<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
+ <classpathentry kind="src" path="resources/classpath"/>
<classpathentry kind="src" path="tests"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="lib" path="lib/bc-asn1.jar">
- <attributes>
- <attribute value="http://bouncycastle.org/docs/docs1.5/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="lib" path="lib/bsh-2.0b1.jar">
- <attributes>
- <attribute value="http://www.beanshell.org/javadoc/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="lib" path="lib/commons-codec-1.3.jar">
- <attributes>
- <attribute value="http://jakarta.apache.org/commons/codec/api-release/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="lib" path="lib/commons-dbcp-1.2.1.jar">
- <attributes>
- <attribute value="http://jakarta.apache.org/commons/dbcp/apidocs/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="lib" path="lib/commons-io-1.1.jar">
- <attributes>
- <attribute value="http://jakarta.apache.org/commons/io/api-1.1/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="lib" path="lib/commons-pool-1.2.jar">
- <attributes>
- <attribute value="http://jakarta.apache.org/commons/pool/apidocs/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="lib" path="lib/jargs-0.4.jar">
- <attributes>
- <attribute value="http://jargs.sourceforge.net/doc/api/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
+ <classpathentry kind="lib" path="lib/jargs-0.4.jar"/>
<classpathentry kind="lib" path="build-lib/ant-1.6.3.jar"/>
<classpathentry kind="lib" path="build-lib/ant-contrib.jar"/>
<classpathentry kind="lib" path="build-lib/antext-04Jul2006.jar"/>
<classpathentry kind="lib" path="build-lib/ant-junit-1.6.3.jar"/>
<classpathentry kind="lib" path="build-lib/ant-launcher-1.6.3.jar"/>
<classpathentry kind="lib" path="build-lib/ant-nodeps-1.6.3.jar"/>
- <classpathentry kind="lib" path="build-lib/mockrunner-servlet.jar">
- <attributes>
- <attribute value="http://mockrunner.sourceforge.net/doc/api/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
+ <classpathentry kind="lib" path="build-lib/mockrunner-servlet.jar"/>
<classpathentry combineaccessrules="false" kind="src" path="/java-shib-common"/>
- <classpathentry kind="lib" path="build-lib/jsp-2.0.jar">
- <attributes>
- <attribute value="http://tomcat.apache.org/tomcat-5.0-doc/jspapi/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
+ <classpathentry kind="lib" path="build-lib/jsp-2.0.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
- <bean id="AttributeFilterEngine" class="" scope="singleton">
- <property name="SiteARP" value="/IDP_HOME/site.arp.xml" />
- </bean>
-
- <bean id="AttributeResolver" class="" scope="singleton">
- <property name="filterEngine" ref="AttributeFilterEgine" />
- <property name="resolverConfig" value="/IDP_HOME/resolve.xml" />
- </bean>
-</beans>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
-
- <filter>
- <filter-name>Client Cert AuthN Filter</filter-name>
- <filter-class>edu.internet2.middleware.shibboleth.utils.ClientCertTrustFilter</filter-class>
- <init-param>
- <param-name>regex</param-name>
- <param-value>.*CN=([^,/]+).*</param-value>
- </init-param>
- <init-param>
- <param-name>matchGroup</param-name>
- <param-value>1</param-value>
- </init-param>
- </filter>
-
- <filter-mapping>
- <filter-name>Client Cert AuthN Filter</filter-name>
- <url-pattern>/SSO</url-pattern>
- </filter-mapping>
-
- <context-param>
- <param-name>IdPConfigFile</param-name>
- <param-value>$IDP_HOME$/etc/idp.xml</param-value>
- </context-param>
-
- <servlet>
- <servlet-name>IdP</servlet-name>
- <display-name>Shibboleth Identity Provider</display-name>
- <servlet-class>edu.internet2.middleware.shibboleth.idp.IdPResponder</servlet-class>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/SSO</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/AA</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/Artifact</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/Status</url-pattern>
- </servlet-mapping>
-
- <mime-mapping>
- <extension>css</extension>
- <mime-type>text/css</mime-type>
- </mime-mapping>
-
-</web-app>
+++ /dev/null
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
-
- <context-param>
- <param-name>IdPConfigFile</param-name>
- <param-value>$IDP_HOME$/etc/idp.xml</param-value>
- </context-param>
-
- <servlet>
- <servlet-name>IdP</servlet-name>
- <display-name>Shibboleth Identity Provider</display-name>
- <servlet-class>edu.internet2.middleware.shibboleth.idp.IdPResponder</servlet-class>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/SSO</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/AA</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/Artifact</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/Status</url-pattern>
- </servlet-mapping>
-
- <mime-mapping>
- <extension>css</extension>
- <mime-type>text/css</mime-type>
- </mime-mapping>
-
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>Shibboleth SSO Service</web-resource-name>
- <url-pattern>/SSO</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>tomcat</role-name>
- </auth-constraint>
- </security-constraint>
-
- <login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>Shibboleth SSO Service</realm-name>
- </login-config>
-
- <security-role>
- <description>default tomcat user</description>
- <role-name>tomcat</role-name>
- </security-role>
-</web-app>
+++ /dev/null
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
- <context-param>
- <param-name>IdPConfigFile</param-name>
- <param-value>$IDP_HOME$/etc/idp.xml</param-value>
- </context-param>
-
- <servlet>
- <servlet-name>IdP</servlet-name>
- <display-name>Shibboleth Identity Provider</display-name>
- <servlet-class>edu.internet2.middleware.shibboleth.idp.IdPResponder</servlet-class>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/SSO</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/AA</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/Artifact</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>IdP</servlet-name>
- <url-pattern>/Status</url-pattern>
- </servlet-mapping>
-
- <mime-mapping>
- <extension>css</extension>
- <mime-type>text/css</mime-type>
- </mime-mapping>
-
-</web-app>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
-
-</beans>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
-
-</beans>
\ No newline at end of file
-<!-- Main build configutaion for Shibboleth java components - Walter Hoehn 06/04/2002 -->
-
-<project name="Shibboleth" default="install" basedir=".">
-
- <!-- Set global properties for this build -->
- <property name="distnameWayf" value="shibboleth-wayf" />
- <property name="root" value="." />
- <property name="src" value="${root}/src/" />
- <property name="tests" value="${root}/tests/" />
- <property name="approot" value="${root}/webApplication/" />
- <property name="appconfig" value="${src}/conf/" />
- <property name="configroot" value="${root}/webAppConfig/" />
- <property name="build" value="${approot}/WEB-INF/classes/" />
- <property name="libdir" value="${approot}/WEB-INF/lib/" />
- <property name="buildlibs" value="${root}/lib/" />
- <property name="endorsed" value="${root}/endorsed/" />
- <property name="distlibs" value="${root}/lib/" />
- <property name="custom" value="${root}/custom/" />
- <property name="custom.libs" value="${custom}/lib"/>
- <property name="custom.webapges" value="${custom}/web"/>
- <property name="dist" value="${root}/dist/" />
- <property name="docs" value="${root}/doc/" />
- <property name="javadocs" value="${docs}/api/" />
- <property name="reports.dir" value="${docs}/reports" />
- <property name="test-report.dir" value="${reports.dir}/unit-test" />
-
- <property name="year" value="2002-2005"/>
- <property name="copyright" value="Copyright © ${year} UCAID. All Rights Reserved."/>
-
- <!-- antcontrib tasks -->
- <taskdef resource="net/sf/antcontrib/antcontrib.properties"/>
-
- <!-- Load Checkstyle tasks -->
- <taskdef resource="checkstyletask.properties" />
-
- <!-- Import the tasks for building custom extensions -->
- <import file="${custom}/extension-build.xml"/>
-
-
- <!-- Construct the CLASSPATH -->
- <path id="build.path">
- <pathelement location="${build}" />
- <fileset dir="${endorsed}" includes="**/*.jar" />
- <fileset dir="${libdir}" includes="**/*.jar" />
- <fileset dir="${buildlibs}" includes="**/*.jar" />
- </path>
+<project name="Shibboleth Identity Provider" basedir="." default="package">
+ <tstamp>
+ <format property="build-date" pattern="ddMMyyyy'T'kkmmss" timezone="GMT"/>
+ </tstamp>\r
- <!-- Add to the classpath for unit tests -->
- <path id="test.path">
