Merge branch 'master' into frontchannel-slo v2.2.1-slo10
authorTamas Frank <sitya@niif.hu>
Fri, 14 Jan 2011 09:26:52 +0000 (10:26 +0100)
committerTamas Frank <sitya@niif.hu>
Fri, 14 Jan 2011 09:26:52 +0000 (10:26 +0100)
Conflicts:
pom.xml
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
src/main/webapp/WEB-INF/web.xml

1  2 
pom.xml
src/installer/resources/conf-tmpl/relying-party.xml
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
src/main/webapp/WEB-INF/web.xml

diff --cc pom.xml
+++ b/pom.xml
@@@ -2,9 -2,11 +2,9 @@@
  <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
      <modelVersion>4.0.0</modelVersion>
 -    
      <groupId>edu.internet2.middleware</groupId>
      <artifactId>shibboleth-identityprovider</artifactId>
-     <version>2.2.0-slo10</version>
 -    <version>2.2.1</version>
 -    
++    <version>2.2.1-slo10</version>
      <!-- We bundle as a jar here, the installer creates the WAR -->
      <packaging>jar</packaging>
  
          <dependency>
              <groupId>edu.internet2.middleware</groupId>
              <artifactId>shibboleth-common</artifactId>
++<<<<<<< HEAD
 +            <version>1.2.0-slo2</version>
++=======
+             <version>1.2.1</version>
++>>>>>>> master
          </dependency>
          
          <!-- Provided dependencies -->
                                encryptNameIds="never" />
          
          <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
-                               signResponses="conditional"
-                               signAssertions="never"
+                               signResponses="never"
+                               signAssertions="always"
                                encryptAssertions="conditional"
                                encryptNameIds="never"/>
 +
 +        <rp:ProfileConfiguration xsi:type="saml:SAML2LogoutRequestProfile"
 +                              signResponses="always"
 +                              signAssertions="never"
 +                              encryptAssertions="never"
 +                              encryptNameIds="conditional" />
          
      </rp:DefaultRelyingParty>
          
@@@ -57,13 -57,10 +57,14 @@@ import edu.internet2.middleware.shibbol
  import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
  import edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager;
  import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.ShibbolethSSOConfiguration;
 +import edu.internet2.middleware.shibboleth.common.session.SessionManager;
  import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
  import edu.internet2.middleware.shibboleth.idp.authn.ShibbolethSSOLoginContext;
 +import edu.internet2.middleware.shibboleth.idp.session.Session;
 +import edu.internet2.middleware.shibboleth.idp.session.impl.ServiceInformationImpl;
+ import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
  import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
 +import org.opensaml.saml1.core.NameIdentifier;
  
  /** Shibboleth SSO request profile handler. */
  public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
@@@ -78,7 -76,7 +77,8 @@@ import edu.internet2.middleware.shibbol
  import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
  import edu.internet2.middleware.shibboleth.idp.authn.PassiveAuthenticationException;
  import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
 +import edu.internet2.middleware.shibboleth.idp.session.impl.ServiceInformationImpl;
+ import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
  import edu.internet2.middleware.shibboleth.idp.session.Session;
  import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
  
          <url-pattern>/*</url-pattern>
      </filter-mapping>
  
 +    <!--  Add IdP SLO Context object to incoming profile requests -->
 +    <filter>
 +        <filter-name>SLOContextFilter</filter-name>
 +        <filter-class>edu.internet2.middleware.shibboleth.idp.slo.SLOContextFilter</filter-class>
 +    </filter>
 +
 +    <filter-mapping>
 +        <filter-name>SLOContextFilter</filter-name>
 +        <url-pattern>/profile/SAML2/SOAP/SLO</url-pattern>
 +    </filter-mapping>
 +    <filter-mapping>
 +        <filter-name>SLOContextFilter</filter-name>
 +        <url-pattern>/profile/SAML2/Redirect/SLO</url-pattern>
 +    </filter-mapping>
 +    <filter-mapping>
 +        <filter-name>SLOContextFilter</filter-name>
 +        <url-pattern>/profile/SAML2/POST/SLO</url-pattern>
 +    </filter-mapping>
 +    <filter-mapping>
 +        <filter-name>SLOContextFilter</filter-name>
 +        <url-pattern>/SLOServlet</url-pattern>
 +        <dispatcher>REQUEST</dispatcher>
 +        <dispatcher>FORWARD</dispatcher>
 +    </filter-mapping>
 +    <!-- END of SLO Context Filter -->
+     <!-- HTTP headers to every response in order to prevent response caching -->
+     <filter>
+         <filter-name>IdPNoCacheFilter</filter-name>
+         <filter-class>edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter</filter-class>
+     </filter>
+     <filter-mapping>
+         <filter-name>IdPNoCacheFilter</filter-name>
+         <url-pattern>/*</url-pattern>
+     </filter-mapping>
  
      <!-- Profile Request Dispatcher -->
      <servlet>
          <location>/error-404.jsp</location>
      </error-page>
  
- <!-- Uncomment to use container managed authentication -->
- <!--
-     <security-constraint>
-         <display-name>Shibboleth IdP</display-name>
-         <web-resource-collection>
-             <web-resource-name>user authentication</web-resource-name>
-             <url-pattern>/Authn/RemoteUser</url-pattern>
-             <http-method>GET</http-method>
-             <http-method>POST</http-method>
-         </web-resource-collection>
-         <auth-constraint> 
-             <role-name>user</role-name> 
-         </auth-constraint>
-         <user-data-constraint>
-             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-         </user-data-constraint>
-     </security-constraint>
-     
-     <security-role>
-       <role-name>user</role-name>
-     </security-role> 
- -->
- <!-- Uncomment if you want BASIC auth managed by the container -->
- <!--
-     <login-config>
-       <auth-method>BASIC</auth-method>
-       <realm-name>IdP Password Authentication</realm-name>
-     </login-config>
- -->
- <!-- Uncomment if you want form-based auth managed by the container -->
- <!--
-     <login-config>
-         <auth-method>FORM</auth-method>
-         <realm-name>IdP Password Authentication</realm-name>
-         <form-login-config>
-             <form-login-page>/login.jsp</form-login-page>
-             <form-error-page>/login-error.jsp</form-error-page>
-         </form-login-config>
-     </login-config>
- -->
+     <!-- Uncomment to use container managed authentication -->
+     <!-- <security-constraint> <display-name>Shibboleth IdP</display-name> <web-resource-collection> <web-resource-name>user 
+         authentication</web-resource-name> <url-pattern>/Authn/RemoteUser</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> 
+         </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
+         </user-data-constraint> </security-constraint> <security-role> <role-name>user</role-name> </security-role> -->
+     <!-- Uncomment if you want BASIC auth managed by the container -->
+     <!-- <login-config> <auth-method>BASIC</auth-method> <realm-name>IdP Password Authentication</realm-name> </login-config> -->
+     <!-- Uncomment if you want form-based auth managed by the container -->
+     <!-- <login-config> <auth-method>FORM</auth-method> <realm-name>IdP Password Authentication</realm-name> <form-login-config> 
+         <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-error.jsp</form-error-page> </form-login-config> </login-config> -->
  
 -</web-app>
 +</web-app>