Imported Will's automated blackbox IdP tests. Hooray!
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 14 Oct 2005 19:20:05 +0000 (19:20 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 14 Oct 2005 19:20:05 +0000 (19:20 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1881 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

77 files changed:
.classpath
data/idp/blackbox/aa/request01.txt [new file with mode: 0644]
data/idp/blackbox/aa/request02.txt [new file with mode: 0644]
data/idp/blackbox/aa/request03.txt [new file with mode: 0644]
data/idp/blackbox/aa/request04.txt [new file with mode: 0644]
data/idp/blackbox/aa/request05.txt [new file with mode: 0644]
data/idp/blackbox/aa/request06.txt [new file with mode: 0644]
data/idp/blackbox/aa/request07.txt [new file with mode: 0644]
data/idp/blackbox/aa/response01.txt [new file with mode: 0644]
data/idp/blackbox/aa/response02.txt [new file with mode: 0644]
data/idp/blackbox/aa/response03.txt [new file with mode: 0644]
data/idp/blackbox/aa/response04.txt [new file with mode: 0644]
data/idp/blackbox/aa/response06.txt [new file with mode: 0644]
data/idp/blackbox/aa/response08.txt [new file with mode: 0644]
data/idp/blackbox/conf/SPRelyingParty/arps/arp.site.xml [new file with mode: 0644]
data/idp/blackbox/conf/SPRelyingParty/idp.xml [new file with mode: 0644]
data/idp/blackbox/conf/SPRelyingParty/metadata.xml [new file with mode: 0644]
data/idp/blackbox/conf/SPRelyingParty/resolver.xml [new file with mode: 0644]
data/idp/blackbox/conf/SPRelyingParty/schemas.properties [new file with mode: 0644]
data/idp/blackbox/conf/SPRelyingParty/server.crt [new file with mode: 0644]
data/idp/blackbox/conf/SPRelyingParty/server.key [new file with mode: 0644]
data/idp/blackbox/conf/groupRelyingParty/arps/arp.site.xml [new file with mode: 0644]
data/idp/blackbox/conf/groupRelyingParty/idp.xml [new file with mode: 0644]
data/idp/blackbox/conf/groupRelyingParty/metadata.xml [new file with mode: 0644]
data/idp/blackbox/conf/groupRelyingParty/resolver.xml [new file with mode: 0644]
data/idp/blackbox/conf/groupRelyingParty/schemas.properties [new file with mode: 0644]
data/idp/blackbox/conf/groupRelyingParty/server.crt [new file with mode: 0644]
data/idp/blackbox/conf/groupRelyingParty/server.key [new file with mode: 0644]
data/idp/blackbox/conf/multipleNameMappers/arps/arp.site.xml [new file with mode: 0644]
data/idp/blackbox/conf/multipleNameMappers/idp.xml [new file with mode: 0644]
data/idp/blackbox/conf/multipleNameMappers/metadata.xml [new file with mode: 0644]
data/idp/blackbox/conf/multipleNameMappers/resolver.xml [new file with mode: 0644]
data/idp/blackbox/conf/multipleNameMappers/schemas.properties [new file with mode: 0644]
data/idp/blackbox/conf/multipleNameMappers/server.crt [new file with mode: 0644]
data/idp/blackbox/conf/multipleNameMappers/server.key [new file with mode: 0644]
data/idp/blackbox/conf/passThruErrors/arps/arp.site.xml [new file with mode: 0644]
data/idp/blackbox/conf/passThruErrors/idp.xml [new file with mode: 0644]
data/idp/blackbox/conf/passThruErrors/metadata.xml [new file with mode: 0644]
data/idp/blackbox/conf/passThruErrors/resolver.xml [new file with mode: 0644]
data/idp/blackbox/conf/passThruErrors/schemas.properties [new file with mode: 0644]
data/idp/blackbox/conf/passThruErrors/server.crt [new file with mode: 0644]
data/idp/blackbox/conf/passThruErrors/server.key [new file with mode: 0644]
data/idp/blackbox/conf/signAssertions/arps/arp.site.xml [new file with mode: 0644]
data/idp/blackbox/conf/signAssertions/idp.xml [new file with mode: 0644]
data/idp/blackbox/conf/signAssertions/metadata.xml [new file with mode: 0644]
data/idp/blackbox/conf/signAssertions/resolver.xml [new file with mode: 0644]
data/idp/blackbox/conf/signAssertions/schemas.properties [new file with mode: 0644]
data/idp/blackbox/conf/signAssertions/server.crt [new file with mode: 0644]
data/idp/blackbox/conf/signAssertions/server.key [new file with mode: 0644]
data/idp/blackbox/conf/ssoPost/arps/arp.site.xml [new file with mode: 0644]
data/idp/blackbox/conf/ssoPost/idp.xml [new file with mode: 0644]
data/idp/blackbox/conf/ssoPost/metadata.xml [new file with mode: 0644]
data/idp/blackbox/conf/ssoPost/resolver.xml [new file with mode: 0644]
data/idp/blackbox/conf/ssoPost/schemas.properties [new file with mode: 0644]
data/idp/blackbox/conf/ssoPost/server.crt [new file with mode: 0644]
data/idp/blackbox/conf/ssoPost/server.key [new file with mode: 0644]
data/idp/blackbox/conf/standard/arps/arp.site.xml [new file with mode: 0644]
data/idp/blackbox/conf/standard/idp.xml [new file with mode: 0644]
data/idp/blackbox/conf/standard/metadata.xml [new file with mode: 0644]
data/idp/blackbox/conf/standard/resolver.xml [new file with mode: 0644]
data/idp/blackbox/conf/standard/schemas.properties [new file with mode: 0644]
data/idp/blackbox/conf/standard/server.crt [new file with mode: 0644]
data/idp/blackbox/conf/standard/server.key [new file with mode: 0644]
data/idp/blackbox/sp-bad.crt [new file with mode: 0644]
data/idp/blackbox/sp.crt [new file with mode: 0644]
data/idp/blackbox/sso/response [new file with mode: 0644]
data/idp/blackbox/sso/response.txt [new file with mode: 0644]
data/idp/blackbox/sso/response01.txt [new file with mode: 0644]
data/idp/blackbox/sso/response02.txt [new file with mode: 0644]
data/idp/blackbox/sso/response03.txt [new file with mode: 0644]
lib/commons-io-1.1.jar [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/idp/IdPConfigLoader.java
tests/edu/internet2/middleware/shibboleth/idp/AATest.java [new file with mode: 0644]
tests/edu/internet2/middleware/shibboleth/idp/IdpTestCase.java [new file with mode: 0644]
tests/edu/internet2/middleware/shibboleth/idp/SSOTest.java [new file with mode: 0644]
tests/edu/internet2/middleware/shibboleth/utils/FileUtils.java [new file with mode: 0644]
tests/edu/internet2/middleware/shibboleth/utils/MockObjectUtils.java [new file with mode: 0644]

index e0f18ad..4d173ac 100644 (file)
@@ -31,5 +31,6 @@
        <classpathentry kind="lib" path="testlib/mockrunner-servlet.jar"/>
        <classpathentry kind="lib" path="testlib/nekohtml.jar"/>
        <classpathentry kind="lib" path="webApplication/WEB-INF/lib/commons-codec-1.3.jar"/>
+       <classpathentry kind="lib" path="lib/commons-io-1.1.jar"/>
        <classpathentry kind="output" path="webApplication/WEB-INF/classes"/>
 </classpath>
diff --git a/data/idp/blackbox/aa/request01.txt b/data/idp/blackbox/aa/request01.txt
new file mode 100644 (file)
index 0000000..3188b37
--- /dev/null
@@ -0,0 +1,9 @@
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+    <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+        <AttributeQuery Resource="urn:x-shibtest:SP">
+            <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+            </Subject>
+        </AttributeQuery>
+    </Request>
+</Body></Envelope>
diff --git a/data/idp/blackbox/aa/request02.txt b/data/idp/blackbox/aa/request02.txt
new file mode 100644 (file)
index 0000000..5416552
--- /dev/null
@@ -0,0 +1,12 @@
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+    <Request IssueInstant="2005-03-01T15:58:17Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+        <AttributeQuery Resource="urn:x-shibtest:SP">
+            <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+                <SubjectConfirmation>
+                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+                </SubjectConfirmation>
+            </Subject>
+        </AttributeQuery>
+    </Request>
+</Body></Envelope>
diff --git a/data/idp/blackbox/aa/request03.txt b/data/idp/blackbox/aa/request03.txt
new file mode 100644 (file)
index 0000000..11bbfc5
--- /dev/null
@@ -0,0 +1,9 @@
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+    <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+        <AttributeQuery Resource="urn:x-shibtest:SP2">
+            <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+            </Subject>
+        </AttributeQuery>
+    </Request>
+</Body></Envelope>
diff --git a/data/idp/blackbox/aa/request04.txt b/data/idp/blackbox/aa/request04.txt
new file mode 100644 (file)
index 0000000..3188b37
--- /dev/null
@@ -0,0 +1,9 @@
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+    <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+        <AttributeQuery Resource="urn:x-shibtest:SP">
+            <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+            </Subject>
+        </AttributeQuery>
+    </Request>
+</Body></Envelope>
diff --git a/data/idp/blackbox/aa/request05.txt b/data/idp/blackbox/aa/request05.txt
new file mode 100644 (file)
index 0000000..79ad167
--- /dev/null
@@ -0,0 +1,9 @@
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+    <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+        <AttributeQuery Resource="urn:x-shibtest:SP">
+            <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+                <NameIdentifier Format="urn:mace:shibboleth:test:unknownNameIdentifier" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+            </Subject>
+        </AttributeQuery>
+    </Request>
+</Body></Envelope>
diff --git a/data/idp/blackbox/aa/request06.txt b/data/idp/blackbox/aa/request06.txt
new file mode 100644 (file)
