResolver Id="test_cred">
+ <Key format="PEM">
+ <Path>$IDP_HOME$/etc/server.key</Path>
+ </Key>
+ <Certificate format="PEM">
+ <Path>$IDP_HOME$/etc/server.crt</Path>
+ </Certificate>
+ </FileResolver>
+ </Credentials>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+ Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+ <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+ <Extensions>
+ <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+ <!-- HEPKI Master Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ <!-- HEPKI Server Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+ </Extensions>
+ <EntityDescriptor entityID="urn:x-shibtest:SP">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="urn:x-shibtest:SP2">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ </EntitiesDescriptor>
+
+</EntitiesDescriptor>
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+ <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
--- /dev/null
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Simplest possible ARP.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org/shibboleth-idp/AA"
+ resolverConfig="$IDP_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+ providerId="urn:x-shibtest:IdP">
+
+ <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <RelyingParty name="urn:x-shibtest:federation" signingCredential="test_cred">
+ <NameID nameMapping="nm2"/>
+ </RelyingParty>
+
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$IDP_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <Logging>
+ <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+ <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+ </Logging>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:mace:shibboleth:1.0:nameIdentifier"
+ type="SharedMemoryShibHandle"
+ handleTTL="1800"/>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="nm2"
+ format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ type="Principal"
+ handleTTL="1800"/>
+
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <FileResolver Id="test_cred">
+ <Key format="PEM">
+ <Path>$IDP_HOME$/etc/server.key</Path>
+ </Key>
+ <Certificate format="PEM">
+ <Path>$IDP_HOME$/etc/server.crt</Path>
+ </Certificate>
+ </FileResolver>
+ </Credentials>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+ Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+ <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+ <Extensions>
+ <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+ <!-- HEPKI Master Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ <!-- HEPKI Server Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+ </Extensions>
+ <EntityDescriptor entityID="urn:x-shibtest:SP">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="urn:x-shibtest:SP2">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ </EntitiesDescriptor>
+
+</EntitiesDescriptor>
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+
+ <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
--- /dev/null
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Simple ARP.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org/shibboleth-idp/AA"
+ resolverConfig="$IDP_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+ providerId="urn:x-shibtest:IdP">
+
+ <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$IDP_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <Logging>
+ <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+ <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+ </Logging>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ type="Principal"
+ handleTTL="1800"/>
+
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <FileResolver Id="test_cred">
+ <Key format="PEM">
+ <Path>$IDP_HOME$/etc/server.key</Path>
+ </Key>
+ <Certificate format="PEM">
+ <Path>$IDP_HOME$/etc/server.crt</Path>
+ </Certificate>
+ </FileResolver>
+ </Credentials>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+ Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+ <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+ <Extensions>
+ <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+ <!-- HEPKI Master Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ <!-- HEPKI Server Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+ </Extensions>
+ <EntityDescriptor entityID="urn:x-shibtest:SP">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="urn:x-shibtest:SP2">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ </EntitiesDescriptor>
+
+</EntitiesDescriptor>
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+ <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
--- /dev/null
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Simple ARP.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org/shibboleth-idp/AA"
+ resolverConfig="$IDP_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+ providerId="urn:x-shibtest:IdP"
+ passThruErrors="true">
+
+ <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$IDP_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <Logging>
+ <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+ <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+ </Logging>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ type="SharedMemoryShibHandle"