- <path refid="build.path"/>
- <pathelement location="${tests}"/>
- </path>
-
-
- <!-- Prepare directory structure for project build-->
- <target name="init">
- <mkdir dir="${build}" />
- <mkdir dir="${dist}" />
- <mkdir dir="${custom.libs}"/>
- <mkdir dir="${custom.webapges}"/>
-
- <if>
- <not> <available file="build.properties" /> </not>
- <then>
- <copy file="conf/default.build.properties" tofile="build.properties" />
- </then>
- </if>
-
- <property file="build.properties" />
- </target>
-
-
- <!-- This target should be run before checking code into the repository -->
- <target name="pre-checkin" depends="compile, test, clean-all" />
-
-
- <!-- Compile classes and move them to ${build} -->
- <target name="compile" depends="init"
- description="Compile source files">
- <!-- Compile the shib code into the build path -->
- <javac srcdir="${src}" destdir="${build}" includes="**/*.java" debug="on" source="1.4">
- <classpath refid="build.path" />
- </javac>
- <!-- Copy xml schemas to the build path -->
- <copy todir="${build}/schemas">
- <fileset dir="${src}/schemas"/>
- </copy>
-
- <!-- Build extensions -->
- <antcall target="ext-invoke">
- <param name="exts.dir" value="${custom}"/>
- <param name="ext.build.function" value="ext-build"/>
- </antcall>
- </target>
-
-
- <!-- Generate API docs -->
- <target name="javadocs">
- <mkdir dir="${docs}" />
- <mkdir dir="${javadocs}" />
- <javadoc packagenames='edu.internet2.middleware.*'
- sourcepath='${src}' destdir='${javadocs}'
- author='true' version='true'
- windowtitle='Shibboleth Java API' doctitle='Shibboleth Java API'
- bottom='${copyright}'>
- <classpath refid="build.path" />
- </javadoc>
- </target>
-
-
- <!-- Build command-line utilities -->
- <target name="build-util" depends="compile">
- <jar jarfile="${distlibs}/shib-util.jar" basedir="${build}" />
- </target>
-
-
- <!-- Compile classes needed for unit testing -->
- <target name="compile-tests" depends="compile">
- <javac srcdir="${tests}" destdir="${build}" includes="**/*.java" debug="on" source="1.4">
- <classpath refid="build.path" />
- </javac>
- </target>
-
- <target name="test" depends="compile-tests">
- <junit printsummary="no" fork="yes" haltonfailure="yes" haltonerror="yes" dir="${root}">
- <jvmarg value="-Djava.endorsed.dirs=${endorsed}" />
- <classpath>
- <fileset dir="${custom.libs}">
- <include name="*.jar"/>
- </fileset>
- <path refid="test.path"/>
- </classpath>
- <formatter type="plain" />
- <test name="edu.internet2.middleware.shibboleth.aa.arp.ArpTests" />
- <test name="edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverTests" />
- <test name="edu.internet2.middleware.shibboleth.common.CredentialsTests" />
- <test name="edu.internet2.middleware.shibboleth.common.provider.NameMapperTests" />
- <test name="edu.internet2.middleware.shibboleth.common.TrustTests" />
- <test name="edu.internet2.middleware.shibboleth.idp.provider.DNHostNameExtractionTests" />
- <test name="edu.internet2.middleware.shibboleth.metadata.MetadataTests" />
- <test name="edu.internet2.middleware.shibboleth.idp.SSOTest" />
- <test name="edu.internet2.middleware.shibboleth.idp.AATest" />
- </junit>
- </target>
-
-
- <!-- Tomcat Management -->
- <target name="setupTomcatTasks" depends="init">
- <path id="tomcat.classpath">
- <fileset dir="${tomcat.home}/server/lib" includes="catalina-ant.jar"/>
- </path>
-
- <taskdef name="tomcatStart" classname="org.apache.catalina.ant.StartTask" classpathref="tomcat.classpath"/>
- <taskdef name="tomcatStop" classname="org.apache.catalina.ant.StopTask" classpathref="tomcat.classpath"/>
- <taskdef name="tomcatDeploy" classname="org.apache.catalina.ant.DeployTask" classpathref="tomcat.classpath"/>
- <taskdef name="tomcatUndeploy" classname="org.apache.catalina.ant.UndeployTask" classpathref="tomcat.classpath"/>
- </target>
-
- <target name="tomcat.start" depends="setupTomcatTasks" description="Start a deployed webapp using Tomcat manager">
- <tomcatStart url="${tomcat.url}" username="${tomcat.username}" password="${tomcat.password}" path="/${idp.webapp.name}"/>
- </target>
-
- <target name="tomcat.stop" depends="setupTomcatTasks" description="Stop a deployed webapp using Tomcat manager">
- <tomcatStop url="${tomcat.url}" username="${tomcat.username}" password="${tomcat.password}" path="/${idp.webapp.name}"/>
- </target>
-
- <target name="tomcat.deploy" depends="setupTomcatTasks" description="Upload and deploy using Tomcat manager">
- <tomcatDeploy url="${tomcat.url}" username="${tomcat.username}" password="${tomcat.password}" path="/${idp.webapp.name}"
- war="file:${basedir}/${dist}/${idp.webapp.name}.war"/>
- </target>
-
- <target name="tomcat.undeploy" depends="setupTomcatTasks" description="Undeploy using Tomcat manager">
- <tomcatUndeploy url="${tomcat.url}" username="${tomcat.username}" password="${tomcat.password}" path="/${idp.webapp.name}"/>
- </target>
-
-
- <!-- Automated key generation for crypto handles -->
- <target name="genSecret" depends="compile">
- <taskdef name="genSecret" classname="edu.internet2.middleware.shibboleth.utils.HandleRepositorySecretGenerator" classpathref="build.path"/>
- <genSecret keyStorePath="${appconfig}/handle.jks" keyStorePassword="shibhs" keyStoreKeyAlias="handleKey" keyStoreKeyPassword="shibhs" />
- </target>
-
-
- <!-- Generate salt for use with targetted id -->
- <target name="genSalt" depends="compile">
- <taskdef name="genSalt" classname="edu.internet2.middleware.shibboleth.utils.HandleRepositorySecretGenerator" classpathref="build.path"/>
- <genSalt keyStorePath="${appconfig}/persistent.jks" keyStorePassword="shibhs" keyStoreKeyAlias="handleKey" keyStoreKeyPassword="shibhs" />
- </target>
-
- <target name="exampleCertificates">
- <!--
- This target provides an example of the generation of
- self-signed Certificates for the IdP. You may
- change the cn= and use it to generate new identities
- when you want to replace "example.org" with your real
- organization dns. However,the generated key and
- certificate also have to be defined to the Credentials
- of the IdP config files and added to the Metadata.
- -->
- <genkey alias="tomcat" storepass="exampleorg"
- keystore="${tomcat.home}/conf/idp-example.jks"
- keyalg="RSA" validity="365"
- dname="cn=idp.example.org, o=example.org, c=US"
- />
- </target>
-
-
- <!-- Package Shibboleth -->
- <target name="package-idp" depends="compile, install.url" description="Creates the IdP war file and moves it to ${dist}">
- <!-- copy values to deployment descriptor -->
- <copy file="${configroot}/${idp.deployment.descriptor}" tofile="${configroot}/idp.xml" overwrite="true" />
- <replace file="${configroot}/idp.xml" token="$IDP_HOME$" value="${idp.home.url}" />
-
- <!-- package extensions -->
- <antcall target="ext-invoke">
- <param name="exts.dir" value="${custom}"/>
- <param name="ext.build.function" value="ext-package"/>
- <param name="ext.filesystem.home" value="${idp.home}"/>
- <param name="ext.home.token" value="$IDP_HOME$"/>
- </antcall>
-
- <!-- create the war -->
- <war warfile="${dist}/${idp.webapp.name}.war" webxml="${configroot}/idp.xml" basedir="${approot}" update="yes" duplicate="add">
- <!-- Grab any custom extension libraries -->
- <lib dir="${custom.libs}"/>
-
- <!-- Grab any web material from custom extensions -->
- <fileset dir="${custom.webapges}"/>
- </war>
-
- <!-- clean up generated descriptor -->
- <delete file="${configroot}/idp.xml"/>
- </target>
-
- <!-- Install Shibboleth -->
- <target name="install.init">
- <taskdef name="xinput" classname="edu.internet2.middleware.ant.XInput" classpath="${build}" />
- <typedef name="xoption" classname="edu.internet2.middleware.ant.XInputOption" classpath="${build}" />
- </target>
-
- <target name="install.url">
- <taskdef name="urlconvert" classname="edu.internet2.middleware.ant.URLConvert" classpath="${build}"/>
- </target>
-
- <target name="install" depends="init, install.init" description="Install Shibboleth">
- <if>
- <xinput type="confirm" defaultvalue="y">Do you want to install the Shibboleth Identity Provider?</xinput>
- <then>
- <input message="What name do you want to use for the Identity Provider web application? [default: ${idp.webapp.name}]"
- addproperty="idp.webapp.name.input" defaultValue="${idp.webapp.name}" />
- <var name="idp.webapp.name" value="${idp.webapp.name.input}" />
-
- <antcall target="install.idp" />
- </then>
- </if>
- </target>
-
- <target name="install.idp" depends="init, install.init">
- <xinput message="Deploying the java web application. Do you want to install it directly onto the filesystem or use the tomcat manager application?"