index 0000000..da7f9aa
--- /dev/null
@@ -0,0 +1,11 @@
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+    <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+        <AttributeQuery Resource="urn:x-shibtest:SP">
+            <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+            </Subject>
+            <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="bar" />
+            <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="bar" />
+        </AttributeQuery>
+    </Request>
+</Body></Envelope>
diff --git a/data/idp/blackbox/aa/request07.txt b/data/idp/blackbox/aa/request07.txt
new file mode 100644 (file)
index 0000000..4f79100
--- /dev/null
@@ -0,0 +1,9 @@
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>
+    <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-07-30T18:43:23Z" MajorVersion="1" MinorVersion="1" RequestID="d206a5ba1d50c3afd855dea0b0106cb6" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
+        <AttributeQuery Resource="urn:x-shibtest:SP">
+            <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+                <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+            </Subject>
+        </AttributeQuery>
+    </Request>
+</Body></Envelope>
diff --git a/data/idp/blackbox/aa/response01.txt b/data/idp/blackbox/aa/response01.txt
new file mode 100644 (file)
index 0000000..85b76d9
--- /dev/null
@@ -0,0 +1,32 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+        <Status>
+            <StatusCode Value="samlp:Success"></StatusCode>
+        </Status>
+        <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+            <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+                <AudienceRestrictionCondition>
+                    <Audience>urn:x-shibtest:SP</Audience>
+                    <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+                </AudienceRestrictionCondition>
+            </Conditions>
+            <AttributeStatement>
+                <Subject>
+                    <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+                </Subject>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue Scope="example.org">member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>test-handle</AttributeValue>
+                </Attribute>
+            </AttributeStatement>
+        </Assertion>
+    </Response>
+</soap:Body></soap:Envelope>
diff --git a/data/idp/blackbox/aa/response02.txt b/data/idp/blackbox/aa/response02.txt
new file mode 100644 (file)
index 0000000..89237c2
--- /dev/null
@@ -0,0 +1,35 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+        <Status>
+            <StatusCode Value="samlp:Success"></StatusCode>
+        </Status>
+        <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+            <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+                <AudienceRestrictionCondition>
+                    <Audience>urn:x-shibtest:SP</Audience>
+                    <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+                </AudienceRestrictionCondition>
+            </Conditions>
+            <AttributeStatement>
+                <Subject>
+                    <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+                    <SubjectConfirmation>
+                        <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+                    </SubjectConfirmation>
+                </Subject>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue Scope="example.org">member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>test-handle</AttributeValue>
+                </Attribute>
+            </AttributeStatement>
+        </Assertion>
+    </Response>
+</soap:Body></soap:Envelope>
diff --git a/data/idp/blackbox/aa/response03.txt b/data/idp/blackbox/aa/response03.txt
new file mode 100644 (file)
index 0000000..addd7f2
--- /dev/null
@@ -0,0 +1,31 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+        <Status>
+            <StatusCode Value="samlp:Success"></StatusCode>
+        </Status>
+        <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+            <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+                <AudienceRestrictionCondition>
+                    <Audience>urn:x-shibtest:SP2</Audience>
+                </AudienceRestrictionCondition>
+            </Conditions>
+            <AttributeStatement>
+                <Subject>
+                    <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+                </Subject>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue Scope="example.org">member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>test-handle</AttributeValue>
+                </Attribute>
+            </AttributeStatement>
+        </Assertion>
+    </Response>
+</soap:Body></soap:Envelope>
diff --git a/data/idp/blackbox/aa/response04.txt b/data/idp/blackbox/aa/response04.txt
new file mode 100644 (file)
index 0000000..a2928c1
--- /dev/null
@@ -0,0 +1,27 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+        <Status>
+            <StatusCode Value="samlp:Success"></StatusCode>
+        </Status>
+        <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+            <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+                <AudienceRestrictionCondition>
+                    <Audience>urn:x-shibtest:SP</Audience>
+                    <Audience>urn:x-shibtest:federation</Audience>
+                </AudienceRestrictionCondition>
+            </Conditions>
+            <AttributeStatement>
+                <Subject>
+                    <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">
+                        test-handle
+                    </NameIdentifier>
+                </Subject>
+                <Attribute
+                  AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" 
+                  AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>member</AttributeValue>
+                </Attribute>
+            </AttributeStatement>
+        </Assertion>
+    </Response>
+</soap:Body></soap:Envelope>
diff --git a/data/idp/blackbox/aa/response06.txt b/data/idp/blackbox/aa/response06.txt
new file mode 100644 (file)
index 0000000..0e2938e
--- /dev/null
@@ -0,0 +1,26 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+        <Status>
+            <StatusCode Value="samlp:Success"></StatusCode>
+        </Status>
+        <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+            <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+                <AudienceRestrictionCondition>
+                    <Audience>urn:x-shibtest:SP</Audience>
+                    <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+                </AudienceRestrictionCondition>
+            </Conditions>
+            <AttributeStatement>
+                <Subject>
+                    <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+                </Subject>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>member</AttributeValue>
+                </Attribute>
+            </AttributeStatement>
+        </Assertion>
+    </Response>
+</soap:Body></soap:Envelope>
diff --git a/data/idp/blackbox/aa/response08.txt b/data/idp/blackbox/aa/response08.txt
new file mode 100644 (file)
index 0000000..eee239f
--- /dev/null
@@ -0,0 +1,57 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+        <Status>
+            <StatusCode Value="samlp:Success"></StatusCode>
+        </Status>
+        <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+            <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+                <AudienceRestrictionCondition>
+                    <Audience>urn:x-shibtest:SP</Audience>
+                    <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+                </AudienceRestrictionCondition>
+            </Conditions>
+            <AttributeStatement>
+                <Subject>
+                    <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">
+                        test-handle
+                    </NameIdentifier>
+                </Subject>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue Scope="example.org">member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>test-handle</AttributeValue>
+                </Attribute>
+            </AttributeStatement>
+            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                <ds:SignedInfo>
+                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+                    <ds:Reference URI="[^"]+">
+                        <ds:Transforms>
+                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi">
+                        </ec:InclusiveNamespaces>
+                            </ds:Transform>
+                        </ds:Transforms>
+                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+                        <ds:DigestValue>[^<]+</ds:DigestValue>
+                    </ds:Reference>
+                </ds:SignedInfo>
+                <ds:SignatureValue>[^<]+</ds:SignatureValue>
+                <ds:KeyInfo>
+                <ds:X509Data>
+                <ds:X509Certificate>[^<]+</ds:X509Certificate>
+                </ds:X509Data>
+                </ds:KeyInfo>