+ handleTTL="1800"/>
+
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <FileResolver Id="test_cred">
+ <Key format="PEM">
+ <Path>$IDP_HOME$/etc/server.key</Path>
+ </Key>
+ <Certificate format="PEM">
+ <Path>$IDP_HOME$/etc/server.crt</Path>
+ </Certificate>
+ </FileResolver>
+ </Credentials>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+ Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+ <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+ <Extensions>
+ <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+ <!-- HEPKI Master Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ <!-- HEPKI Server Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+ </Extensions>
+ <EntityDescriptor entityID="urn:x-shibtest:SP">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="urn:x-shibtest:SP2">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ </EntitiesDescriptor>
+
+</EntitiesDescriptor>
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+ <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
--- /dev/null
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Simple ARP.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org/shibboleth-idp/AA"
+ resolverConfig="$IDP_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+ providerId="urn:x-shibtest:IdP">
+
+ <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred" signAssertions="true">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$IDP_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <Logging>
+ <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+ <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+ </Logging>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ type="Principal"
+ handleTTL="1800"/>
+
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <FileResolver Id="test_cred">
+ <Key format="PEM">
+ <Path>$IDP_HOME$/etc/server.key</Path>
+ </Key>
+ <Certificate format="PEM">
+ <Path>$IDP_HOME$/etc/server.crt</Path>
+ </Certificate>
+ </FileResolver>
+ </Credentials>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+ Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+ <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+ <Extensions>
+ <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+ <!-- HEPKI Master Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ <!-- HEPKI Server Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+ </Extensions>
+ <EntityDescriptor entityID="urn:x-shibtest:SP">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="0" isDefault="true"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/POST"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="urn:x-shibtest:SP2">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ </EntitiesDescriptor>
+
+</EntitiesDescriptor>
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+ <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
--- /dev/null
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Simple ARP.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org/shibboleth-idp/AA"
+ resolverConfig="$IDP_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+ providerId="urn:x-shibtest:IdP">
+
+ <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$IDP_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <Logging>
+ <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+ <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+ </Logging>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ type="Principal"
+ handleTTL="1800"/>
+
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <FileResolver Id="test_cred">
+ <Key format="PEM">
+ <Path>$IDP_HOME$/etc/server.key</Path>
+ </Key>
+ <Certificate format="PEM">
+ <Path>$IDP_HOME$/etc/server.crt</Path>
+ </Certificate>
+ </FileResolver>
+ </Credentials>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+ Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+ <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+ <Extensions>
+ <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+ <!-- HEPKI Master Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ <!-- HEPKI Server Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+ </Extensions>
+ <EntityDescriptor entityID="urn:x-shibtest:SP">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="0" isDefault="true"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/POST"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="urn:x-shibtest:SP2">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ </EntitiesDescriptor>
+
+</EntitiesDescriptor>
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+ <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
--- /dev/null
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Simple ARP.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org/shibboleth-idp/AA"
+ resolverConfig="$IDP_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+ providerId="urn:x-shibtest:IdP">
+
+ <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty>
+
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$IDP_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <Logging>