- addproperty="idp.install-type.input" type="menu" casesensitive="no" defaultValue="${idp.install-type}">
- <xoption value="filesystem.prompt">filesystem</xoption>
- <xoption>manager</xoption>
- </xinput>
- <var name="idp.install-type" value="${idp.install-type.input}" />
-
- <antcall target="install.idp.${idp.install-type}" />
- </target>
-
- <!-- Prompt user for filesystem installation options and save them to build.properties -->
- <target name="install.idp.filesystem.prompt" depends="init, install.init">
- <input message="Select a home directory for the Shibboleth Identity Provider [default: ${idp.home}]"
- addproperty="idp.home.input" defaultvalue="${idp.home}" />
- <var name="idp.home" value="${idp.home.input}" />
- <input message="Enter tomcat home directory [default: ${tomcat.home}]"
- addproperty="tomcat.home.input" defaultvalue="${tomcat.home}" />
- <var name="tomcat.home" value="${tomcat.home.input}" />
-
- <if>
- <available file="${idp.home}/etc" />
- <then>
- <echo>--------------------------------------------------------------------------------------</echo>
- <echo>---</echo>
- <echo>--- NOTE: Existing Identiity Provider configuration at ${idp.home}/etc ${line.separator}--- will not be overwritten.</echo>
- <echo>---</echo>
- <echo>--------------------------------------------------------------------------------------</echo>
- <property name="copy-idp-conf" value="n" />
- </then>
- <else>
- <property name="copy-idp-conf" value="y" />
- </else>
- </if>
-
- <antcall target="install.idp.filesystem" />
- <antcall target="savePropertyFile" />
- </target>
-
- <!-- Install Shibboleth IdP to filesystem using the properties in build.properties -->
- <target name="install.idp.filesystem" depends="init, install.init, build-util, install.url, package-idp"
- description="Install Shibboleth IdP to filesystem using the properties in build.properties">
-
- <!-- Move IdP war to Tomcat deployment directory -->
- <copy file="${dist}/${idp.webapp.name}.war" tofile="${tomcat.home}/webapps/${idp.webapp.name}.war" />
-
- <!-- copy IdP jars and utilities -->
- <copy todir="${idp.home}/lib">
- <fileset dir="lib" includesfile="conf/idp-lib.include" />
- </copy>
-
- <copy todir="${idp.home}/endorsed">
- <fileset dir="endorsed" />
- </copy>
-
- <copy todir="${idp.home}/bin">
- <fileset dir="bin"/>
- </copy>
- <chmod dir="${idp.home}/bin" perm="ug+rx" includes="**/*"/>
-
- <mkdir dir="${idp.home}/logs" />
-
- <!-- Copy necessary files to IDP_HOME -->
- <antcall target="install.idp.buildHome" />
+ <!-- User based property file that overrides any property below -->
+ <property file="${user.name}-build.properties"/>
- <antcall target="ext-invoke">
- <param name="exts.dir" value="${custom}"/>
- <param name="ext.build.function" value="ext-install-filesystem"/>
- <param name="ext.filesystem.home" value="${idp.home}"/>
- <param name="ext.home.token" value="$IDP_HOME$"/>
- </antcall>
-
- </target>
-
- <target name="install.idp.buildHome" depends="init, install.init">
- <!-- copy IdP configuration -->
- <if>
- <or>
- <equals arg1="${copy-idp-conf}" arg2="y" />
- <not> <available file="${idp.home}/etc" /> </not>
- </or>
- <then>
- <delete dir="${idp.home}/etc" />
- <antcall target="install.idp.filesystem.config" />
- </then>
- </if>
- </target>
-
- <!-- copy shibboleth configuration to $IDP_HOME/etc, overwriting any existing configuration -->
- <target name="install.idp.filesystem.config" depends="init, install.init, install.url">
- <mkdir dir="${idp.home}/etc" />
- <copy todir="${idp.home}/etc" overwrite="true">
- <fileset dir="${src}/conf" includesfile="conf/idp-conf.include"/>
- </copy>
- <move file="${idp.home}/etc/dist.idp.xml" tofile="${idp.home}/etc/idp.xml" overwrite="true" />
- <replace file="${idp.home}/etc/idp.xml" token="$IDP_HOME$" value="${idp.home.url}" />
- <replace file="${idp.home}/etc/idp.xml" token="$IDP_WEBAPP_NAME$" value="${idp.webapp.name}" />
- </target>
-
- <!-- install Shibboleth-IdP war using tomcat's manager app -->
- <target name="install.idp.manager" depends="init, install.init">
- <antcall target="setupTomcatTasks" />
-
- <input message="Enter local tomcat directory [default: ${tomcat.home}]" addproperty="tomcat.home.input" defaultValue="${tomcat.home}" />
- <var name="tomcat.home" value="${tomcat.home.input}" />
-
- <input message="Enter tomcat url [default: ${tomcat.url}]" addproperty="tomcat.url.input" defaultValue="${tomcat.url}" />
- <var name="tomcat.url" value="${tomcat.url.input}" />
-
- <input message="Enter tomcat username [default: ${tomcat.username}]" addproperty="tomcat.username.input" defaultValue="${tomcat.username}" />
- <var name="tomcat.username" value="${tomcat.username.input}" />
-
- <input message="Enter tomcat password [default: ${tomcat.password}]" addproperty="tomcat.password.input" defaultValue="${tomcat.password}" />
- <var name="tomcat.password" value="${tomcat.password.input}" />
-
- <antcall target="package-idp" />
- <antcall target="tomcat.deploy" />
- <antcall target="install.idp.buildHome" />
- <antcall target="savePropertyFile" />
- </target>
-
- <!-- save configuration to build.properties -->
- <target name="savePropertyFile">
- <propertyfile file="build.properties">
- <entry key="idp.home" value="${idp.home}" />
- <entry key="idp.webapp.name" value="${idp.webapp.name}" />
- <entry key="idp.install-type" value="${idp.install-type}" />
- <entry key="tomcat.home" value="${tomcat.home}" />
- <entry key="tomcat.url" value="${tomcat.url}" />
- <entry key="tomcat.username" value="${tomcat.username}" />
- <entry key="tomcat.password" value="${tomcat.password}" />
- </propertyfile>
- </target>
-
-
- <!-- Cleanup after the build, test, and distribution processes -->
- <target name="clean" depends="clean-all" />
-
- <target name="clean-all" depends="clean-build, clean-dist, clean-test, clean-javadocs, clean-util"/>
+ <!-- Project based property file -->\r
+ <property file="build.properties" />\r
+\r
+ <!-- Load ant-contrib tasks -->\r
+ <taskdef resource="net/sf/antcontrib/antlib.xml" />
- <target name="clean-build">
- <delete dir="${build}" />
- <delete dir="${custom.libs}"/>
- <delete dir="${custom.webapges}"/>
- <antcall target="ext-invoke">
- <param name="exts.dir" value="${custom}"/>
- <param name="ext.build.function" value="ext-clean-build"/>
- </antcall>
- </target>
-
- <target name="clean-test">
- <delete>
- <fileset dir="${root}">
- <include name="**/TEST*.txt" />
- </fileset>
- </delete>
- </target>
-
- <target name="clean-dist">
- <delete dir="${dist}" />
- <antcall target="ext-invoke">
- <param name="exts.dir" value="${custom}"/>
- <param name="ext.build.function" value="ext-clean-dist"/>
- </antcall>
- </target>
-
- <target name="clean-javadocs">
- <delete dir="${javadocs}" />
- <antcall target="ext-invoke">
- <param name="exts.dir" value="${custom}"/>
- <param name="ext.build.function" value="ext-clean-javadocs"/>
- </antcall>
- </target>
-
- <target name="clean-util">
- <delete>
- <fileset dir="${buildlibs}">
- <include name="shib-util.jar" />
- </fileset>
- </delete>
- </target>
-
- <!-- For IDE development, run this target first to delete all
- directories generated by the install process before
- recreating and reinstalling everything. -->
- <target name="clean-install" depends="init"
- description="Delete old configuration and Tomcat webapp directories.">
- <delete dir="${idp.home}" />
- <delete dir="${tomcat.home}/webapps/${idp.webapp.name}" />
- </target>
+ <!-- Load Checkstyle tasks -->
+ <taskdef resource="checkstyletask.properties" />\r
+\r
+ <!-- Classpath for building core classes-->\r
+ <path id="build-path">\r
+ <fileset dir="${build-lib.dir}" includes="**/*.jar" />\r
+ <fileset dir="${lib.dir}" includes="**/*.jar" />\r
+ </path>\r
+\r
+ <!-- Classpath for testing classes-->\r
+ <path id="test-path">\r
+ <path refid="build-path" />\r
+ <pathelement location="${core-classes.dir}" />\r
+ <pathelement location="${core-src.dir}" />\r
+ <pathelement location="${test-classes.dir}" />
+ <pathelement location="${test-classes.dir}/data" />
+ <pathelement location="${test-classes.dir}/log4j.xml" />\r
+ <pathelement location="${test-src.dir}" />\r
+ <pathelement location="${classpathres.dir}" />\r
+ </path>\r
+\r
+ <!-- Prepare directory structure for build -->\r
+ <target name="build-init">\r
+ <mkdir dir="${build.dir}" />\r
+ </target>\r
+\r
+ <!-- Compile core (non-test) classes -->\r
+ <target name="compile-core" depends="build-init, clean-compile">\r
+ <mkdir dir="${core-classes.dir}" />\r
+\r
+ <javac srcdir="${core-src.dir}" destdir="${core-classes.dir}" includes="**/*.java" debug="on" source="1.5">\r
+ <classpath refid="build-path" />\r
+ </javac>\r
+\r
+ </target>\r
+\r
+ <!-- Compile unit test classes -->\r
+ <target name="compile-test" depends="compile-core">\r
+ <mkdir dir="${test-classes.dir}" />\r
+\r
+ <javac srcdir="${test-src.dir}" destdir="${test-classes.dir}" includes="**/*.java" debug="on" source="1.5">\r
+ <classpath refid="test-path" />\r
+ </javac>\r
+\r
+ </target>\r
+\r
+ <!-- Compile and run unit tests -->\r
+ <target name="test" depends="compile-core, compile-test" description="Runs the unit tests for the project.">\r
+ <mkdir dir="${test-results.dir}" />\r
+\r
+ <echo message="Excuting unit tests using endorsed directory ${java.endorsed.dirs}" />\r
+ <junit printsummary="off" fork="yes" forkmode="once" haltonerror="false" haltonfailure="false" dir="${basedir}" errorproperty="testFailed">\r
+ <jvmarg value="-Djava.endorsed.dirs=${java.endorsed.dirs}" />\r
+ <classpath refid="test-path" />\r
+ <formatter type="xml" />\r
+ <batchtest todir="${test-results.dir}">\r
+ <fileset dir="${test-classes.dir}">\r
+ <include name="**/*Test.class" />\r
+ </fileset>\r
+ </batchtest>\r
+ </junit>\r
+ <junitreport todir="${test-results.dir}">\r
+ <fileset dir="${test-results.dir}">\r
+ <include name="TEST-*.xml"/>\r
+ </fileset>\r
+ <report format="frames" todir="${test-report.dir}"/>\r
+ </junitreport>
+