+            </ds:Signature>
+        </Assertion>
+    </Response>
+</soap:Body></soap:Envelope>
diff --git a/data/idp/blackbox/conf/SPRelyingParty/arps/arp.site.xml b/data/idp/blackbox/conf/SPRelyingParty/arps/arp.site.xml
new file mode 100644 (file)
index 0000000..f21c440
--- /dev/null
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+       <Description>Simple ARP.</Description>
+       <Rule>
+               <Target>
+                       <AnyTarget/>
+               </Target>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+                       <AnyValue release="permit"/>
+               </Attribute>
+       </Rule>
+</AttributeReleasePolicy>
diff --git a/data/idp/blackbox/conf/SPRelyingParty/idp.xml b/data/idp/blackbox/conf/SPRelyingParty/idp.xml
new file mode 100644 (file)
index 0000000..624f001
--- /dev/null
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP">
+
+    <RelyingParty name="urn:x-shibtest:SP2" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="Principal"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/SPRelyingParty/metadata.xml b/data/idp/blackbox/conf/SPRelyingParty/metadata.xml
new file mode 100644 (file)
index 0000000..1ed7d58
--- /dev/null
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/SPRelyingParty/resolver.xml b/data/idp/blackbox/conf/SPRelyingParty/resolver.xml
new file mode 100644 (file)
index 0000000..f0fbd84
--- /dev/null
@@ -0,0 +1,21 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+    <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+        <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+       </SimpleAttributeDefinition>
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/SPRelyingParty/schemas.properties b/data/idp/blackbox/conf/SPRelyingParty/schemas.properties
new file mode 100644 (file)
index 0000000..0c2066e
--- /dev/null
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
diff --git a/data/idp/blackbox/conf/SPRelyingParty/server.crt b/data/idp/blackbox/conf/SPRelyingParty/server.crt
new file mode 100644 (file)
index 0000000..79e395b
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/SPRelyingParty/server.key b/data/idp/blackbox/conf/SPRelyingParty/server.key
new file mode 100644 (file)
index 0000000..299b486
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
diff --git a/data/idp/blackbox/conf/groupRelyingParty/arps/arp.site.xml b/data/idp/blackbox/conf/groupRelyingParty/arps/arp.site.xml
new file mode 100644 (file)
index 0000000..6452614
--- /dev/null
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+       <Description>Simplest possible ARP.</Description>
+       <Rule>
+               <Target>
+                       <AnyTarget/>
+               </Target>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+       </Rule>
+</AttributeReleasePolicy>
diff --git a/data/idp/blackbox/conf/groupRelyingParty/idp.xml b/data/idp/blackbox/conf/groupRelyingParty/idp.xml
new file mode 100644 (file)
index 0000000..6bec37f
--- /dev/null
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP">
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <RelyingParty name="urn:x-shibtest:federation" signingCredential="test_cred">
+        <NameID nameMapping="nm2"/>
+    </RelyingParty>
+
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:mace:shibboleth:1.0:nameIdentifier"
+        type="SharedMemoryShibHandle"
+        handleTTL="1800"/>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="nm2"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="Principal"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/groupRelyingParty/metadata.xml b/data/idp/blackbox/conf/groupRelyingParty/metadata.xml
new file mode 100644 (file)
index 0000000..1ed7d58
--- /dev/null
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/groupRelyingParty/resolver.xml b/data/idp/blackbox/conf/groupRelyingParty/resolver.xml
new file mode 100644 (file)
index 0000000..f8354be
--- /dev/null
@@ -0,0 +1,14 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/groupRelyingParty/schemas.properties b/data/idp/blackbox/conf/groupRelyingParty/schemas.properties
new file mode 100644 (file)
index 0000000..0c2066e
--- /dev/null
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
diff --git a/data/idp/blackbox/conf/groupRelyingParty/server.crt b/data/idp/blackbox/conf/groupRelyingParty/server.crt
new file mode 100644 (file)
index 0000000..79e395b
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/groupRelyingParty/server.key b/data/idp/blackbox/conf/groupRelyingParty/server.key
new file mode 100644 (file)
index 0000000..299b486
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
diff --git a/data/idp/blackbox/conf/multipleNameMappers/arps/arp.site.xml b/data/idp/blackbox/conf/multipleNameMappers/arps/arp.site.xml
new file mode 100644 (file)
index 0000000..f21c440
--- /dev/null
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+       <Description>Simple ARP.</Description>
+       <Rule>
+               <Target>
+                       <AnyTarget/>
+               </Target>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+                       <AnyValue release="permit"/>
+               </Attribute>
+       </Rule>
+</AttributeReleasePolicy>
diff --git a/data/idp/blackbox/conf/multipleNameMappers/idp.xml b/data/idp/blackbox/conf/multipleNameMappers/idp.xml
new file mode 100644 (file)
index 0000000..ced07f6
--- /dev/null
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP">
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="Principal"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/multipleNameMappers/metadata.xml b/data/idp/blackbox/conf/multipleNameMappers/metadata.xml
new file mode 100644 (file)
index 0000000..1ed7d58
--- /dev/null
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/multipleNameMappers/resolver.xml b/data/idp/blackbox/conf/multipleNameMappers/resolver.xml
new file mode 100644 (file)
index 0000000..f0fbd84
--- /dev/null
@@ -0,0 +1,21 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+    <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+        <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+       </SimpleAttributeDefinition>
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/multipleNameMappers/schemas.properties b/data/idp/blackbox/conf/multipleNameMappers/schemas.properties
new file mode 100644 (file)
index 0000000..0c2066e
--- /dev/null
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
diff --git a/data/idp/blackbox/conf/multipleNameMappers/server.crt b/data/idp/blackbox/conf/multipleNameMappers/server.crt
new file mode 100644 (file)
index 0000000..79e395b
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/multipleNameMappers/server.key b/data/idp/blackbox/conf/multipleNameMappers/server.key
new file mode 100644 (file)
index 0000000..299b486
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
diff --git a/data/idp/blackbox/conf/passThruErrors/arps/arp.site.xml b/data/idp/blackbox/conf/passThruErrors/arps/arp.site.xml
new file mode 100644 (file)
index 0000000..f21c440
--- /dev/null
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+       <Description>Simple ARP.</Description>
+       <Rule>
+               <Target>
+                       <AnyTarget/>
+               </Target>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+                       <AnyValue release="permit"/>
+               </Attribute>
+       </Rule>
+</AttributeReleasePolicy>
diff --git a/data/idp/blackbox/conf/passThruErrors/idp.xml b/data/idp/blackbox/conf/passThruErrors/idp.xml
new file mode 100644 (file)
index 0000000..17951ee
--- /dev/null
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP"
+    passThruErrors="true">
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="SharedMemoryShibHandle"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/passThruErrors/metadata.xml b/data/idp/blackbox/conf/passThruErrors/metadata.xml
new file mode 100644 (file)
index 0000000..1ed7d58
--- /dev/null
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/passThruErrors/resolver.xml b/data/idp/blackbox/conf/passThruErrors/resolver.xml
new file mode 100644 (file)
index 0000000..f0fbd84
--- /dev/null
@@ -0,0 +1,21 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+    <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+        <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+       </SimpleAttributeDefinition>
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/passThruErrors/schemas.properties b/data/idp/blackbox/conf/passThruErrors/schemas.properties
new file mode 100644 (file)
index 0000000..0c2066e
--- /dev/null
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
diff --git a/data/idp/blackbox/conf/passThruErrors/server.crt b/data/idp/blackbox/conf/passThruErrors/server.crt
new file mode 100644 (file)
index 0000000..79e395b
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/passThruErrors/server.key b/data/idp/blackbox/conf/passThruErrors/server.key
new file mode 100644 (file)
index 0000000..299b486
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
diff --git a/data/idp/blackbox/conf/signAssertions/arps/arp.site.xml b/data/idp/blackbox/conf/signAssertions/arps/arp.site.xml
new file mode 100644 (file)
index 0000000..f21c440
--- /dev/null
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+       <Description>Simple ARP.</Description>