+ <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+ <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+ </Logging>
+
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ type="Principal"
+ handleTTL="1800"/>
+
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <FileResolver Id="test_cred">
+ <Key format="PEM">
+ <Path>$IDP_HOME$/etc/server.key</Path>
+ </Key>
+ <Certificate format="PEM">
+ <Path>$IDP_HOME$/etc/server.crt</Path>
+ </Certificate>
+ </FileResolver>
+ </Credentials>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+ Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+ <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+ <Extensions>
+ <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+ <!-- HEPKI Master Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ <!-- HEPKI Server Test CA -->
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+ </Extensions>
+ <EntityDescriptor entityID="urn:x-shibtest:SP">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="urn:x-shibtest:SP2">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>sp.example.org</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+ Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+ </SPSSODescriptor>
+ </EntityDescriptor>
+ </EntitiesDescriptor>
+
+</EntitiesDescriptor>
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+ <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
--- /dev/null
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICkTCCAfqgAwIBAgICBiEwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE1MjgzNVoXDTA5MTEyMTE1MjgzNVowUzEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1wbGUgT3JnYW5pemF0aW9uMQswCQYD
+VQQLEwJJVDEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qK
+boRFjlTineBSOQuMj1RbJEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vv
+vzSsihiioVVa6751PiMCsJG/ATVmgkfigJ4DeaNs7vBvWLqypNU8lhc9q4XTfwID
+AQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQQF
+AAOBgQBqVpKi7Lb/jMJj3m17779sXg3F6tp21A1gyjEpCb/tL3fDMZ/ReG5EBYO4
+/kHRtMxLriPFDBlwZ5mQgectt2r74Hidu1dh0mA8T10RxyK4tJG/gWCZVH/ymQAq
+vNQdVlEPKxZjz0Li0ZW5AuiXEpEdQml0AhPjs9md/ISM8B6iYQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qKboRF
+jlTineBSOQuMj1RbJEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vvvzSs
+ihiioVVa6751PiMCsJG/ATVmgkfigJ4DeaNs7vBvWLqypNU8lhc9q4XTfwIDAQAB
+AoGANcnfgCx/+tl0azFqCar++K1O3x9AV75RvF5okKI3ivqQfNHtR+1/WmaIB4TY
+mKWH/VxM/cP5EIFCUQiHXR8gb3PhHA3LxtqZvlqqnrdWXZtjKGNusu6yfHcXUkkT
+XQsvouAK9siUzEvq8A+SYfqP+qR9T3QoZW5i9GDVFST7K6kCQQD5rtgjmvD9VQZg
+VZUQQsjGwawq5/9yPPUDyoExpZpwS4jn5L3n247IWRUpcRoLaiik3IhGitxP7qPG
+1hT+TuOtAkEA6XA/rlMsD6meDVo2ZV8gPVBtw9WGMrPtWG7E4x/YwuKAyH8f5LI8
+o71uYDZcPtIW7Zo2HRXeYy4UE3efhhsZWwJBAOlFNkAFqTM1tbBZJNw9WPGAzkaD
+27+yPcNd9dgZfTF/EJh+uAIfucVqnP/L4GZbtz9XnqYxY+X18eN57cEumT0CQQDR
+4T0wE9F6p4rWAHUFwXgwCF8YAqNsdL8Bkl3swtZVqeYV3c4kBWhl40wYrudTB/rb
+V5otnlrbGzOrqRLBNR4fAkEA5Z26if1bsAVB1R4xxqzpBnXTr+41fOFoQbKwESM3
+3QUHqNwuH+5f/vM7LVgVuug3lQDgLeewOIPNX3wmo759oQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgICBiIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE2NTMzMloXDTA5MTEyMTE2NTMzMlowRDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAoTCkZvb2JhciBJbmMxCzAJBgNVBAsTAklUMRMw
+EQYDVQQDEwpmb29iYXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDW
+EZpikCoGjpWCTFDUXC1//gMz6BGgW3ONqjlDBXvgosXcRcU8f7Hc8j4q78yfJBKV
++i1wRCTbrkOdMHjNNrmwjU4p3oEymFeefw1s+Vn8fMLWQKN52zvZdk95lNihbfOo
+2a70ikLPELL8SqtSEn7f3vnKaP2RQ+Hlq/wveoR01QIDAQABox0wGzAMBgNVHRMB
+Af8EAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQQFAAOBgQBcKk6PXHjkT+d4
+J0pDKlXGqlZJID6VKUg52l3fDibRONHCpz8QJHTuAsQLkenJxbImnsLWABzzzdGH
+DcoNfFS7IXBBgfksU3U3nuRaMHIjg4+AiiVF2yZfGYcmnTKuHnQl8ls3kLqCb61M
+9ENNsDYAr/Ul05DYwGxtmNkGrDEPKQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfmgAwIBAgICBh8wDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE0MzUwNloXDTA5MTEyMTE0MzUwNlowUjEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1wbGUgT3JnYW5pemF0aW9uMQswCQYD
+VQQLEwJJVDEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBANzKJIVSIoAquSD7e7eGT6UASWjliLSxhkNrJT1Vzu3cwNKG
+Cd0MjVPnYYlNgm/HPeopqaKAhW+1aKyBbYp+sPEbIntkhR8QwBP3BGTP1NJtaXMF
+teiCnuiJMntdf9DzGq4nkkIWc6/I+tuZw5m3uh2zavIebi+xINWbiu+CUTGVAgMB
+AAGjHTAbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUA
+A4GBAAZAqvnaIsl4OjpB9VV3hgnffuc3GaN3BfhaYAZ7Z4FqW8iLtkcCQs+bCK8c
+hv1yoBIR0UmWITmvXSxi8bf6QD2bq3MF6QjeFqJqif64VGuNiOsPXIZmE8oDYisE
+wqTR9R21TvkYBEVxxNgL3fJ6BtlIF71MJ8CTeqSLTeYmpjKo
+-----END CERTIFICATE-----
--- /dev/null
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.shire" ResponseID="[^"]+">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+ <ds:Reference URI="[^"]+">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+ </ds:Transform>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+ <ds:DigestValue>[^<]+</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>[^<]+</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>[^<]+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_18ff9b77e8a5feef1d1239af71df1b45" IssueInstant="2005-10-13T16:24:58.660Z" Issuer="idp.example.org" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="2005-10-13T16:24:58.642Z"