+ <echo message="Test report available at ${test-report.dir}/index.html" />
+ <fail if="testFailed" message="Test failure; see ${test-report.dir}/index.html for more information."/>\r
+ </target>\r
+\r
+ <!-- Javadoc core (non-test) classes -->\r
+ <target name="javadoc" description="Creates the JavaDoc documentatin for the project.">\r
+ <mkdir dir="${javadoc.dir}" />\r
+ <javadoc packagenames="org.opensaml.*" \r
+ sourcepath="${core-src.dir}" \r
+ destdir="${javadoc.dir}" \r
+ author="false" version="true" \r
+ windowtitle="${ant.project.name} ${version} Java API" \r
+ doctitle="${ant.project.name} ${version} Java API" \r
+ bottom="${copyright}"\r
+ overview="${core-src.dir}/overview.html">\r
+ <classpath refid="build-path" />\r
+ </javadoc>\r
+ </target>\r
+\r
+ <!-- Removes previously compiled files -->\r
+ <target name="clean-compile">\r
+ <delete dir="${build.dir}" />\r
+ </target>\r
+\r
+ <!-- Removes all build generated content -->\r
+ <target name="clean" depends="clean-compile" description="Removes any artifact produced by the build process.">\r
+ <delete dir="${javadoc.dir}" />
+ <delete dir="${reports.dir}" />\r
+ <delete dir="${dist.dir}" />\r
+ </target>\r
+\r
+ <!-- Create JAR file -->\r
+ <target name="package" depends="compile-core, test" description="Creates the project library jar file.">\r
+ <mkdir dir="${dist.dir}" />\r
+\r
+ <if>\r
+ <equals arg1="${jdk.target}" arg2="1.4" />\r
+ <then>\r
+ <java classname="com.rc.retroweaver.Weaver">\r
+ <arg value="-source" />\r
+ <arg value="${core-classes.dir}" />\r
+ <classpath>\r
+ <fileset dir="${thirdpaty-lib.dir}">\r
+ <include name="**/*.jar" />\r
+ </fileset>\r
+ </classpath>\r
+ </java>\r
+\r
+ <echo message="**************************************************************" />\r
+ <echo message=" Remember, you must include the retroweaver-rt jar" />\r
+ <echo message=" file, located in the thirdparty-lib directory, along with the" />\r
+ <echo message=" ${jar.name} on your" />\r
+ <echo message=" classpath in order to use this with JDK 1.4" />\r
+ <echo message="**************************************************************" />\r
+\r
+ </then>\r
+ </if>\r
+\r
+ <jar destfile="${dist.dir}/${jar.name}" whenempty="fail">\r
+ <fileset dir="${classpathres.dir}" />
+ <fileset dir="${metainf.dir}" />
+ <fileset dir="${webinf.dir}" />
+ <fileset dir="${webpages.dir}" />
+ <zipfileset dir="${core-classes.dir}" prefix="/WEB-INF/classes/" />
+ <zipfileset dir="${lib.dir}" prefix="/WEB-INF/lib/" />\r
+ </jar>\r
+\r
+ </target>\r
+\r
+ <!-- **************************************************************** -->\r
+ <!-- *** *** -->\r
+ <!-- *** Developer Tasks *** -->\r
+ <!-- *** *** -->\r
+ <!-- **************************************************************** -->\r
<!-- Checks code against style guidelines -->
- <target name="checkstyle" >
+ <target name="checkstyle" description="Developer task: Produces coding standard compliance report.">
<mkdir dir="${reports.dir}" />
<checkstyle config="${basedir}/checkstyle.xml"
failOnViolation="false"
classpathref="build-path">
- <fileset dir="src" includes="**/*.java"/>
- <formatter type="plain"
- toFile="${reports.dir}/checkstyle-report.txt" />
+ <fileset dir="src" includes="**/*.java" />
+ <formatter type="plain" toFile="${reports.dir}/checkstyle-report.txt" />
</checkstyle>
</target>
-
+ \r
+ <!-- Create TGZ source distribution -->
+ <target name="tgz-src-dist" depends="package, javadoc" description="Developer task: Creates the tar, gzipped source distribution.">
+ <tar tarfile="${dist.dir}/${src-dist.name}.tgz" compression="gzip">
+ <tarfileset dir="${build-lib.dir}" prefix="/build-lib/" />
+ <tarfileset dir="${lib.dir}" prefix="/lib/" />
+ <tarfileset dir="${resources.dir}" prefix="/resources/" />
+ <tarfileset dir="${core-src.dir}" prefix="/src/" />
+ <tarfileset dir="${test-src.dir}" prefix="/test/" />
+ <tarfileset dir="${doc.dir}" prefix="/doc/" />
+ <tarfileset file="${dist.dir}/${jar.name}" prefix="/dist/" />
+ <tarfileset file="${basedir}/*.*" prefix="/" />
+ </tar>
+ <checksum file="${dist.dir}/${src-dist.name}.tgz" />
+ </target>
+
+ <!-- Create TGZ binary distribution -->
+ <target name="tgz-bin-dist" depends="package, javadoc" description="Developer task: Creates the tar, gzipped binary distribution.">
+ <tar tarfile="${dist.dir}/${bin-dist.name}.tgz" compression="gzip">
+ <tarfileset dir="${lib.dir}" prefix="/lib/" />\r
+ <tarfileset dir="${resources.dir}" prefix="/resources/" />
+ <tarfileset dir="${doc.dir}" prefix="/doc/" />
+ <tarfileset file="${dist.dir}/${jar.name}" prefix="/dist/" />
+ </tar>
+ <checksum file="${dist.dir}/${bin-dist.name}.tgz" />
+ </target>
+
+ <!-- Create ZIP source distribution -->
+ <target name="zip-src-dist" depends="package, javadoc" description="Developer task: Creates the zipped source distribution.">
+ <zip zipfile="${dist.dir}/${src-dist.name}.zip" whenempty="fail">
+ <zipfileset dir="${build-lib.dir}" prefix="build-lib/" />
+ <zipfileset dir="${lib.dir}" prefix="lib/" />\r
+ <zipfileset dir="${resources.dir}" prefix="/resources/" />
+ <zipfileset dir="${core-src.dir}" prefix="src/" />
+ <zipfileset dir="${test-src.dir}" prefix="test/" />
+ <zipfileset dir="${doc.dir}" prefix="doc/" />
+ <zipfileset file="${dist.dir}/${jar.name}" prefix="/dist/" />
+ <zipfileset file="${basedir}/*.*" prefix="" />
+ </zip>
+ <checksum file="${dist.dir}/${src-dist.name}.zip" />
+ </target>
+
+ <!-- Create ZIP binary distribution -->
+ <target name="zip-bin-dist" depends="package, javadoc" description="Developer task: Creates the zipped binary distribution.">
+ <zip zipfile="${dist.dir}/${bin-dist.name}.zip" whenempty="fail">
+ <zipfileset dir="${lib.dir}" prefix="lib/" />\r
+ <zipfileset dir="${resources.dir}" prefix="/resources/" />
+ <zipfileset dir="${doc.dir}" prefix="doc/" />
+ <zipfileset file="${dist.dir}/${jar.name}" prefix="/dist/" />
+ </zip>
+ <checksum file="${dist.dir}/${bin-dist.name}.zip" />
+ </target>\r
+\r
</project>
\ No newline at end of file
+++ /dev/null
-#Mon May 16 09:03:19 CDT 2005
-tomcat.username=manager
-idp.home=/usr/local/shibboleth-idp
-tomcat.password=password
-tomcat.url=http\://localhost\:8080/manager
-tomcat.home=/usr/local/tomcat
-idp.webapp.name=shibboleth-idp
-idp.install-type=filesystem.prompt
-idp.deployment.descriptor=dist.idp.xm
+++ /dev/null
-example-metadata.xml
-IQ-metadata.xml
-dist.idp.xml
-arps/
-handle.jks
-persistent.jks
-resolver.xml
-resolver.jdbc.xml
-resolver.ldap.xml
-schemas.properties
-idp-example.crt
-idp-example.key
+++ /dev/null
-bcprov-jdk14-117.jar
-commons-collections.jar
-commons-logging-1.03.jar
-jargs-0.4.jar
-opensaml-1.1.jar
-xmlsec-20050514.jar
-commons-codec-1.3.jar
-commons-dbcp-1.2.1.jar
-commons-pool-1.2.jar
-log4j-1.2.5.jar
-shib-util.jar
-
+++ /dev/null
-BITZI PUBLIC DOMAIN NOTICES
-
-When we publish our source code, we place it in the public
-domain, whenever possible, to allow the widest possible
-reuse and benefit.
-
-We try to include on most such released files a small notice
-such as:
-
-/* (PD) 2003 The Bitzi Corporation
- * Please see file COPYING or http://bitzi.com/publicdomain
- * for more info.
- */
-
-For major standalone files, or as the "COPYING" file, we
-include a version of this longer explanation:
-
-/* (PD) 2003 The Bitzi Corporation
- *
- * 1. Authorship. This work and others bearing the above
- * label were created by, or on behalf of, the Bitzi
- * Corporation. Often other public domain material by
- * other authors is also incorporated; this should be
- * clear from notations in the source code.
- *
- * 2. Release. The Bitzi Corporation places these works
- * into the public domain, disclaiming all rights granted
- * us by copyright law.
- *
- * You are completely free to copy, use, redistribute
- * and modify this work, though you should be aware of
- * points (3) and (4), below.
- *
- * 3. Trademark Advisory. The Bitzi Corporation reserves
- * all rights with regard to any of its trademarks which
- * may appear herein, such as "Bitzi" or "Bitcollider".
- * Please take care that your uses of this work do not
- * infringe on our trademarks or imply our endorsement.
- * For example, you should change labels and identifier
-* strings in your derivative works where appropriate.
- *
- * 4. Disclaimer. THIS SOFTWARE IS PROVIDED BY THE AUTHOR
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Please see http://bitzi.com/publicdomain or write
- * info@bitzi.com for more info.
- */
-
-We hope you find our public-domain source code useful,
-but remember that we can provide absolutely no support
-or assurances about it; your use is entirely at your
-own risk.
-
-Thank you.
-
-- Bitzi
-- March 3, 2001
+++ /dev/null
-We wish to acknowledge the following copyrighted works that make up
-portions of this software:
-
-This product includes software developed by the Apache Software
-Foundation (http://www.apache.org/).
-
-This product includes software developed by the OpenSSL Project
-for use in the OpenSSL Toolkit. (http://www.openssl.org/).
-
-This project uses libraries covered by the Lesser GNU Public License.
-Source code for these libraries is available on request.
-
-This project includes software developed by the National Research Council
-of Canada.
-
-This project includes software developed by The Legion Of The Bouncy
-Castle. (http://www.bouncycastle.org)
+++ /dev/null
-<AttributeAcceptancePolicy xmlns="urn:mace:shibboleth:1.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:1.0 ../schemas/shibboleth.xsd">
-
- <!--
- An AAP is a set of AttributeRule elements, each one
- referencing a specific attribute by URI. All attributes that
- should be visible to an application running at the target should
- be listed, or they will be filtered out.
-
- The Header and Alias attributes map an attribute to an HTTP header
- and to an htaccess rule name respectively. Without Header, the attribute
- will only be obtainable from the exported SAML assertion in raw XML.