+       <Rule>
+               <Target>
+                       <AnyTarget/>
+               </Target>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+                       <AnyValue release="permit"/>
+               </Attribute>
+       </Rule>
+</AttributeReleasePolicy>
diff --git a/data/idp/blackbox/conf/signAssertions/idp.xml b/data/idp/blackbox/conf/signAssertions/idp.xml
new file mode 100644 (file)
index 0000000..94b67a3
--- /dev/null
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP">
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred" signAssertions="true">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="Principal"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/signAssertions/metadata.xml b/data/idp/blackbox/conf/signAssertions/metadata.xml
new file mode 100644 (file)
index 0000000..0644af5
--- /dev/null
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="0" isDefault="true"
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/POST"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/signAssertions/resolver.xml b/data/idp/blackbox/conf/signAssertions/resolver.xml
new file mode 100644 (file)
index 0000000..f0fbd84
--- /dev/null
@@ -0,0 +1,21 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+    <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+        <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+       </SimpleAttributeDefinition>
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/signAssertions/schemas.properties b/data/idp/blackbox/conf/signAssertions/schemas.properties
new file mode 100644 (file)
index 0000000..0c2066e
--- /dev/null
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
diff --git a/data/idp/blackbox/conf/signAssertions/server.crt b/data/idp/blackbox/conf/signAssertions/server.crt
new file mode 100644 (file)
index 0000000..79e395b
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/signAssertions/server.key b/data/idp/blackbox/conf/signAssertions/server.key
new file mode 100644 (file)
index 0000000..299b486
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
diff --git a/data/idp/blackbox/conf/ssoPost/arps/arp.site.xml b/data/idp/blackbox/conf/ssoPost/arps/arp.site.xml
new file mode 100644 (file)
index 0000000..f21c440
--- /dev/null
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+       <Description>Simple ARP.</Description>
+       <Rule>
+               <Target>
+                       <AnyTarget/>
+               </Target>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+                       <AnyValue release="permit"/>
+               </Attribute>
+       </Rule>
+</AttributeReleasePolicy>
diff --git a/data/idp/blackbox/conf/ssoPost/idp.xml b/data/idp/blackbox/conf/ssoPost/idp.xml
new file mode 100644 (file)
index 0000000..ced07f6
--- /dev/null
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP">
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="Principal"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/ssoPost/metadata.xml b/data/idp/blackbox/conf/ssoPost/metadata.xml
new file mode 100644 (file)
index 0000000..0644af5
--- /dev/null
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="0" isDefault="true"
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/POST"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/ssoPost/resolver.xml b/data/idp/blackbox/conf/ssoPost/resolver.xml
new file mode 100644 (file)
index 0000000..f0fbd84
--- /dev/null
@@ -0,0 +1,21 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+    <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+        <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+       </SimpleAttributeDefinition>
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/ssoPost/schemas.properties b/data/idp/blackbox/conf/ssoPost/schemas.properties
new file mode 100644 (file)
index 0000000..0c2066e
--- /dev/null
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
diff --git a/data/idp/blackbox/conf/ssoPost/server.crt b/data/idp/blackbox/conf/ssoPost/server.crt
new file mode 100644 (file)
index 0000000..79e395b
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgICBGUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MDIxMzIwMjU0OFoXDTA5MDMyNTIwMjU0OFowQDEL
+MAkGA1UEBhMCVVMxGzAZBgNVBAoTElNoaWJib2xldGggUHJvamVjdDEUMBIGA1UE
+AxMLZXhhbXBsZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMviIVqG
+DceqklThXTAJmQxqdjFsed1NeVuHjUAKOBXBvCbd3TvoFRjQU4ZCC8sZm8D0lamo
+RLrgfePQmWzKsvhjem/4fea2YizFxQqa/BrWjODPD4SebIkK+GCfxJ954ChKuJGk
+w9EIW4fxvqDFjwgv1jxM908E+bl0LT5xkBAfAgMBAAGjHTAbMAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAFOBUy15e0+q2w6oE8AD
+jxrFpq4gPNFt6WKUXOIlMQ9ldMMCoyZP+UwKY6L4g8EKVxaPQCcXzwy46r4ckoNq
+T8Mq6B0nzN7Or6N1FJnR/SbGjOrKMfGGCHL3OIW++mjjahk612W3vGPAY98lsAxr
+/DssYrmOvWSetbuxTR+3Apdm
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/ssoPost/server.key b/data/idp/blackbox/conf/ssoPost/server.key
new file mode 100644 (file)
index 0000000..299b486
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDL4iFahg3HqpJU4V0wCZkManYxbHndTXlbh41ACjgVwbwm3d07
+6BUY0FOGQgvLGZvA9JWpqES64H3j0JlsyrL4Y3pv+H3mtmIsxcUKmvwa1ozgzw+E
+nmyJCvhgn8SfeeAoSriRpMPRCFuH8b6gxY8IL9Y8TPdPBPm5dC0+cZAQHwIDAQAB
+AoGACnMhoIEkbappa55NZ2vmg0NloWzc5iHVaYKOE80ySLMwUJGoiCyCAE6VKVlz
+P0qluAMRNKviMe3VpfqIEpJlD8yY+HOnzQ4t6kghpQHnSYf3Jxr1yPz2ctAnFDcZ
+loXGpG1Yf+3punHBd+ebQZxn5f2Ujcj93xHvTrjvWKczM5ECQQD0IPWMQJbjCB7d
+ByoUnIubqQvnWK8HU231Pj7jvy/ygV8KxAYSLTjkSwEyNY2FhFY+6TszpI+CGMBD
+pPOFId1pAkEA1cws3ccgky666NLTONeP5Y4ppUPBpD/qVr7As5OaGq1/tH2huBx5
+PNcp6jPaMTe09AJQ7cFnpvmdyqFSbVFoRwJBALT1lW4AFph1VYNbIysiGy4oMWWs
+TBlvE0u9dxqUhnMIyK2PPjzM/qXinyFbpuq4fMGnWrXeHm498I5zv/sIbjkCQQC1
+3Qx9SxnGmYWc71mFjLh3CMscLdrWoRfx2imJmBEKiHONUSDzwCTRQCYDd0AvhbeD
+qUS2OkK1org62aeIHiuZAkA+N9z6DiAUYQGH1n3HK3LwjVqpZw78kSdJZO/tM11K
+9WiB+3Mo+V21zhTJyVur1SI6lwgRQQO+Eve95JT977yK
+-----END RSA PRIVATE KEY-----
diff --git a/data/idp/blackbox/conf/standard/arps/arp.site.xml b/data/idp/blackbox/conf/standard/arps/arp.site.xml
new file mode 100644 (file)
index 0000000..f21c440
--- /dev/null
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+       <Description>Simple ARP.</Description>
+       <Rule>
+               <Target>
+                       <AnyTarget/>
+               </Target>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
+                       <AnyValue release="permit"/>
+               </Attribute>
+               <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement">
+                       <AnyValue release="permit"/>
+               </Attribute>
+       </Rule>
+</AttributeReleasePolicy>
diff --git a/data/idp/blackbox/conf/standard/idp.xml b/data/idp/blackbox/conf/standard/idp.xml
new file mode 100644 (file)
index 0000000..ced07f6
--- /dev/null
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP">
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="Principal"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/standard/metadata.xml b/data/idp/blackbox/conf/standard/metadata.xml
new file mode 100644 (file)
index 0000000..1ed7d58
--- /dev/null
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/standard/resolver.xml b/data/idp/blackbox/conf/standard/resolver.xml
new file mode 100644 (file)
index 0000000..f0fbd84
--- /dev/null
@@ -0,0 +1,21 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+    <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+        <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+       </SimpleAttributeDefinition>
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/standard/schemas.properties b/data/idp/blackbox/conf/standard/schemas.properties
new file mode 100644 (file)
index 0000000..0c2066e
--- /dev/null
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
\ No newline at end of file
diff --git a/data/idp/blackbox/conf/standard/server.crt b/data/idp/blackbox/conf/standard/server.crt
new file mode 100644 (file)
index 0000000..ffb750d
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICkTCCAfqgAwIBAgICBiEwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE1MjgzNVoXDTA5MTEyMTE1MjgzNVowUzEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1wbGUgT3JnYW5pemF0aW9uMQswCQYD
+VQQLEwJJVDEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qK
+boRFjlTineBSOQuMj1RbJEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vv
+vzSsihiioVVa6751PiMCsJG/ATVmgkfigJ4DeaNs7vBvWLqypNU8lhc9q4XTfwID
+AQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQQF
+AAOBgQBqVpKi7Lb/jMJj3m17779sXg3F6tp21A1gyjEpCb/tL3fDMZ/ReG5EBYO4
+/kHRtMxLriPFDBlwZ5mQgectt2r74Hidu1dh0mA8T10RxyK4tJG/gWCZVH/ymQAq
+vNQdVlEPKxZjz0Li0ZW5AuiXEpEdQml0AhPjs9md/ISM8B6iYQ==
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/standard/server.key b/data/idp/blackbox/conf/standard/server.key
new file mode 100644 (file)
index 0000000..1b2b1bb
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qKboRF
+jlTineBSOQuMj1RbJEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vvvzSs
+ihiioVVa6751PiMCsJG/ATVmgkfigJ4DeaNs7vBvWLqypNU8lhc9q4XTfwIDAQAB
+AoGANcnfgCx/+tl0azFqCar++K1O3x9AV75RvF5okKI3ivqQfNHtR+1/WmaIB4TY
+mKWH/VxM/cP5EIFCUQiHXR8gb3PhHA3LxtqZvlqqnrdWXZtjKGNusu6yfHcXUkkT
+XQsvouAK9siUzEvq8A+SYfqP+qR9T3QoZW5i9GDVFST7K6kCQQD5rtgjmvD9VQZg
+VZUQQsjGwawq5/9yPPUDyoExpZpwS4jn5L3n247IWRUpcRoLaiik3IhGitxP7qPG