+ NotOnOrAfter="2005-10-13T16:29:58.642Z">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="2005-10-13T16:24:58.625Z"AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+ <AuthorityBinding AuthorityKind="samlp:AttributeQuery"
+ Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+ Location="https://idp.example.org/shibboleth-idp/AA">
+ </AuthorityBinding>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>
--- /dev/null
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2005-10-13T16:24:58.681Z" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.shire" ResponseID="_640936b5e6df0ef8db1e431678d8f5e4"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+<ds:Reference URI="#_640936b5e6df0ef8db1e431678d8f5e4">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+<ds:DigestValue>PviaPVKzu1/GWbTEj84e2EQAquA=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>
+Qnd3QqoEAlrzRfCGKillBiOEcX7GykFyrlf20ftG7BgEXszkkIAxY08l8QZT5WqlZCC38b+qr8Hr
+22nw6b8D8GXqnJikya9Oqr/f39nGtjprnfRnPaQ/f2OlSO6UIbzn9zml5Vkzu5D/qLA1qOVAu6aE
+3pALQAZKrSYQJ87G2Yc=
+</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>
+MIICkTCCAfqgAwIBAgICBiEwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVTMRIwEAYDVQQI
+EwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lz
+Y29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYD
+VQQDExxIRVBLSSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE1MjgzNVoXDTA5MTEy
+MTE1MjgzNVowUzELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1wbGUgT3JnYW5pemF0aW9uMQsw
+CQYDVQQLEwJJVDEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qKboRFjlTineBSOQuMj1Rb
+JEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vvvzSsihiioVVa6751PiMCsJG/ATVmgkfi
+gJ4DeaNs7vBvWLqypNU8lhc9q4XTfwIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
+oDANBgkqhkiG9w0BAQQFAAOBgQBqVpKi7Lb/jMJj3m17779sXg3F6tp21A1gyjEpCb/tL3fDMZ/R
+eG5EBYO4/kHRtMxLriPFDBlwZ5mQgectt2r74Hidu1dh0mA8T10RxyK4tJG/gWCZVH/ymQAqvNQd
+VlEPKxZjz0Li0ZW5AuiXEpEdQml0AhPjs9md/ISM8B6iYQ==
+</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_18ff9b77e8a5feef1d1239af71df1b45" IssueInstant="2005-10-13T16:24:58.660Z" Issuer="idp.example.org" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2005-10-13T16:24:58.642Z" NotOnOrAfter="2005-10-13T16:29:58.642Z"><AudienceRestrictionCondition><Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant="2005-10-13T16:24:58.625Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality IPAddress="127.0.0.1"></SubjectLocality><AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.org/shibboleth-idp/AA"></AuthorityBinding></AuthenticationStatement></Assertion></Response>
+
--- /dev/null
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.sso/SAML/POST" ResponseID="[^"]+">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+ <ds:Reference URI="[^"]+">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+ </ds:Transform>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+ <ds:DigestValue>[^<]+</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>[^<]+</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>[^<]+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP</Audience>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="[^"]+" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>
--- /dev/null
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.shire" ResponseID="[^"]+">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+ <ds:Reference URI="[^"]+">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+ </ds:Transform>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+ <ds:DigestValue>[^<]+</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>[^<]+</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>[^<]+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="idp.example.org" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="[^"]+" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+ <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.org/shibboleth-idp/AA"></AuthorityBinding>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>
--- /dev/null
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.sso/SAML/POST" ResponseID="[^"]+">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+ <ds:Reference URI="[^"]+">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+ </ds:Transform>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+ <ds:DigestValue>[^<]+</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>[^<]+</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>[^<]+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"></StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+ <AudienceRestrictionCondition>
+ <Audience>urn:x-shibtest:SP</Audience>
+ <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="[^"]+" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+ <Subject>
+ <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+ </AuthenticationStatement>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+ <ds:Reference URI="[^"]+">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+ </ds:Transform>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+ <ds:DigestValue>[^<]+</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>[^<]+</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>[^<]+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </Assertion>