-
- Scoped attributes are also filtered on Scope via the Domain elements
- in the site metadata.
- -->
-
- <!-- First some useful eduPerson attributes that many sites might use. -->
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" Scoped="true" CaseSensitive="false" Header="Shib-EP-Affiliation" Alias="affiliation">
- <!-- Filtering rule to limit values to eduPerson-defined enumeration. -->
- <AnySite>
- <Value>MEMBER</Value>
- <Value>FACULTY</Value>
- <Value>STUDENT</Value>
- <Value>STAFF</Value>
- <Value>ALUM</Value>
- <Value>AFFILIATE</Value>
- <Value>EMPLOYEE</Value>
- </AnySite>
-
- <!-- Example of Scope rule to override site metadata. -->
- <SiteRule Name="urn:mace:inqueue:shibdev.edu">
- <Scope Accept="false">shibdev.edu</Scope>
- <Scope Type="regexp">^.+\.shibdev\.edu$</Scope>
- </SiteRule>
- </AttributeRule>
-
- <!--
- This attribute is provided mostly to ease testing because an IdP out of the box only
- sends the unscoped version. It has little use because it lacks the context needed to
- work in a multi-domain scenario and is a subset of the scoped version anyway.
- -->
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonAffiliation" CaseSensitive="false" Header="Shib-EP-UnscopedAffiliation" Alias="unscoped-affiliation">
- <AnySite>
- <Value>MEMBER</Value>
- <Value>FACULTY</Value>
- <Value>STUDENT</Value>
- <Value>STAFF</Value>
- <Value>ALUM</Value>
- <Value>AFFILIATE</Value>
- <Value>EMPLOYEE</Value>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" Scoped="true" Header="REMOTE_USER" Alias="user">
- <!-- Basic rule to pass through any value. -->
- <AnySite>
- <Value Type="regexp">^[^@]+$</Value>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonEntitlement" Header="Shib-EP-Entitlement" Alias="entitlement">
- <!-- Entitlements tend to be filtered per-site. -->
-
- <!--
- Optional site rule that applies to any site
- <AnySite>
- <Value>urn:mace:example.edu:exampleEntitlement</Value>
- </AnySite>
- -->
-
- <!-- Specific rules for an origin site, these are just development/sample sites. -->
- <SiteRule Name="urn:mace:inqueue:example.edu">
- <Value Type="regexp">^urn:mace:.+$</Value>
- </SiteRule>
- <SiteRule Name="urn:mace:inqueue:shibdev.edu">
- <Value Type="regexp">^urn:mace:.+$</Value>
- </SiteRule>
- </AttributeRule>
-
- <!-- A persistent id attribute that supports personalized anonymous access. -->
-
- <!-- First, the deprecated version: -->
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonTargetedID" Scoped="true" Header="Shib-TargetedID" Alias="targeted_id">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <!-- Second, the new version: -->
- <AttributeRule Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" Header="Shib-TargetedID" Alias="targeted_id">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <!-- Some more eduPerson attributes, uncomment these to use them... -->
- <!--
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonNickname">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" CaseSensitive="false" Header="Shib-EP-PrimaryAffiliation">
- <AnySite>
- <Value>MEMBER</Value>
- <Value>FACULTY</Value>
- <Value>STUDENT</Value>
- <Value>STAFF</Value>
- <Value>ALUM</Value>
- <Value>AFFILIATE</Value>
- <Value>EMPLOYEE</Value>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" Header="Shib-EP-PrimaryOrgUnitDN">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" Header="Shib-EP-OrgUnitDN">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonOrgDN" Header="Shib-EP-OrgDN">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- -->
-
-
- <!--Examples of common LDAP-based attributes, uncomment to use these... -->
- <!--
-
- <AttributeRule Name="urn:mace:dir:attribute-def:cn" Header="Shib-Person-commonName">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:sn" Header="Shib-Person-surname">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:telephoneNumber" Header="Shib-Person-telephoneNumber">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:title" Header="Shib-OrgPerson-title">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:initials" Header="Shib-InetOrgPerson-initials">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:description" Header="Shib-Person-description">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:carLicense" Header="Shib-InetOrgPerson-carLicense">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:departmentNumber" Header="Shib-InetOrgPerson-deptNum">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:displayName" Header="Shib-InetOrgPerson-displayName">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:employeeNumber" Header="Shib-InetOrgPerson-employeeNum">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:employeeType" Header="Shib-InetOrgPerson-employeeType">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:preferredLanguage" Header="Shib-InetOrgPerson-prefLang">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:manager" Header="Shib-InetOrgPerson-manager">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:roomNumber" Header="Shib-InetOrgPerson-roomNum">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:seeAlso" Header="Shib-OrgPerson-seeAlso">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" Header="Shib-OrgPerson-fax">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:street" Header="Shib-OrgPerson-street">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:postOfficeBox" Header="Shib-OrgPerson-POBox">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:postalCode" Header="Shib-OrgPerson-postalCode">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:st" Header="Shib-OrgPerson-state">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:givenName" Header="Shib-InetOrgPerson-givenName">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:l" Header="Shib-OrgPerson-locality">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:businessCategory" Header="Shib-InetOrgPerson-businessCat">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:ou" Header="Shib-OrgPerson-orgUnit">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" Header="Shib-OrgPerson-OfficeName">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- -->
-
-</AttributeAcceptancePolicy>
+++ /dev/null
-<EntitiesDescriptor
- xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
- xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# ../schemas/xmldsig-core-schema.xsd"
- Name="urn:mace:inqueue"
- validUntil="2010-01-01T00:00:00Z">
-
- <Extensions>
- <!--
- This Shibboleth extension contains a list of CAs that InQueue entities trust as they
- evaluate the credentials they receive. They constitute the so-called "root store" or
- "trust list" when interacting with the entities included in this file. The VerifyDepth
- of "1" is PKIX-specified as the number of intermediaries permitted between the end-entity
- certificate and the trust anchor. Each CA certificate is placed in its own <ds:KeyInfo>
- container and is base64-encoded.
- -->
- <shibmd:KeyAuthority VerifyDepth="1">
- <!-- Verisign -->
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- <!-- Bossie Root -->
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
-b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
-aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
-SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
-CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
-7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
-BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
-8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
-QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
-Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- <!-- Bossie Intermediate -->
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
-b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
-aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
-SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
-RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
-hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
-BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
-txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
-N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
-M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </shibmd:KeyAuthority>
- </Extensions>
-
- <!--
- This is a starter set of metadata for the example system used within the
- InQueue test federation. The InQueue deployment guide describes how to use
- metadatatool or siterefresh to pick up the most current signed files.
- Ordinarily a single EntityDescriptor would contain IdP/AA or SP role information,
- but not both. The sample site for InQueue just happens to contain both.
- -->
-
- <!-- Each IdP or SP is given an EntityDescriptor with its unique providerId/entityID. -->
- <EntityDescriptor entityID="urn:mace:inqueue:example.edu">
-
- <!-- A Shib IdP contains this element with protocol support as shown. -->
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
- <Extensions>
- <!-- This is a Shibboleth extension to express attribute scope rules. -->
- <shibmd:Scope>example.edu</shibmd:Scope>
- </Extensions>
-
- <!--
- One or more KeyDescriptors tell SPs how the IdP will authenticate itself. A single
- descriptor can be used for both signing and for server-TLS. You can place an
- X.509 certificate directly in this element for the simplest use cases, in which case
- no <shibmd:KeyAuthority> extension is needed. This example is more advanced,
- with the key/certificate identified indirectly using a <ds:KeyName> element
- containing the common name (CN) from the certificate. The certificate is then
- validated using the trust anchors found in the applicable <shibmd:KeyAuthority>
- extension element(s).
-
- To identify certificates by name, you can use the CN attribute from the Subject,
- a DNS or URI-valued subjectAltName extension value, or in special cases, the
- entire Subject DN. We don't suggest the latter, because you must encode the DN
- in a particular way (LDAP order, separated by commas) and because software is
- unpredictable in how it will translate the RDN components into a text string.
- -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:KeyName>wayf.internet2.edu</ds:KeyName>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This tells SPs where/how to resolve SAML 1.x artifacts into SAML assertions. -->
- <ArtifactResolutionService index="1"
- Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="https://wayf.internet2.edu:8443/shibboleth-idp/Artifact"/>
-
- <!-- This tells SPs that you support only the Shib handle format. -->
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-
- <!-- This tells SPs how and where to request authentication. -->
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
- Location="https://wayf.internet2.edu/shibboleth-idp/SSO"/>
- </IDPSSODescriptor>
-
- <!-- Most Shib IdPs also support SAML attribute queries, so this role is also included. -->
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
- <Extensions>
- <!-- This is a Shibboleth extension to express attribute scope rules. -->
- <shibmd:Scope>example.edu</shibmd:Scope>
- </Extensions>
-
- <!--
- Note that when TLS with certificate validation is used, there may be no <KeyDescriptor>
- needed. Since server TLS is used to authenticate the AA, its <ds:KeyName> is implicit
- in the URL used to connect to it. If you were to place the certificate directly
- in the metadata in the role above, you'll also need a copy here. You'll also need
- a <KeyDescriptor> if you want to allow the AA to sign assertions. For the latter reason,
- as a precaution, we'll include it.
- -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:KeyName>wayf.internet2.edu</ds:KeyName>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This tells SPs how and where to send queries. -->
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="https://wayf.internet2.edu:8443/shibboleth-idp/AA"/>
-
- <!-- This tells SPs that you support only the Shib handle format. -->
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- </AttributeAuthorityDescriptor>
-
- <!-- A Shib SP contains this element with protocol support as shown. -->
- <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-
- <!--
- One or more KeyDescriptors tell IdPs how the SP will authenticate itself. A single
- descriptor can be used for both signing and for server-TLS. You can place an
- X.509 certificate directly in this element for the simplest use cases, in which case
- no <shibmd:KeyAuthority> extension is needed. This example is more advanced,
- with the key/certificate identified indirectly using a <ds:KeyName> element
- containing the common name (CN) from the certificate. The certificate is then
- validated using the trust anchors found in the applicable <shibmd:KeyAuthority>
- extension element(s).