+1hT+TuOtAkEA6XA/rlMsD6meDVo2ZV8gPVBtw9WGMrPtWG7E4x/YwuKAyH8f5LI8
+o71uYDZcPtIW7Zo2HRXeYy4UE3efhhsZWwJBAOlFNkAFqTM1tbBZJNw9WPGAzkaD
+27+yPcNd9dgZfTF/EJh+uAIfucVqnP/L4GZbtz9XnqYxY+X18eN57cEumT0CQQDR
+4T0wE9F6p4rWAHUFwXgwCF8YAqNsdL8Bkl3swtZVqeYV3c4kBWhl40wYrudTB/rb
+V5otnlrbGzOrqRLBNR4fAkEA5Z26if1bsAVB1R4xxqzpBnXTr+41fOFoQbKwESM3
+3QUHqNwuH+5f/vM7LVgVuug3lQDgLeewOIPNX3wmo759oQ==
+-----END RSA PRIVATE KEY-----
diff --git a/data/idp/blackbox/sp-bad.crt b/data/idp/blackbox/sp-bad.crt
new file mode 100644 (file)
index 0000000..cbbf90b
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgICBiIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE2NTMzMloXDTA5MTEyMTE2NTMzMlowRDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAoTCkZvb2JhciBJbmMxCzAJBgNVBAsTAklUMRMw
+EQYDVQQDEwpmb29iYXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDW
+EZpikCoGjpWCTFDUXC1//gMz6BGgW3ONqjlDBXvgosXcRcU8f7Hc8j4q78yfJBKV
++i1wRCTbrkOdMHjNNrmwjU4p3oEymFeefw1s+Vn8fMLWQKN52zvZdk95lNihbfOo
+2a70ikLPELL8SqtSEn7f3vnKaP2RQ+Hlq/wveoR01QIDAQABox0wGzAMBgNVHRMB
+Af8EAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQQFAAOBgQBcKk6PXHjkT+d4
+J0pDKlXGqlZJID6VKUg52l3fDibRONHCpz8QJHTuAsQLkenJxbImnsLWABzzzdGH
+DcoNfFS7IXBBgfksU3U3nuRaMHIjg4+AiiVF2yZfGYcmnTKuHnQl8ls3kLqCb61M
+9ENNsDYAr/Ul05DYwGxtmNkGrDEPKQ==
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/sp.crt b/data/idp/blackbox/sp.crt
new file mode 100644 (file)
index 0000000..7310bd7
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfmgAwIBAgICBh8wDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE0MzUwNloXDTA5MTEyMTE0MzUwNlowUjEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1wbGUgT3JnYW5pemF0aW9uMQswCQYD
+VQQLEwJJVDEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBANzKJIVSIoAquSD7e7eGT6UASWjliLSxhkNrJT1Vzu3cwNKG
+Cd0MjVPnYYlNgm/HPeopqaKAhW+1aKyBbYp+sPEbIntkhR8QwBP3BGTP1NJtaXMF
+teiCnuiJMntdf9DzGq4nkkIWc6/I+tuZw5m3uh2zavIebi+xINWbiu+CUTGVAgMB
+AAGjHTAbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBAUA
+A4GBAAZAqvnaIsl4OjpB9VV3hgnffuc3GaN3BfhaYAZ7Z4FqW8iLtkcCQs+bCK8c
+hv1yoBIR0UmWITmvXSxi8bf6QD2bq3MF6QjeFqJqif64VGuNiOsPXIZmE8oDYisE
+wqTR9R21TvkYBEVxxNgL3fJ6BtlIF71MJ8CTeqSLTeYmpjKo
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/sso/response b/data/idp/blackbox/sso/response
new file mode 100644 (file)
index 0000000..107d78e
--- /dev/null
@@ -0,0 +1,49 @@
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.shire" ResponseID="[^"]+">
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+      <ds:Reference URI="[^"]+">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+        <ds:DigestValue>[^<]+</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>[^<]+</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>[^<]+</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <Status>
+    <StatusCode Value="samlp:Success"></StatusCode>
+  </Status>
+  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_18ff9b77e8a5feef1d1239af71df1b45" IssueInstant="2005-10-13T16:24:58.660Z" Issuer="idp.example.org" MajorVersion="1" MinorVersion="1">
+    <Conditions NotBefore="2005-10-13T16:24:58.642Z"
+    NotOnOrAfter="2005-10-13T16:29:58.642Z">
+      <AudienceRestrictionCondition>
+        <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+      </AudienceRestrictionCondition>
+    </Conditions>
+    <AuthenticationStatement AuthenticationInstant="2005-10-13T16:24:58.625Z"AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+
+      <Subject>
+        <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+        <SubjectConfirmation>
+          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+        </SubjectConfirmation>
+      </Subject>
+      <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+      <AuthorityBinding AuthorityKind="samlp:AttributeQuery"
+      Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+      Location="https://idp.example.org/shibboleth-idp/AA">
+      </AuthorityBinding>
+    </AuthenticationStatement>
+  </Assertion>
+</Response>
diff --git a/data/idp/blackbox/sso/response.txt b/data/idp/blackbox/sso/response.txt
new file mode 100644 (file)
index 0000000..03014c5
--- /dev/null
@@ -0,0 +1,37 @@
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2005-10-13T16:24:58.681Z" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.shire" ResponseID="_640936b5e6df0ef8db1e431678d8f5e4"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+<ds:Reference URI="#_640936b5e6df0ef8db1e431678d8f5e4">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+<ds:DigestValue>PviaPVKzu1/GWbTEj84e2EQAquA=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>
+Qnd3QqoEAlrzRfCGKillBiOEcX7GykFyrlf20ftG7BgEXszkkIAxY08l8QZT5WqlZCC38b+qr8Hr
+22nw6b8D8GXqnJikya9Oqr/f39nGtjprnfRnPaQ/f2OlSO6UIbzn9zml5Vkzu5D/qLA1qOVAu6aE
+3pALQAZKrSYQJ87G2Yc=
+</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>
+MIICkTCCAfqgAwIBAgICBiEwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVTMRIwEAYDVQQI
+EwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lz
+Y29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYD
+VQQDExxIRVBLSSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE1MjgzNVoXDTA5MTEy
+MTE1MjgzNVowUzELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1wbGUgT3JnYW5pemF0aW9uMQsw
+CQYDVQQLEwJJVDEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qKboRFjlTineBSOQuMj1Rb
+JEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vvvzSsihiioVVa6751PiMCsJG/ATVmgkfi
+gJ4DeaNs7vBvWLqypNU8lhc9q4XTfwIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
+oDANBgkqhkiG9w0BAQQFAAOBgQBqVpKi7Lb/jMJj3m17779sXg3F6tp21A1gyjEpCb/tL3fDMZ/R
+eG5EBYO4/kHRtMxLriPFDBlwZ5mQgectt2r74Hidu1dh0mA8T10RxyK4tJG/gWCZVH/ymQAqvNQd
+VlEPKxZjz0Li0ZW5AuiXEpEdQml0AhPjs9md/ISM8B6iYQ==
+</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_18ff9b77e8a5feef1d1239af71df1b45" IssueInstant="2005-10-13T16:24:58.660Z" Issuer="idp.example.org" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2005-10-13T16:24:58.642Z" NotOnOrAfter="2005-10-13T16:29:58.642Z"><AudienceRestrictionCondition><Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant="2005-10-13T16:24:58.625Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality IPAddress="127.0.0.1"></SubjectLocality><AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.org/shibboleth-idp/AA"></AuthorityBinding></AuthenticationStatement></Assertion></Response>
+
diff --git a/data/idp/blackbox/sso/response01.txt b/data/idp/blackbox/sso/response01.txt
new file mode 100644 (file)
index 0000000..783bb91
--- /dev/null
@@ -0,0 +1,44 @@
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.sso/SAML/POST" ResponseID="[^"]+">
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+      <ds:Reference URI="[^"]+">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+        <ds:DigestValue>[^<]+</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>[^<]+</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>[^<]+</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <Status>
+    <StatusCode Value="samlp:Success"></StatusCode>
+  </Status>
+  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+    <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+      <AudienceRestrictionCondition>
+        <Audience>urn:x-shibtest:SP</Audience>
+        <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+      </AudienceRestrictionCondition>
+    </Conditions>
+    <AuthenticationStatement AuthenticationInstant="[^"]+" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+      <Subject>
+        <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+        <SubjectConfirmation>
+          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+        </SubjectConfirmation>
+      </Subject>
+      <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+    </AuthenticationStatement>
+  </Assertion>
+</Response>
diff --git a/data/idp/blackbox/sso/response02.txt b/data/idp/blackbox/sso/response02.txt
new file mode 100644 (file)
index 0000000..e64b528
--- /dev/null
@@ -0,0 +1,44 @@
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.shire" ResponseID="[^"]+">
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+      <ds:Reference URI="[^"]+">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+        <ds:DigestValue>[^<]+</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>[^<]+</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>[^<]+</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <Status>
+    <StatusCode Value="samlp:Success"></StatusCode>
+  </Status>
+  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="idp.example.org" MajorVersion="1" MinorVersion="1">
+    <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+      <AudienceRestrictionCondition>
+        <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+      </AudienceRestrictionCondition>
+    </Conditions>
+    <AuthenticationStatement AuthenticationInstant="[^"]+" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+      <Subject>
+        <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+        <SubjectConfirmation>
+          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+        </SubjectConfirmation>
+      </Subject>
+      <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+      <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.org/shibboleth-idp/AA"></AuthorityBinding>