+</Response>
return getIdPConfig(getIdPConfigFile(context));
}
+
+ protected static void reset() {
+ idpConfig = null;
+ idpConfigFile = null;
+ }
}
--- /dev/null
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.idp;
+
+import java.io.File;
+
+import edu.internet2.middleware.shibboleth.utils.FileUtils;
+import edu.internet2.middleware.shibboleth.utils.MockObjectUtils;
+
+/**
+ * MockObject unit tests for Shibboleth IdP Attribute Authority component
+ *
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class AATest extends IdpTestCase {
+
+ /**
+ * Initialize request object with default client SSL certificate
+ *
+ * @param requestFilename
+ * path to file containing HTTP body for request
+ * @throws Exception
+ */
+ private void initRequest(String requestFilename) throws Exception {
+ initRequest(requestFilename, "data/idp/blackbox/sp.crt");
+ }
+
+ /**
+ * Initialize request object with given client SSL certificate
+ *
+ * @param requestFilename
+ * path to file containing HTTP body for request
+ * @param certFilename
+ * path to file containing client SSL certificate
+ * @throws Exception
+ */
+ private void initRequest(String requestFilename, String certFilename)
+ throws Exception {
+ File requestFile = new File(requestFilename);
+
+ request.setRemoteAddr("127.0.0.1");
+ request.setContextPath("/shibboleth-idp");
+ request.setProtocol("HTTP/1.1");
+ request.setScheme("https");
+ request.setServerName("idp.example.org");
+ request.setServerPort(443);
+
+ request.setMethod("POST");
+ request.setRequestURL("https://idp.example.org/shibboleth-idp/AA");
+ request.setRequestURI("https://idp.example.org/shibboleth-idp/AA");
+ request.setContentType("text/xml");
+ request.setHeader("SOAPAction",
+ "http://www.oasis-open.org/committees/security");
+ request.setContentLength(new Long(requestFile.length()).intValue());
+
+ request
+ .setBodyContent(FileUtils
+ .readFileToString(requestFile, "utf-8"));
+ MockObjectUtils.setClientCert(request, certFilename);
+ }
+
+ /**
+ * Basic working Attribute Query
+ *
+ * @throws Exception
+ */
+ public void testBasicAttrQuery() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+ initRequest("data/idp/blackbox/aa/request01.txt");
+
+ testModule.doPost();
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/aa/response01.txt"), "utf-8"), response
+ .getOutputStreamContent()));
+ }
+
+ /**
+ * Basic Working 1.1 Attribute Query
+ *
+ * @throws Exception
+ */
+ public void testBasic11AttrQuery() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+ initRequest("data/idp/blackbox/aa/request02.txt");
+
+ testModule.doPost();
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/aa/response02.txt"), "utf-8"), response
+ .getOutputStreamContent()));
+ }
+
+ /**
+ * Attribute Query with invalid client credentials
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithInvalidCred() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+ initRequest("data/idp/blackbox/aa/request01.txt",
+ "data/idp/blackbox/sp-bad.crt");
+
+ testModule.doPost();
+
+ assertEquals("Invalid credentials for request.", MockObjectUtils
+ .getSamlStatusMessage(response));
+ }
+
+ /**
+ * Attribute Query with default relying party
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithDefaultRelyingParty() throws Exception {
+ resetServlet("data/idp/blackbox/conf/SPRelyingParty");
+ initRequest("data/idp/blackbox/aa/request01.txt");
+
+ testModule.doPost();
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/aa/response01.txt"), "utf-8"), response
+ .getOutputStreamContent()));
+ }
+
+ /**
+ * Attribute Query with SP matched relying party
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithSpMatchedRelyingParty() throws Exception {
+ resetServlet("data/idp/blackbox/conf/SPRelyingParty");
+ initRequest("data/idp/blackbox/aa/request03.txt");
+
+ testModule.doPost();
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/aa/response03.txt"), "utf-8"), response
+ .getOutputStreamContent()));
+ }
+
+ /**
+ * Attribute Query with group matched relying party
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithGroupMatchedRelyingParty() throws Exception {
+ resetServlet("data/idp/blackbox/conf/groupRelyingParty");
+ initRequest("data/idp/blackbox/aa/request04.txt");
+
+ testModule.doPost();
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/aa/response04.txt"), "utf-8"), response
+ .getOutputStreamContent()));
+ }
+
+ /**
+ * Attribute Query with error pass thru
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithErrorPassThru() throws Exception {
+ resetServlet("data/idp/blackbox/conf/passThruErrors");
+ initRequest("data/idp/blackbox/aa/request05.txt");
+
+ testModule.doPost();
+
+ assertEquals(
+ "General error processing request. (wrapped: Name Identifier format not registered.)",
+ MockObjectUtils.getSamlStatusMessage(response));
+ }
+
+ /**
+ * Attribute Query with attribute designators. Instead of the IdP returning
+ * all attributes allowed for the requesting SP, the SP specifies
+ * specifically which attributes it wants.