-
- To identify certificates by name, you can use the CN attribute from the Subject,
- a DNS or URI-valued subjectAltName extension value, or in special cases, the
- entire Subject DN. We don't suggest the latter, because you must encode the DN
- in a particular way (LDAP order, separated by commas) and because software is
- unpredictable in how it will translate the RDN components into a text string.
- -->
- <KeyDescriptor>
- <ds:KeyInfo>
- <ds:KeyName>wayf.internet2.edu</ds:KeyName>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This tells IdPs that you support only the Shib handle format. -->
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-
- <!--
- This tells IdPs where and how to send authentication assertions. Mostly
- the SP will tell the IdP what location to use in its request, but this
- is how the IdP validates the location and also figures out which
- SAML profile to use. Each one must have a unique index attribute, mostly
- for future use in SAML 2.0. The examples below show one endpoint supporting
- the POST profile, and one endpoint supporting the Artifact profile.
- -->
- <AssertionConsumerService index="1"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
- Location="https://wayf.internet2.edu/Shibboleth.sso/SAML/POST"/>
- <AssertionConsumerService index="2"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
- Location="https://wayf.internet2.edu/Shibboleth.sso/SAML/Artifact"/>
- </SPSSODescriptor>
-
- <Organization>
- <OrganizationName xml:lang="en">Example State University</OrganizationName>
- <OrganizationDisplayName xml:lang="en">Example State University</OrganizationDisplayName>
- <OrganizationURL xml:lang="en">http://shibboleth.internet2.edu/</OrganizationURL>
- </Organization>
- <ContactPerson contactType="technical">
- <SurName>InQueue Support</SurName>
- <EmailAddress>inqueue-support@internet2.edu</EmailAddress>
- </ContactPerson>
- </EntityDescriptor>
-
-</EntitiesDescriptor>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
- <Description>Simplest possible ARP.</Description>
- <Rule>
- <Target>
- <AnyTarget/>
- </Target>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
- <AnyValue release="permit"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
- <AnyValue release="permit"/>
- </Attribute>
- </Rule>
-</AttributeReleasePolicy>
+++ /dev/null
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!--Put this in somewhere
- <xs:attribute name="maxSigningThreads" type="xs:integer" use="optional"/>-->
-
-<!-- Shibboleth Identity Provider configuration -->
-<IdPConfig
- xmlns="urn:mace:shibboleth:idp:config:1.0"
- xmlns:cred="urn:mace:shibboleth:credentials:1.0"
- xmlns:name="urn:mace:shibboleth:namemapper:1.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 ../schemas/shibboleth-idpconfig-1.0.xsd">
-
- <!-- This section contains configuration options that apply only to a entity or group of entities
- This would normally be adjusted when a new federation or bilateral trust relationship is established -->
- <RelyingParty
- name="urn:mace:shibboleth:examples"
- providerId="https://idp.example.org/shibboleth3"
- signingCredential="cred1"
- passThruErrors="true"
- defaultNameID="foo" /> <!-- (signingCredential) must correspond to a <Credential/> element below -->
-
- <!-- Uncomment and adjust the configuration section below if you would like the IdP to respond to
- requests from entities for which it has no metadata-->
- <!--
- <AnonymousRelyingParty
- providerId="https://idp.example.org/shibboleth1"
- signingCredential="cred1"
- defaultNameID="foo" /> -->
-
- <!-- Uncomment and adjust the configuration section below if you would like the IdP to respond to
- requests from authenticated entities for which it has metadata, but no matching <RelyingParty/>
- configuration -->
- <!--
- <DefaultRelyingParty
- providerId="https://idp.example.org/shibboleth2"
- signingCredential="cred1"
- defaultNameID="foo" /> -->
-
- <!-- Configuration for the attribute resolver
- For most configurations this won't need adjustment -->
- <AttributeResolver config="$IDP_HOME$/etc/resolver.xml"/>
-
- <!-- Configuration for the attribute release policy engine
- For most configurations this won't need adjustment -->
- <ReleasePolicyEngine>
- <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
- <Path>$IDP_HOME$/etc/arps/</Path>
- </ArpRepository>
- </ReleasePolicyEngine>
-
- <!-- Logging Configuration
- The defaults work fine in this section, but it is sometimes helpful to use "DEBUG" as the level for
- the <ErrorLog/> when trying to diagnose problems -->
- <Logging>
- <ErrorLog level="WARN" location="$IDP_HOME$/logs/shib-error.log" />
- <TransactionLog level="INFO" location="$IDP_HOME$/logs/shib-access.log" />
- </Logging>
- <!-- Uncomment the configuration section below and comment out the one above if you would like to manually configure log4j -->
- <!--
- <Logging>
- <Log4JConfig location="file:///tmp/log4j.properties" />
- </Logging> -->
-
- <!-- Determines how SAML artifacts are stored and retrieved
- The (sourceLocation) attribute must be specified when using type 2 artifacts -->
- <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
-
- <!-- This configuration section determines the keys/certs to be used when signing SAML assertions -->
- <!-- The credentials listed here are used when referenced within <RelyingParty/> elements above -->
- <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
- <FileResolver Id="cred1">
- <Key>
- <Path>$IDP_HOME$/etc/idp-example.key</Path>
- </Key>
- <Certificate>
- <Path>$IDP_HOME$/etc/idp-example.crt</Path>
- </Certificate>
- </FileResolver>
-
- <!-- InQueue example (Deployments would need to generate an InQueue-compatible certificate) -->
- <!--
- <FileResolver Id="inqueue_cred">
- <Key>
- <Path>$IDP_HOME$/etc/idp-inqueue.key</Path>
- </Key>
- <Certificate>
- <Path>$IDP_HOME$/etc/idp-inqueue.crt</Path>
- </Certificate>
- </FileResolver>
- -->
-
- </Credentials>
-
- <!-- Protocol handlers specify what type of requests the IdP can respond to. The default set listed here should work
- for most configurations. Modifications to this section may require modifications to the deployment descriptor -->
- <ProtocolHandler type="ShibbolethV1SSOHandler">
- <Location>https?://[^:/]+(:(443|80))?/$IDP_WEBAPP_NAME$/SSO</Location>
- </ProtocolHandler>
- <ProtocolHandler type="SAMLv1_AttributeQueryHandler">
- <Location>.+:8443/$IDP_WEBAPP_NAME$/AA</Location>
- </ProtocolHandler>
- <ProtocolHandler type="SAMLv1_1ArtifactQueryHandler">
- <Location>.+:8443/$IDP_WEBAPP_NAME$/Artifact</Location>
- </ProtocolHandler>
- <ProtocolHandler type="Shibboleth_StatusHandler">
- <Location>https://[^:/]+(:443)?/$IDP_WEBAPP_NAME$/Status</Location>
- </ProtocolHandler>
-
- <!-- This section configures the loading of SAML2 metadata, which contains information about system entities and
- how to authenticate them. The metadatatool utility can be used to keep federation metadata files in synch.
- Metadata can also be placed directly within this these elements. -->
- <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.FilesystemMetadataProvider"
- path="$IDP_HOME$/etc/example-metadata.xml"/>
-
- <!-- InQueue example (Deployments would need to get updated InQueue metadata) -->
- <!--
- <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.FilesystemMetadataProvider"
- path="$IDP_HOME$/etc/IQ-metadata.xml"/> -->
-
-</IdPConfig>
-
+++ /dev/null
-<AttributeAcceptancePolicy xmlns="urn:mace:shibboleth:1.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:1.0 ../schemas/shibboleth.xsd">
-
- <!--
- This is a sample file containing rules for attributes defined by the US Federal govt
- EAuthn specification.
- -->
-
- <!-- According to the spec, these three attributes are required. -->
-
- <AttributeRule Name="csid" Namespace="http://eauthentication.gsa.gov/federated/attribute">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="commonName" Namespace="http://eauthentication.gsa.gov/federated/attribute" Header="EAuth-CommonName">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
- <AttributeRule Name="assuranceLevel" Namespace="http://eauthentication.gsa.gov/federated/attribute" Header="EAuth-Level">
- <AnySite>
- <Value>1</Value>
- <Value>2</Value>
- <Value>3</Value>
- <Value>4</Value>
- <Value>Test</Value>
- </AnySite>
- </AttributeRule>
-
- <!--
- EAuth subjects are X.500 DN strings. The SAML NameIdentifier Format is used as a pseudo-attribute
- Name to cause the subject value to be exported to a header, REMOTE_USER in this example.
- -->
- <AttributeRule Name="urn:oasis:names:tc:SAML:1.0:assertion#X509SubjectName" Header="REMOTE_USER">
- <AnySite>
- <AnyValue/>
- </AnySite>
- </AttributeRule>
-
-</AttributeAcceptancePolicy>
+++ /dev/null
-<EntitiesDescriptor
- xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
- xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# ../schemas/xmldsig-core-schema.xsd"
- Name="urn:mace:shibboleth:examples"
- validUntil="2010-01-01T00:00:00Z">
-
- <!--
- This is a starter set of metadata for testing Shibboleth. It shows
- a pair of example entities, one an IdP and one an SP. Each party
- requires metadata from its opposite in order to interact with it.
- Thus, your metadata describes you, and your partner(s)' metadata
- is fed into your configuration.
-
- The software components do not configure themselves using metadata
- (e.g. the IdP does not configure itself using IdP metadata). Instead,
- metadata about SPs is fed into IdPs and metadata about IdPs is fed into
- SPs. Other metadata is ignored, so the software does not look for
- conflicts between its own configuration and the metadata that might
- be present about itself. Metadata is instead maintained based on the
- external details of your configuration.
- -->
-
- <EntityDescriptor entityID="https://idp.example.org/shibboleth">
- <!--
- The entityID above looks like a location, but it's actually just a name.
- Each entity is assigned a URI name. By convention, it will often be a
- URL, but it should never contain a physical machine hostname that you
- would not otherwise publish to users of the service. For example, if your
- installation runs on a machine named "gryphon.example.org", you would
- generally register that machine in DNS under a second, logical name
- (such as idp.example.org). This logical name should be used in favor
- of the real hostname when you assign an entityID. You should use a name
- like this even if you don't actually register the server in DNS using it.