+    </AuthenticationStatement>
+  </Assertion>
+</Response>
diff --git a/data/idp/blackbox/sso/response03.txt b/data/idp/blackbox/sso/response03.txt
new file mode 100644 (file)
index 0000000..61f6f64
--- /dev/null
@@ -0,0 +1,66 @@
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" Recipient="https://sp.example.org/Shibboleth.sso/SAML/POST" ResponseID="[^"]+">
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+      <ds:Reference URI="[^"]+">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+        <ds:DigestValue>[^<]+</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>[^<]+</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>[^<]+</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <Status>
+    <StatusCode Value="samlp:Success"></StatusCode>
+  </Status>
+  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+    <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+      <AudienceRestrictionCondition>
+        <Audience>urn:x-shibtest:SP</Audience>
+        <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+      </AudienceRestrictionCondition>
+    </Conditions>
+    <AuthenticationStatement AuthenticationInstant="[^"]+" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+      <Subject>
+        <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">gpburdell</NameIdentifier>
+        <SubjectConfirmation>
+          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+        </SubjectConfirmation>
+      </Subject>
+      <SubjectLocality IPAddress="127.0.0.1"></SubjectLocality>
+    </AuthenticationStatement>
+    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+      <ds:SignedInfo>
+        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
+        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
+        <ds:Reference URI="[^"]+">
+          <ds:Transforms>
+            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
+            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+              <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
+            </ds:Transform>
+          </ds:Transforms>
+          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+          <ds:DigestValue>[^<]+</ds:DigestValue>
+        </ds:Reference>
+      </ds:SignedInfo>
+      <ds:SignatureValue>[^<]+</ds:SignatureValue>
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>[^<]+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </ds:Signature>
+  </Assertion>
+</Response>
diff --git a/lib/commons-io-1.1.jar b/lib/commons-io-1.1.jar
new file mode 100644 (file)
index 0000000..624fc1a
Binary files /dev/null and b/lib/commons-io-1.1.jar differ
index dfeeb2a..49610dc 100644 (file)
@@ -110,4 +110,9 @@ public class IdPConfigLoader {
                return getIdPConfig(getIdPConfigFile(context));
 
        }
+    
+    protected static void reset() {
+        idpConfig = null;
+        idpConfigFile = null;
+    }
 }
diff --git a/tests/edu/internet2/middleware/shibboleth/idp/AATest.java b/tests/edu/internet2/middleware/shibboleth/idp/AATest.java
new file mode 100644 (file)
index 0000000..8a40746
--- /dev/null
@@ -0,0 +1,250 @@
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.idp;
+
+import java.io.File;
+
+import edu.internet2.middleware.shibboleth.utils.FileUtils;
+import edu.internet2.middleware.shibboleth.utils.MockObjectUtils;
+
+/**
+ * MockObject unit tests for Shibboleth IdP Attribute Authority component
+ * 
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class AATest extends IdpTestCase {
+
+       /**
+        * Initialize request object with default client SSL certificate
+        * 
+        * @param requestFilename
+        *            path to file containing HTTP body for request
+        * @throws Exception
+        */
+       private void initRequest(String requestFilename) throws Exception {
+               initRequest(requestFilename, "data/idp/blackbox/sp.crt");
+       }
+
+       /**
+        * Initialize request object with given client SSL certificate
+        * 
+        * @param requestFilename
+        *            path to file containing HTTP body for request
+        * @param certFilename
+        *            path to file containing client SSL certificate
+        * @throws Exception
+        */
+       private void initRequest(String requestFilename, String certFilename)
+                       throws Exception {
+               File requestFile = new File(requestFilename);
+
+               request.setRemoteAddr("127.0.0.1");
+               request.setContextPath("/shibboleth-idp");
+               request.setProtocol("HTTP/1.1");
+               request.setScheme("https");
+               request.setServerName("idp.example.org");
+               request.setServerPort(443);
+
+               request.setMethod("POST");
+               request.setRequestURL("https://idp.example.org/shibboleth-idp/AA");
+               request.setRequestURI("https://idp.example.org/shibboleth-idp/AA");
+               request.setContentType("text/xml");
+               request.setHeader("SOAPAction",
+                               "http://www.oasis-open.org/committees/security");
+               request.setContentLength(new Long(requestFile.length()).intValue());
+
+               request
+                               .setBodyContent(FileUtils
+                                               .readFileToString(requestFile, "utf-8"));
+               MockObjectUtils.setClientCert(request, certFilename);
+       }
+
+       /**
+        * Basic working Attribute Query
+        * 
+        * @throws Exception
+        */
+       public void testBasicAttrQuery() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+               initRequest("data/idp/blackbox/aa/request01.txt");
+
+               testModule.doPost();
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/aa/response01.txt"), "utf-8"), response
+                               .getOutputStreamContent()));
+       }
+
+       /**
+        * Basic Working 1.1 Attribute Query
+        * 
+        * @throws Exception
+        */
+       public void testBasic11AttrQuery() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+               initRequest("data/idp/blackbox/aa/request02.txt");
+
+               testModule.doPost();
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/aa/response02.txt"), "utf-8"), response
+                               .getOutputStreamContent()));
+       }
+
+       /**
+        * Attribute Query with invalid client credentials
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithInvalidCred() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+               initRequest("data/idp/blackbox/aa/request01.txt",
+                               "data/idp/blackbox/sp-bad.crt");
+
+               testModule.doPost();
+
+               assertEquals("Invalid credentials for request.", MockObjectUtils
+                               .getSamlStatusMessage(response));
+       }
+
+       /**
+        * Attribute Query with default relying party
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithDefaultRelyingParty() throws Exception {
+               resetServlet("data/idp/blackbox/conf/SPRelyingParty");
+               initRequest("data/idp/blackbox/aa/request01.txt");
+
+               testModule.doPost();
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/aa/response01.txt"), "utf-8"), response
+                               .getOutputStreamContent()));
+       }
+
+       /**
+        * Attribute Query with SP matched relying party
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithSpMatchedRelyingParty() throws Exception {
+               resetServlet("data/idp/blackbox/conf/SPRelyingParty");
+               initRequest("data/idp/blackbox/aa/request03.txt");
+
+               testModule.doPost();
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/aa/response03.txt"), "utf-8"), response
+                               .getOutputStreamContent()));
+       }
+
+       /**
+        * Attribute Query with group matched relying party
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithGroupMatchedRelyingParty() throws Exception {
+               resetServlet("data/idp/blackbox/conf/groupRelyingParty");
+               initRequest("data/idp/blackbox/aa/request04.txt");
+
+               testModule.doPost();
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/aa/response04.txt"), "utf-8"), response
+                               .getOutputStreamContent()));
+       }
+
+       /**
+        * Attribute Query with error pass thru
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithErrorPassThru() throws Exception {
+               resetServlet("data/idp/blackbox/conf/passThruErrors");
+               initRequest("data/idp/blackbox/aa/request05.txt");
+
+               testModule.doPost();
+
+               assertEquals(
+                               "General error processing request. (wrapped: Name Identifier format not registered.)",
+                               MockObjectUtils.getSamlStatusMessage(response));
+       }
+
+       /**
+        * Attribute Query with attribute designators. Instead of the IdP returning
+        * all attributes allowed for the requesting SP, the SP specifies
+        * specifically which attributes it wants.