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithAttrDesignators() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+ initRequest("data/idp/blackbox/aa/request06.txt");
+
+ testModule.doPost();
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/aa/response06.txt"), "utf-8"), response
+ .getOutputStreamContent()));
+ }
+
+ /**
+ * Attribute Query with unknown name identifier type
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithUnknownNameIdentifierType() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+ initRequest("data/idp/blackbox/aa/request05.txt");
+
+ testModule.doPost();
+
+ assertEquals("General error processing request.", MockObjectUtils
+ .getSamlStatusMessage(response));
+ }
+
+ /**
+ * Attribute Query with incorrect name identifier
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithIncorrectNameIdentifier() throws Exception {
+ resetServlet("data/idp/blackbox/conf/groupRelyingParty");
+ initRequest("data/idp/blackbox/aa/request07.txt");
+
+ testModule.doPost();
+
+ assertEquals("General error processing request.", MockObjectUtils
+ .getSamlStatusMessage(response));
+ }
+
+ /**
+ * Attribute Query with signed assertions
+ *
+ * @throws Exception
+ */
+ public void testAttrQueryWithSignedAssertions() throws Exception {
+ resetServlet("data/idp/blackbox/conf/signAssertions");
+ initRequest("data/idp/blackbox/aa/request01.txt");
+
+ testModule.doPost();
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/aa/response08.txt"), "utf-8"), response
+ .getOutputStreamContent()));
+ }
+}
--- /dev/null
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.idp;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+
+import com.mockrunner.mock.web.MockFilterConfig;
+import com.mockrunner.mock.web.MockHttpServletRequest;
+import com.mockrunner.mock.web.MockHttpServletResponse;
+import com.mockrunner.mock.web.MockServletContext;
+import com.mockrunner.mock.web.WebMockObjectFactory;
+import com.mockrunner.servlet.ServletTestModule;
+
+import edu.internet2.middleware.shibboleth.utils.FileUtils;
+
+/**
+ * Base class for Shibboleth IdP MockObject unit tests.
+ *
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public abstract class IdpTestCase extends TestCase {
+
+ // The Factory creates the Request, Response, Session, etc.
+ WebMockObjectFactory factory = new WebMockObjectFactory();
+
+ // The TestModule runs the Servlet and Filter methods in the simulated
+ // container
+ ServletTestModule testModule = new ServletTestModule(factory);
+
+ // Now simulated Servlet API objects
+ MockServletContext servletContext = factory.getMockServletContext();
+
+ MockFilterConfig filterConfig = factory.getMockFilterConfig();
+
+ MockHttpServletResponse response = factory.getMockResponse();
+
+ MockHttpServletRequest request = factory.getMockRequest();
+
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ // ServletContext (argument to Filters and Servlets)
+ servletContext.setServletContextName("Shibboleth Test Context");
+ servletContext.setInitParameter("IdPConfigFile", new File(tmpIdpHome()
+ + "/etc/idp.xml").toURL().toString());
+ // testModule.setServlet(sso);
+ }
+
+ /**
+ * Start the IdP servlet using the given config directory and reset request
+ * and response objects
+ *
+ * @param configDir
+ * this directory will be copied to IDP_HOME/etc
+ * @throws IOException
+ */
+ void resetServlet(String configDir) throws IOException {
+ // setup config directory and initialize servlet
+ prepareConfigDir(new File(configDir));
+ IdPConfigLoader.reset();
+ testModule.createServlet(IdPResponder.class);
+
+ // reset request and response objects
+ request.clearAttributes();
+ request.clearParameters();
+ response.reset();
+ }
+
+ /**
+ * Copy configDir to IDP_HOME/etc. Any instances of the string "$IDP_HOME$"
+ * in the file idp.xml will be replaced with the current IdP home directory
+ *
+ * @param configDir
+ * @throws IOException
+ */
+ private void prepareConfigDir(File configDir) throws IOException {
+ try {
+ FileUtils.forceDelete(new File(tmpIdpHome() + "/etc"));
+ } catch (FileNotFoundException fnf) {
+ // directory doesn't exist... no big deal
+ }
+
+ FileUtils.copyDirectory(configDir, new File(tmpIdpHome() + "/etc"));
+ new File(tmpIdpHome() + "/logs").mkdir();
+
+ FileUtils.replaceString(new File(tmpIdpHome() + "/etc/idp.xml"),
+ "\\$IDP_HOME\\$", new File(tmpIdpHome()).toURL().toString());
+ }
+
+ /**
+ * Get a temporary directory to be used as IDP_HOME during testing.