- The URL does *not* have to resolve into anything to use it as a name.
- The point is for the name you choose to be stable, which is why including
- hostnames is generally bad, since they tend to change.
- -->
-
- <!-- A Shib IdP contains this element with protocol support as shown. -->
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
- <Extensions>
- <!-- This is a Shibboleth extension to express attribute scope rules. -->
- <shibmd:Scope>example.org</shibmd:Scope>
- <!-- This enables testing against Internet2's test site. -->
- <shibmd:Scope>example.edu</shibmd:Scope>
- </Extensions>
-
- <!--
- One or more KeyDescriptors tell SPs how the IdP will authenticate itself. A single
- descriptor can be used for both signing and for server-TLS if its use attribute
- is set to "signing". You can place an X.509 certificate directly in this element
- to specify the exact public key certificate to use. This only reflects the public
- half of the keypair used by the IdP.
-
- When the IdP signs XML, it uses the private key included in its Credentials
- configuration element, and when TLS is used, the web server will use the
- certificate and private key defined by the web server's configuration.
- An SP will then try to match the certificates in the KeyDescriptors here
- to the ones presented in the XML Signature or SSL session.
-
- When an inline certificate is used, do not assume that an expired certificate
- will be detected and rejected. Often only the key will be extracted without
- regard for the certificate, but at the same time, it may be risky to include
- an expired certificate and assume it will work. Your SAML implementation
- may provide specific guidance on this.
- -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This key is used by Internet2's test site. -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDADCCAmmgAwIBAgICBPIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTA1MDUyNjAxMDE1MloXDTA5MDcwNTAxMDE1MlowPjEL
-MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEbMBkGA1UEAxMSd2F5Zi5p
-bnRlcm5ldDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpUs
-kDqIN54O/AbF9rVqe8FJ1q/Ep7edGGOQUjlnt2c2AyVuvveSfW/Hh82DjdF0HMaW
-C5kv/ZInBLi4kO6Xx2EjPijZmK11WxHx+WbhgCziY4KzetL3XT63QdCSSQVnaEJV
-oM9yWsOOHpeWaFiX2alAfkYbCVt9kQiB2amyCuwcOwPWh0Saf7UTEyXoE9IMNWUz
-oaydiwm6TH2zJ7ZNMogeL14o5Fv7I6znKwVGvqrz6iIGWTI7v/ZmnF/jwyW4GOdS
-fX7s/G+M6uSndSM5si+s7iE+MdtP0qZ2M3xd4zWSpYTWRnq3uVMc9w04mF5LZM5q
-B8ktgtaTLS5X2sWv6QIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
-oDANBgkqhkiG9w0BAQQFAAOBgQBDiDqvFbuhMMxAQ89CNBFLiXkcMLrX2Ht96Zux
-JfS8fAx/Obbz5im1jK7peLhFr/9KgLtAkoz4aWtBL+qWcL3a1VYTu9H3Q2w9QbV2
-rxmbK0h8tw6qTA+F4FrErGufQv+kEmm1WRXXeyqEcsadZpsXauRD8iraq9f5WrLX
-AtThLg==
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This tells SPs where/how to resolve SAML 1.x artifacts into SAML assertions. -->
- <ArtifactResolutionService index="1"
- Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="https://idp.example.org:8443/shibboleth-idp/Artifact"/>
-
- <!-- This enables testing against Internet2's test site. -->
- <ArtifactResolutionService index="2"
- Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="https://wayf.internet2.edu:8443/shibboleth-idp/Artifact"/>
-
- <!-- This tells SPs that you support only the Shib handle format. -->
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-
- <!-- This tells SPs how and where to request authentication. -->
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
- Location="https://idp.example.org/shibboleth-idp/SSO"/>
-
- <!-- This enables testing against Internet2's test site. -->
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
- Location="https://wayf.internet2.edu/shibboleth-idp/SSO"/>
- </IDPSSODescriptor>
-
- <!-- Most Shib IdPs also support SAML attribute queries, so this role is also included. -->
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
- <Extensions>
- <!-- This is a Shibboleth extension to express attribute scope rules. -->
- <shibmd:Scope>example.org</shibmd:Scope>
- <!-- This enables testing against Internet2's test site. -->
- <shibmd:Scope>example.edu</shibmd:Scope>
- </Extensions>
-
- <!-- The certificate has to be repeated here (or a different one specified if necessary). -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This key is used by Internet2's test site. -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDADCCAmmgAwIBAgICBPIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTA1MDUyNjAxMDE1MloXDTA5MDcwNTAxMDE1MlowPjEL
-MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEbMBkGA1UEAxMSd2F5Zi5p
-bnRlcm5ldDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpUs
-kDqIN54O/AbF9rVqe8FJ1q/Ep7edGGOQUjlnt2c2AyVuvveSfW/Hh82DjdF0HMaW
-C5kv/ZInBLi4kO6Xx2EjPijZmK11WxHx+WbhgCziY4KzetL3XT63QdCSSQVnaEJV
-oM9yWsOOHpeWaFiX2alAfkYbCVt9kQiB2amyCuwcOwPWh0Saf7UTEyXoE9IMNWUz
-oaydiwm6TH2zJ7ZNMogeL14o5Fv7I6znKwVGvqrz6iIGWTI7v/ZmnF/jwyW4GOdS
-fX7s/G+M6uSndSM5si+s7iE+MdtP0qZ2M3xd4zWSpYTWRnq3uVMc9w04mF5LZM5q
-B8ktgtaTLS5X2sWv6QIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
-oDANBgkqhkiG9w0BAQQFAAOBgQBDiDqvFbuhMMxAQ89CNBFLiXkcMLrX2Ht96Zux
-JfS8fAx/Obbz5im1jK7peLhFr/9KgLtAkoz4aWtBL+qWcL3a1VYTu9H3Q2w9QbV2
-rxmbK0h8tw6qTA+F4FrErGufQv+kEmm1WRXXeyqEcsadZpsXauRD8iraq9f5WrLX
-AtThLg==
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This tells SPs how and where to send queries. -->
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="https://idp.example.org:8443/shibboleth-idp/AA"/>
-
- <!-- This enables testing against Internet2's test site. -->
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="https://wayf.internet2.edu:8443/shibboleth-idp/AA"/>
-
- <!-- This tells SPs that you support only the Shib handle format. -->
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- </AttributeAuthorityDescriptor>
-
- <!-- This is just information about the entity in human terms. -->
- <Organization>
- <OrganizationName xml:lang="en">Example Identity Provider</OrganizationName>
- <OrganizationDisplayName xml:lang="en">Identities 'R' Us</OrganizationDisplayName>
- <OrganizationURL xml:lang="en">http://idp.example.org/</OrganizationURL>
- </Organization>
- <ContactPerson contactType="technical">
- <SurName>Technical Support</SurName>
- <EmailAddress>support@idp.example.org</EmailAddress>
- </ContactPerson>
-
- </EntityDescriptor>
-
- <!-- See the comment earlier about how an entityID is chosen/created. -->
- <EntityDescriptor entityID="https://sp.example.org/shibboleth">
-
- <!-- A Shib SP contains this element with protocol support as shown. -->
- <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-
- <!--
- One or more KeyDescriptors tell IdPs how the SP will authenticate itself. A single
- descriptor can be used for both signing and for client-TLS if its use attribute
- is set to "signing". You can place an X.509 certificate directly in this element
- to specify the exact public key certificate to use. This only reflects the public
- half of the keypair used by the IdP.
-
- The SP uses the private key included in its Credentials configuration element
- for both XML signing and client-side TLS. An IdP will then try to match the
- certificates in the KeyDescriptors here to the ones presented in the XML
- Signature or SSL session.
-
- When an inline certificate is used, do not assume that an expired certificate
- will be detected and rejected. Often only the key will be extracted without
- regard for the certificate, but at the same time, it may be risky to include
- an expired certificate and assume it will work. Your SAML implementation
- may provide specific guidance on this.
- -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
-b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
-/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
-qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
-7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p
-JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw
-CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt
-cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
-LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
-gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
- <!-- This tells IdPs that you support only the Shib handle format. -->
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-
- <!--
- This tells IdPs where and how to send authentication assertions. Mostly
- the SP will tell the IdP what location to use in its request, but this
- is how the IdP validates the location and also figures out which
- SAML profile to use. There are six listed to accomodate common testing
- scenarios used by C++ and Java SP installations. At deployment time,
- only the actual endpoints to be used are needed.