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithAttrDesignators() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+               initRequest("data/idp/blackbox/aa/request06.txt");
+
+               testModule.doPost();
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/aa/response06.txt"), "utf-8"), response
+                               .getOutputStreamContent()));
+       }
+
+       /**
+        * Attribute Query with unknown name identifier type
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithUnknownNameIdentifierType() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+               initRequest("data/idp/blackbox/aa/request05.txt");
+
+               testModule.doPost();
+
+               assertEquals("General error processing request.", MockObjectUtils
+                               .getSamlStatusMessage(response));
+       }
+
+       /**
+        * Attribute Query with incorrect name identifier
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithIncorrectNameIdentifier() throws Exception {
+               resetServlet("data/idp/blackbox/conf/groupRelyingParty");
+               initRequest("data/idp/blackbox/aa/request07.txt");
+
+               testModule.doPost();
+
+               assertEquals("General error processing request.", MockObjectUtils
+                               .getSamlStatusMessage(response));
+       }
+
+       /**
+        * Attribute Query with signed assertions
+        * 
+        * @throws Exception
+        */
+       public void testAttrQueryWithSignedAssertions() throws Exception {
+               resetServlet("data/idp/blackbox/conf/signAssertions");
+               initRequest("data/idp/blackbox/aa/request01.txt");
+
+               testModule.doPost();
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/aa/response08.txt"), "utf-8"), response
+                               .getOutputStreamContent()));
+       }
+}
diff --git a/tests/edu/internet2/middleware/shibboleth/idp/IdpTestCase.java b/tests/edu/internet2/middleware/shibboleth/idp/IdpTestCase.java
new file mode 100644 (file)
index 0000000..544e075
--- /dev/null
@@ -0,0 +1,149 @@
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.idp;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+
+import com.mockrunner.mock.web.MockFilterConfig;
+import com.mockrunner.mock.web.MockHttpServletRequest;
+import com.mockrunner.mock.web.MockHttpServletResponse;
+import com.mockrunner.mock.web.MockServletContext;
+import com.mockrunner.mock.web.WebMockObjectFactory;
+import com.mockrunner.servlet.ServletTestModule;
+
+import edu.internet2.middleware.shibboleth.utils.FileUtils;
+
+/**
+ * Base class for Shibboleth IdP MockObject unit tests.
+ * 
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public abstract class IdpTestCase extends TestCase {
+
+       // The Factory creates the Request, Response, Session, etc.
+       WebMockObjectFactory factory = new WebMockObjectFactory();
+
+       // The TestModule runs the Servlet and Filter methods in the simulated
+       // container
+       ServletTestModule testModule = new ServletTestModule(factory);
+
+       // Now simulated Servlet API objects
+       MockServletContext servletContext = factory.getMockServletContext();
+
+       MockFilterConfig filterConfig = factory.getMockFilterConfig();
+
+       MockHttpServletResponse response = factory.getMockResponse();
+
+       MockHttpServletRequest request = factory.getMockRequest();
+
+       protected void setUp() throws Exception {
+               super.setUp();
+
+               // ServletContext (argument to Filters and Servlets)
+               servletContext.setServletContextName("Shibboleth Test Context");
+               servletContext.setInitParameter("IdPConfigFile", new File(tmpIdpHome()
+                               + "/etc/idp.xml").toURL().toString());
+               // testModule.setServlet(sso);
+       }
+
+       /**
+        * Start the IdP servlet using the given config directory and reset request
+        * and response objects
+        * 
+        * @param configDir
+        *            this directory will be copied to IDP_HOME/etc
+        * @throws IOException
+        */
+       void resetServlet(String configDir) throws IOException {
+               // setup config directory and initialize servlet
+               prepareConfigDir(new File(configDir));
+               IdPConfigLoader.reset();
+               testModule.createServlet(IdPResponder.class);
+
+               // reset request and response objects
+               request.clearAttributes();
+               request.clearParameters();
+               response.reset();
+       }
+
+       /**
+        * Copy configDir to IDP_HOME/etc. Any instances of the string "$IDP_HOME$"
+        * in the file idp.xml will be replaced with the current IdP home directory
+        * 
+        * @param configDir
+        * @throws IOException
+        */
+       private void prepareConfigDir(File configDir) throws IOException {
+               try {
+                       FileUtils.forceDelete(new File(tmpIdpHome() + "/etc"));
+               } catch (FileNotFoundException fnf) {
+                       // directory doesn't exist... no big deal
+               }
+
+               FileUtils.copyDirectory(configDir, new File(tmpIdpHome() + "/etc"));
+               new File(tmpIdpHome() + "/logs").mkdir();
+
+               FileUtils.replaceString(new File(tmpIdpHome() + "/etc/idp.xml"),
+                               "\\$IDP_HOME\\$", new File(tmpIdpHome()).toURL().toString());
+       }
+
+       /**
+        * Get a temporary directory to be used as IDP_HOME during testing.
+        * 
+        * @return
+        */
+       private String tmpIdpHome() {
+               // TODO: ideally this should check for a TMP environment variable, or at
+               // least return a platform appropriate directory. Fortunately, /tmp is
+               // properly converted to C:\tmp in Windows,
+               // so the following should still work across platforms
+               return "/tmp/shibboleth-idp";
+       }
+
+       /**
+        * Test two SAML response bodies for equality. Because many items in a SAML
+        * response are generated at runtime (such as ResponseID, IssueInstant,
+        * etc), an exact string match is not possible. To handle this, the expected
+        * string should be a regular expression which will be used to match against
+        * the received string. Any extra whitespace and any whitespace between XML
+        * tags will be ignored.