+ *
+ * @return
+ */
+ private String tmpIdpHome() {
+ // TODO: ideally this should check for a TMP environment variable, or at
+ // least return a platform appropriate directory. Fortunately, /tmp is
+ // properly converted to C:\tmp in Windows,
+ // so the following should still work across platforms
+ return "/tmp/shibboleth-idp";
+ }
+
+ /**
+ * Test two SAML response bodies for equality. Because many items in a SAML
+ * response are generated at runtime (such as ResponseID, IssueInstant,
+ * etc), an exact string match is not possible. To handle this, the expected
+ * string should be a regular expression which will be used to match against
+ * the received string. Any extra whitespace and any whitespace between XML
+ * tags will be ignored.
+ *
+ * @param expected
+ * regular expression used to match against the received string
+ * @param received
+ * HTTP body of received response
+ * @return
+ */
+ boolean responsesAreEqual(String expected, String received) {
+ // ignore extra whitespace
+ String exp = expected.replaceAll("\\s+", " ");
+ String rec = received.replaceAll("\\s+", " ");
+
+ // ignore whitespace between tags
+ exp = exp.replaceAll("\\s*(>|<)\\s*", "$1");
+ rec = rec.replaceAll("\\s*(>|<)\\s*", "$1");
+
+ // System.out.println("exp = " + exp);
+ // System.out.println("rec = " + rec);
+
+ return rec.matches(exp);
+ }
+
+}
--- /dev/null
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.idp;
+
+import java.io.File;
+
+import org.apache.commons.codec.binary.Base64;
+
+import edu.internet2.middleware.shibboleth.utils.FileUtils;
+
+/**
+ * MockObject unit tests for Shibboleth IdP Single Sign On component
+ *
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class SSOTest extends IdpTestCase {
+
+ /**
+ * Initialize SSO request object
+ */
+ private void initRequest() {
+ request.setRemoteAddr("127.0.0.1");
+ request.setContextPath("/shibboleth-idp");
+ request.setProtocol("HTTP/1.1");
+ request.setScheme("https");
+ request.setServerName("idp.example.org");
+ request.setServerPort(443);
+
+ request.setMethod("GET");
+ request.setRequestURL("https://idp.example.org/shibboleth-idp/SSO");
+ request.setRequestURI("https://idp.example.org/shibboleth-idp/SSO");
+ }
+
+ /**
+ * Basic working SSO flow using Artifact
+ *
+ * @throws Exception
+ */
+ public void testBasicSsoArtifactFlow() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+
+ initRequest();
+ request.setupAddParameter("target",
+ "https://sp.example.org/cgi-bin/login.cgi");
+ request.setupAddParameter("shire",
+ "https://sp.example.org/Shibboleth.sso/SAML/Artifact");
+ request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+ request.setRemoteUser("gpburdell");
+
+ testModule.doGet();
+
+ assertTrue(response
+ .getHeader("Location")
+ .matches(
+ "https://sp.example.org/Shibboleth.sso/SAML/Artifact?.*"
+ + "TARGET=https%3A%2F%2Fsp.example.org%2Fcgi-bin%2Flogin.cgi"
+ + "&SAMLart=[^&]+" + "&SAMLart=[^&]+"));
+ }
+
+ /**
+ * Basic working SSO flow using POST
+ *
+ * @throws Exception
+ */
+ public void testBasicSsoPostFlow() throws Exception {
+ resetServlet("data/idp/blackbox/conf/ssoPost");
+
+ initRequest();
+ request.setupAddParameter("target",
+ "https://sp.example.org/cgi-bin/login.cgi");
+ request.setupAddParameter("shire",
+ "https://sp.example.org/Shibboleth.sso/SAML/POST");
+ request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+ request.setRemoteUser("gpburdell");
+
+ testModule.doGet();
+
+ String bin64assertion = (String) request.getAttribute("assertion");
+ String assertion = new String(Base64.decodeBase64(bin64assertion
+ .getBytes()));
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/sso/response01.txt"), "utf-8"), assertion));
+ }
+
+ /**
+ * Basic working 1.1 SSO flow
+ *
+ * @throws Exception
+ */
+ public void testBasic11SsoFlow() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+
+ initRequest();
+ request.setupAddParameter("target",
+ "https://sp.example.org/cgi-bin/login.cgi");
+ request.setupAddParameter("shire",
+ "https://sp.example.org/Shibboleth.shire");