- -->
- <AssertionConsumerService index="1" isDefault="true"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
- Location="https://sp.example.org/Shibboleth.sso/SAML/POST"/>
- <AssertionConsumerService index="2"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
- Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
- <AssertionConsumerService index="3"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
- Location="https://sp.example.org/shibboleth-sp/Shibboleth.sso/SAML/POST"/>
- <AssertionConsumerService index="4"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
- Location="https://sp.example.org/shibboleth-sp/Shibboleth.sso/SAML/Artifact"/>
- <AssertionConsumerService index="5"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
- Location="https://sp.example.org:9443/shibboleth-sp/Shibboleth.sso/SAML/POST"/>
- <AssertionConsumerService index="6"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
- Location="https://sp.example.org:9443/shibboleth-sp/Shibboleth.sso/SAML/Artifact"/>
-
- </SPSSODescriptor>
-
- <!-- This is just information about the entity in human terms. -->
- <Organization>
- <OrganizationName xml:lang="en">Example Service Provider</OrganizationName>
- <OrganizationDisplayName xml:lang="en">Services 'R' Us</OrganizationDisplayName>
- <OrganizationURL xml:lang="en">http://sp.example.org/</OrganizationURL>
- </Organization>
- <ContactPerson contactType="technical">
- <SurName>Technical Support</SurName>
- <EmailAddress>support@sp.example.org</EmailAddress>
- </ContactPerson>
-
- </EntityDescriptor>
-
-</EntitiesDescriptor>
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZWdS9Zis2G1FSojEC4WZXxg8mGv44womlz9FoSzYLyaTk3mo7
-7KwKWDZxV+TCzc7gtzXkCI11DSzdmKNjAkrYQSDi+ahOXZGuM/Vvc8raH5VtS5if
-L16cfAMv5nhuM//yeYgqWFRKrgNMZdvB1CJaMJ2VBe8O28dHBf9Nqq0dtwIDAQAB
-AoGAKsaVKdlLs9BYhuzIvIpju+6M2LEDS2Rt9qYZzm7O6i77NtfXDIgdq8OEo3Xq
-3bPnfS5Retl8DYdURyBdN4Uh+WR/BUWQjBvOaJLEEdxvuAaLyAjniVREwkc2rXTZ
-xoYYFL/XMyAEt/ye2ZbTw2u5R2i7HCYdddZWMkP1+Vabg8ECQQD7VJXWy8KFiyeC
-thJiVqG/h5IO0y25dId/n81sW2B55eK0c4+IVsqc0a45/U/y2y1wtNBmIEQQn9yY
-pDtWwzVRAkEA3WOgmvxFGTI5V1K5CLCCZzQIUYpzQDQvBu2sKYuy8dK2BMEGe9Zw
-cKVyZJuDKHBvrVI5G6CqkHuFD2PwDvwAhwJBAPdfbM/q4/4/VddAz918uV1j2a2/
-y3yDJq7GIhHp6o5wZ3AHYhnmmyw48YxgOGWntxT80zYBwhy+zAhtdX5TStECQEKL
-drP/TfnD2e6Ag/Ozso642iNAXWIYDWakvBIE1rXPYzzMlFlW3JdPc7H/+I2INlk/
-lMDUK1CggB9fJ8IpRzMCQQDQmqpWZtH6eaMAN6b/9WBdVzqzpCeTWFlL/SwhVbzI
-s+k2zvC4HEAK9Y199g6SHVTQMEAE49wfhhCpY0JdCsQ/
------END RSA PRIVATE KEY-----
+++ /dev/null
-<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
-
- <!-- Simple example JDBC Connector setup with a query based on principal name -->
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement" sourceName="entitlement">
- <DataConnectorDependency requires="db1"/>
- </SimpleAttributeDefinition>
-
- <JDBCDataConnector id="db1"
- dbURL="jdbc:postgresql://test.example.edu/test?user=postgres&password=test"
- dbDriver="org.postgresql.Driver"
- maxActive="10"
- maxIdle="5">
- <Query>select entitlement from foo where name = ?</Query>
- </JDBCDataConnector>
-
-
-
-
- <!-- A more complicated example, where a query is constructed based on dependencies
- on another Data Connector and an Attribute Definition -->
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
- <DataConnectorDependency requires="echo"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:x-mace:shibboleth:date">
- <DataConnectorDependency requires="db2"/>
- </SimpleAttributeDefinition>
-
- <JDBCDataConnector id="db2"
- dbURL="jdbc:postgresql://test.example.edu/test?user=postgres&password=test"
- dbDriver="org.postgresql.Driver"
- maxActive="10"
- maxIdle="5">
- <DataConnectorDependency requires="echo"/>
- <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonEntitlement"/>
- <Query>select date from foo where principalName = ? and entitlement = ?</Query>
- <StatementCreator class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.DependencyStatementCreator">
- <Parameter type="String" attributeName="eduPersonPrincipalName" connectorId="echo" nullMissing="false"></Parameter>
- <Parameter type="String" attributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" nullMissing="false"></Parameter>
- </StatementCreator>
- </JDBCDataConnector>
-
- <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
-
-</AttributeResolver>
+++ /dev/null
-<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonNickname">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonOrgUnitDN">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonOrgDN">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
-
- <!-- To use these attributes, you should change the smartScope value to match your site's domain name. -->
- <!--
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="shibdev.edu">
- <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName" smartScope="shibdev.edu">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
- -->
-
-
- <!-- Example persistent id attribute. Since this configuration is permanent, some thought is required before
- deploying in production. -->
- <!--
- <SAML2PersistentID id="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" sourceName="guid">
- <DataConnectorDependency requires="echo"/>
- <Salt keyStorePath="file:///usr/local/shibboleth-idp/etc/persistent.jks" keyStoreKeyAlias="handleKey" keyStorePassword="shibhs" keyStoreKeyPassword="shibhs"/>
- </SAML2PersistentID>
- -->
-
-
- <!--Examples of common ldap-based attributes -->
- <!--
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:cn">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:sn">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:telephoneNumber">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:title">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:initials">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:description">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:carLicense">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:departmentNumber">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:displayName">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:employeeNumber">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:employeeType">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:preferredLanguage">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:manager">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:roomNumber">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:seeAlso">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:facsimileTelephoneNumber">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:street">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:postOfficeBox">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:postalCode">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:st">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:givenName">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:l">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:businessCategory">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:ou">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:physicalDeliveryOfficeName">
- <DataConnectorDependency requires="directory"/>
- </SimpleAttributeDefinition>
- -->
-
-
- <JNDIDirectoryDataConnector id="directory">
- <Search filter="cn=%PRINCIPAL%">
- <Controls searchScope="SUBTREE_SCOPE" returningObjects="false" />
- </Search>
- <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
- <Property name="java.naming.provider.url" value="ldap://ldap.example.edu/dc=example,dc=edu" />
- <Property name="java.naming.security.principal" value="cn=admin,dc=example,dc=edu" />
- <Property name="java.naming.security.credentials" value="examplepw" />
- </JNDIDirectoryDataConnector>
-
-
- <!-- An example of how to do a simple ldap bind over SSL -->
- <!--
- <JNDIDirectoryDataConnector id="directorySecure">
- <Search filter="cn=%PRINCIPAL%">
- <Controls searchScope="SUBTREE_SCOPE" returningObjects="false" />
- </Search>
- <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
- <Property name="java.naming.provider.url" value="ldap://ldap.example.edu:636/dc=example,dc=edu" />
- <Property name="java.naming.security.protocol" value="ssl" />
- <Property name="java.naming.security.principal" value="cn=admin,dc=example,dc=edu" />
- <Property name="java.naming.security.credentials" value="examplepw" />
- </JNDIDirectoryDataConnector>
- -->
-
-
- <!-- An example of how to setup ldap with connection pooling -->
- <!--
- <JNDIDirectoryDataConnector id="directoryPooled">
- <Search filter="cn=%PRINCIPAL%">
- <Controls searchScope="SUBTREE_SCOPE" returningObjects="false" />
- </Search>
- <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
- <Property name="java.naming.provider.url" value="ldap://ldap.example.edu/dc=example,dc=edu" />
- <Property name="com.sun.jndi.ldap.connect.pool" value="true" />
- <Property name="com.sun.jndi.ldap.connect.pool.initsize" value="5" />
- <Property name="com.sun.jndi.ldap.connect.pool.prefsize" value="5" />
- <Property name="com.sun.jndi.ldap.connect.pool.authentication" value="none simple DIGEST-MD5" />
- <Property name="com.sun.jndi.ldap.connect.pool.protocol" value="plain ssl" />
- </JNDIDirectoryDataConnector>
- -->
-
-</AttributeResolver>
+++ /dev/null
-<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
- <DataConnectorDependency requires="echo"/>
- </SimpleAttributeDefinition>
-
- <ScriptletAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
- <DataConnectorDependency requires="echo"/>
- <Scriptlet>
- Attributes attributes = dependencies.getConnectorResolution("echo");
- Attribute affiliation = attributes.get("eduPersonAffiliation");
- if (affiliation != null && affiliation.size() > 0) {
- resolverAttribute.addValue(attributes.get("eduPersonAffiliation").get(0));
- }
- </Scriptlet>
- </ScriptletAttributeDefinition>
-
- <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
-
-</AttributeResolver>
+++ /dev/null
-<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
- <DataConnectorDependency requires="echo"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
- <DataConnectorDependency requires="echo"/>
- </SimpleAttributeDefinition>
-
-
- <!-- To use these attributes, you should change the smartScope value to match your site's domain name. -->
- <!--
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="shibdev.edu">
- <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
- </SimpleAttributeDefinition>
-
- <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName" smartScope="shibdev.edu">
- <DataConnectorDependency requires="echo"/>
- </SimpleAttributeDefinition>
- -->
-
-
- <!-- Example persistent id attribute. Since this configuration is permanent, some thought is required before
- deploying in production. Consider replacing this with a database-backed mechanism of some sort. -->
- <!--
- <SAML2PersistentID id="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" sourceName="guid">
- <DataConnectorDependency requires="echo"/>
- <Salt keyStorePath="file:///usr/local/shibboleth-idp/etc/persistent.jks" keyStoreKeyAlias="handleKey" keyStorePassword="shibhs" keyStoreKeyPassword="shibhs"/>
- </SAML2PersistentID>
- -->
- <!-- Deprecated persistent id example, use only with SPs that are already relying on your values. -->
- <!--
- <PersistentIDAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonTargetedID" scope="shibdev.edu" sourceName="guid">
- <DataConnectorDependency requires="echo"/>
- <Salt keyStorePath="file:///usr/local/shibboleth-idp/etc/persistent.jks" keyStoreKeyAlias="handleKey" keyStorePassword="shibhs" keyStoreKeyPassword="shibhs"/>
- </PersistentIDAttributeDefinition>
- -->
-
-
- <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
-
-</AttributeResolver>
+++ /dev/null
-urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
-http\://www.w3.org/XML/1998/namespace=xml.xsd
-http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
-http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
-urn\:oasis\:names\:tc\:SAML\:2\.0\:metadata=saml-schema-metadata-2.0.xsd
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;
import org.opensaml.Configuration;
+import org.opensaml.log.LoggingInitializer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import edu.internet2.middleware.shibboleth.common.RelyingPartyMapper;
import edu.internet2.middleware.shibboleth.common.RelyingPartyMapperException;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
-import edu.internet2.middleware.shibboleth.log.LoggingInitializer;
/**
* Primary entry point for requests to the Shibboleth IdP. Listens on multiple endpoints, routes requests to the