+        * 
+        * @param expected
+        *            regular expression used to match against the received string
+        * @param received
+        *            HTTP body of received response
+        * @return
+        */
+       boolean responsesAreEqual(String expected, String received) {
+               // ignore extra whitespace
+               String exp = expected.replaceAll("\\s+", " ");
+               String rec = received.replaceAll("\\s+", " ");
+
+               // ignore whitespace between tags
+               exp = exp.replaceAll("\\s*(>|<)\\s*", "$1");
+               rec = rec.replaceAll("\\s*(>|<)\\s*", "$1");
+
+               // System.out.println("exp = " + exp);
+               // System.out.println("rec = " + rec);
+
+               return rec.matches(exp);
+       }
+
+}
diff --git a/tests/edu/internet2/middleware/shibboleth/idp/SSOTest.java b/tests/edu/internet2/middleware/shibboleth/idp/SSOTest.java
new file mode 100644 (file)
index 0000000..663a147
--- /dev/null
@@ -0,0 +1,173 @@
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.idp;
+
+import java.io.File;
+
+import org.apache.commons.codec.binary.Base64;
+
+import edu.internet2.middleware.shibboleth.utils.FileUtils;
+
+/**
+ * MockObject unit tests for Shibboleth IdP Single Sign On component
+ * 
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class SSOTest extends IdpTestCase {
+
+       /**
+        * Initialize SSO request object
+        */
+       private void initRequest() {
+               request.setRemoteAddr("127.0.0.1");
+               request.setContextPath("/shibboleth-idp");
+               request.setProtocol("HTTP/1.1");
+               request.setScheme("https");
+               request.setServerName("idp.example.org");
+               request.setServerPort(443);
+
+               request.setMethod("GET");
+               request.setRequestURL("https://idp.example.org/shibboleth-idp/SSO");
+               request.setRequestURI("https://idp.example.org/shibboleth-idp/SSO");
+       }
+
+       /**
+        * Basic working SSO flow using Artifact
+        * 
+        * @throws Exception
+        */
+       public void testBasicSsoArtifactFlow() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+
+               initRequest();
+               request.setupAddParameter("target",
+                               "https://sp.example.org/cgi-bin/login.cgi");
+               request.setupAddParameter("shire",
+                               "https://sp.example.org/Shibboleth.sso/SAML/Artifact");
+               request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+               request.setRemoteUser("gpburdell");
+
+               testModule.doGet();
+
+               assertTrue(response
+                               .getHeader("Location")
+                               .matches(
+                                               "https://sp.example.org/Shibboleth.sso/SAML/Artifact?.*"
+                                                               + "TARGET=https%3A%2F%2Fsp.example.org%2Fcgi-bin%2Flogin.cgi"
+                                                               + "&SAMLart=[^&]+" + "&SAMLart=[^&]+"));
+       }
+
+       /**
+        * Basic working SSO flow using POST
+        * 
+        * @throws Exception
+        */
+       public void testBasicSsoPostFlow() throws Exception {
+               resetServlet("data/idp/blackbox/conf/ssoPost");
+
+               initRequest();
+               request.setupAddParameter("target",
+                               "https://sp.example.org/cgi-bin/login.cgi");
+               request.setupAddParameter("shire",
+                               "https://sp.example.org/Shibboleth.sso/SAML/POST");
+               request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+               request.setRemoteUser("gpburdell");
+
+               testModule.doGet();
+
+               String bin64assertion = (String) request.getAttribute("assertion");
+               String assertion = new String(Base64.decodeBase64(bin64assertion
+                               .getBytes()));
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/sso/response01.txt"), "utf-8"), assertion));
+       }
+
+       /**
+        * Basic working 1.1 SSO flow
+        * 
+        * @throws Exception
+        */
+       public void testBasic11SsoFlow() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+
+               initRequest();
+               request.setupAddParameter("target",
+                               "https://sp.example.org/cgi-bin/login.cgi");
+               request.setupAddParameter("shire",
+                               "https://sp.example.org/Shibboleth.shire");
+               request.setRemoteUser("gpburdell");
+
+               testModule.doGet();
+
+               String bin64assertion = (String) request.getAttribute("assertion");
+               String assertion = new String(Base64.decodeBase64(bin64assertion
+                               .getBytes()));
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/sso/response02.txt"), "utf-8"), assertion));
+       }
+
+       /**
+        * SSO flow with invalid SP Acceptance URL
+        * 
+        * @throws Exception
+        */
+       public void testSsoFlowWithInvalidSpAcceptanceUrl() throws Exception {
+               resetServlet("data/idp/blackbox/conf/standard");
+
+               initRequest();
+               request.setupAddParameter("target",
+                               "https://sp.example.org/cgi-bin/login.cgi");
+               request.setupAddParameter("shire",
+                               "https://invalid.edu/Shibboleth.sso/SAML/Artifact");
+               request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+               request.setRemoteUser("gpburdell");
+
+               testModule.doGet();
+
+               assertEquals(
+                               "org.opensaml.SAMLException: Invalid assertion consumer service URL.",
+                               request.getAttribute("errorText"));
+       }
+
+       /**
+        * SSO flow with signed assertions
+        * 
+        * @throws Exception
+        */
+       public void testSsoFlowWithSignedAssertions() throws Exception {
+               resetServlet("data/idp/blackbox/conf/signAssertions");
+
+               initRequest();
+               request.setupAddParameter("target",
+                               "https://sp.example.org/cgi-bin/login.cgi");
+               request.setupAddParameter("shire",
+                               "https://sp.example.org/Shibboleth.sso/SAML/POST");
+               request.setupAddParameter("providerId", "urn:x-shibtest:SP");
+               request.setRemoteUser("gpburdell");
+
+               testModule.doGet();
+
+               String bin64assertion = (String) request.getAttribute("assertion");
+               String assertion = new String(Base64.decodeBase64(bin64assertion
+                               .getBytes()));
+
+               assertTrue(responsesAreEqual(FileUtils.readFileToString(new File(
+                               "data/idp/blackbox/sso/response03.txt"), "utf-8"), assertion));
+       }
+
+}
diff --git a/tests/edu/internet2/middleware/shibboleth/utils/FileUtils.java b/tests/edu/internet2/middleware/shibboleth/utils/FileUtils.java
new file mode 100644 (file)
index 0000000..2d6bfd4
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.utils;
+
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * File manipulation utilities, extended from Jakarta's commons-io
+ * 
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class FileUtils extends org.apache.commons.io.FileUtils {
+
+       /**
+        * Replace all instances of <i>token</i> with <i>value</i> in the given
+        * File
+        * 
+        * @param file
+        * @param token
+        *            regular expression to match and replace
+        * @param value
+        *            string to replace token with
+        * @throws IOException
+        */
+       public static void replaceString(File file, String token, String value)
+                       throws IOException {
+               String contents = FileUtils.readFileToString(file, "utf-8");
+               contents = contents.replaceAll(token, value);
+               FileUtils.writeStringToFile(file, contents, "utf-8");
+       }
+
+}
\ No newline at end of file
diff --git a/tests/edu/internet2/middleware/shibboleth/utils/MockObjectUtils.java b/tests/edu/internet2/middleware/shibboleth/utils/MockObjectUtils.java
new file mode 100644 (file)
index 0000000..8e87843
--- /dev/null
@@ -0,0 +1,70 @@
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package edu.internet2.middleware.shibboleth.utils;
+
+import java.io.FileInputStream;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import com.mockrunner.mock.web.MockHttpServletRequest;
+import com.mockrunner.mock.web.MockHttpServletResponse;
+
+/**
+ * Assorted convenience methods for working with MockRunner
+ * 
+ * @author Will Norris (wnorris@memphis.edu)
+ */
+public class MockObjectUtils {
+
+       /**
+        * Set the client SSL certificate for the given request object
+        * 
+        * @param request
+        * @param certFile
+        *            path to client SSL certificate
+        * @throws Exception
+        */
+       public static void setClientCert(MockHttpServletRequest request,
+                       String certFile) throws Exception {
+               FileInputStream fis = new FileInputStream(certFile);
+               CertificateFactory cf = CertificateFactory.getInstance("X.509");
+               Collection c = cf.generateCertificates(fis);
+
+               X509Certificate[] certs = new X509Certificate[c.size()];
+               certs = (X509Certificate[]) c.toArray(certs);
+
+               request.setAttribute("javax.servlet.request.X509Certificate", certs);
+       }
+
+       /**
+        * Get SAML status message from the given response object
+        * 
+        * @param response
+        * @return
+        */
+       public static String getSamlStatusMessage(MockHttpServletResponse response) {
+               Pattern p = Pattern.compile("<StatusMessage>([^<]*)</StatusMessage>");
+               Matcher m = p.matcher(response.getOutputStreamContent());
+               if (m.find()) {
+                       return m.group(1);
+               } else {
+                       return null;
+               }
+       }
+}