+ request.setRemoteUser("gpburdell");
+
+ testModule.doGet();
+
+ String bin64assertion = (String) request.getAttribute("assertion");
+ String assertion = new String(Base64.decodeBase64(bin64assertion
+ .getBytes()));
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/sso/response02.txt"), "utf-8"), assertion));
+ }
+
+ /**
+ * SSO flow with invalid SP Acceptance URL
+ *
+ * @throws Exception
+ */
+ public void testSsoFlowWithInvalidSpAcceptanceUrl() throws Exception {
+ resetServlet("data/idp/blackbox/conf/standard");
+
+ initRequest();
+ request.setupAddParameter("target",
+ "https://sp.example.org/cgi-bin/login.cgi");
+ request.setupAddParameter("shire",
+ "https://invalid.edu/Shibboleth.sso/SAML/Artifact");
+ request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+ request.setRemoteUser("gpburdell");
+
+ testModule.doGet();
+
+ assertEquals(
+ "org.opensaml.SAMLException: Invalid assertion consumer service URL.",
+ request.getAttribute("errorText"));
+ }
+
+ /**
+ * SSO flow with signed assertions
+ *
+ * @throws Exception
+ */
+ public void testSsoFlowWithSignedAssertions() throws Exception {
+ resetServlet("data/idp/blackbox/conf/signAssertions");
+
+ initRequest();
+ request.setupAddParameter("target",
+ "https://sp.example.org/cgi-bin/login.cgi");
+ request.setupAddParameter("shire",
+ "https://sp.example.org/Shibboleth.sso/SAML/POST");
+ request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+ request.setRemoteUser("gpburdell");
+
+ testModule.doGet();
+
+ String bin64assertion = (String) request.getAttribute("assertion");
+ String assertion = new String(Base64.decodeBase64(bin64assertion
+ .getBytes()));
+
+ assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+ "data/idp/blackbox/sso/response03.txt"), "utf-8"), assertion));
+ }
+
+}
--- /dev/null
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.utils;
+
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * File manipulation utilities, extended from Jakarta's commons-io
+ *
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class FileUtils extends org.apache.commons.io.FileUtils {
+
+ /**
+ * Replace all instances of <i>token</i> with <i>value</i> in the given
+ * File
+ *
+ * @param file
+ * @param token
+ * regular expression to match and replace
+ * @param value
+ * string to replace token with
+ * @throws IOException
+ */
+ public static void replaceString(File file, String token, String value)
+ throws IOException {
+ String contents = FileUtils.readFileToString(file, "utf-8");
+ contents = contents.replaceAll(token, value);
+ FileUtils.writeStringToFile(file, contents, "utf-8");
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.utils;
+
+import java.io.FileInputStream;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import com.mockrunner.mock.web.MockHttpServletRequest;
+import com.mockrunner.mock.web.MockHttpServletResponse;
+
+/**
+ * Assorted convenience methods for working with MockRunner
+ *
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class MockObjectUtils {
+
+ /**
+ * Set the client SSL certificate for the given request object
+ *
+ * @param request
+ * @param certFile
+ * path to client SSL certificate
+ * @throws Exception
+ */
+ public static void setClientCert(MockHttpServletRequest request,
+ String certFile) throws Exception {
+ FileInputStream fis = new FileInputStream(certFile);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Collection c = cf.generateCertificates(fis);
+
+ X509Certificate[] certs = new X509Certificate[c.size()];
+ certs = (X509Certificate[]) c.toArray(certs);
+
+ request.setAttribute("javax.servlet.request.X509Certificate", certs);
+ }
+
+ /**
+ * Get SAML status message from the given response object
+ *
+ * @param response
+ * @return
+ */
+ public static String getSamlStatusMessage(MockHttpServletResponse response) {
+ Pattern p = Pattern.compile("<StatusMessage>([^<]*)</StatusMessage>");
+ Matcher m = p.matcher(response.getOutputStreamContent());
+ if (m.find()) {
+ return m.group(1);
+ } else {
+ return null;
+ }
+ }
+}