Merge branch 'master' into frontchannel-slo v2.3.0-slo10
authorTamas Frank <sitya@niif.hu>
Thu, 19 May 2011 18:33:23 +0000 (20:33 +0200)
committerTamas Frank <sitya@niif.hu>
Thu, 19 May 2011 18:33:23 +0000 (20:33 +0200)
Conflicts:
pom.xml
src/installer/resources/conf-tmpl/handler.xml
src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/ProfileHandlerNamespaceHandler.java
src/main/resources/schema/shibboleth-2.0-idp-profile-handler.xsd
src/main/webapp/WEB-INF/web.xml

1  2 
pom.xml
src/installer/resources/conf-tmpl/handler.xml
src/installer/resources/conf-tmpl/relying-party.xml
src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/ProfileHandlerNamespaceHandler.java
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
src/main/resources/schema/shibboleth-2.0-idp-profile-handler.xsd
src/main/webapp/WEB-INF/web.xml

diff --cc pom.xml
+++ b/pom.xml
@@@ -2,9 -2,11 +2,9 @@@
  <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
      <modelVersion>4.0.0</modelVersion>
 -
      <groupId>edu.internet2.middleware</groupId>
      <artifactId>shibboleth-identityprovider</artifactId>
-     <version>2.2.1-slo10</version>
+     <version>2.3.0</version>
 -
      <!-- We bundle as a jar here, the installer creates the WAR -->
      <packaging>jar</packaging>
  
          <dependency>
              <groupId>edu.internet2.middleware</groupId>
              <artifactId>shibboleth-common</artifactId>
++<<<<<<< HEAD
 +            <version>1.2.1-slo2</version>
++=======
+             <version>1.3.0</version>
++>>>>>>> master
          </dependency>
-         
          <!-- Provided dependencies -->
          <dependency>
              <groupId>javax.servlet</groupId>
          <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
      </ph:ProfileHandler>
  
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
 +        <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
 +        <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
 +        <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +    
+     <ph:ProfileHandler xsi:type="ph:SAML2SSO"
+                     inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
+                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
+                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+         <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
+     </ph:ProfileHandler>
+     <ph:ProfileHandler xsi:type="ph:SAML2ECP"
+           inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+           outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+         <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
+     </ph:ProfileHandler>
      <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery"
                      inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
                      outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
@@@ -30,7 -31,7 +31,8 @@@ import edu.internet2.middleware.shibbol
  import edu.internet2.middleware.shibboleth.idp.config.profile.saml1.ShibbolethSSOProfileHandlerBeanDefinitionParser;
  import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2ArtifactResolutionProfileHandlerBeanDefinitionParser;
  import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2AttributeQueryProfileHandlerBeanDefinitionParser;
 +import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2SLOProfileHandlerBeanDefinitionParser;
+ import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2ECPProfileHandlerBeanDefinitionParser;
  import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2SSOProfileHandlerBeanDefinitionParser;
  
  /**
@@@ -73,8 -74,8 +75,13 @@@ public class ProfileHandlerNamespaceHan
          registerBeanDefinitionParser(SAML2SSOProfileHandlerBeanDefinitionParser.SCHEMA_TYPE,
                  new SAML2SSOProfileHandlerBeanDefinitionParser());
  
++<<<<<<< HEAD
 +        registerBeanDefinitionParser(SAML2SLOProfileHandlerBeanDefinitionParser.SCHEMA_TYPE,
 +                new SAML2SLOProfileHandlerBeanDefinitionParser());
++=======
+         registerBeanDefinitionParser(SAML2ECPProfileHandlerBeanDefinitionParser.SCHEMA_TYPE,
+                 new SAML2ECPProfileHandlerBeanDefinitionParser());
++>>>>>>> master
  
          registerBeanDefinitionParser(SAML2AttributeQueryProfileHandlerBeanDefinitionParser.SCHEMA_TYPE,
                  new SAML2AttributeQueryProfileHandlerBeanDefinitionParser());
          registerBeanDefinitionParser(IPAddressLoginHandlerBeanDefinitionParser.SCHEMA_TYPE,
                  new IPAddressLoginHandlerBeanDefinitionParser());
      }
--}
++}
@@@ -277,21 -280,12 +282,26 @@@ public class SSOProfileHandler extends 
              }
  
              samlResponse = buildResponse(requestContext, "urn:oasis:names:tc:SAML:2.0:cm:bearer", statements);
 +
 +            //bind nameID to session.servicesInformation
 +            NameID nameID = buildNameId(requestContext);
 +            Session session =
 +                    getUserSession(requestContext.getInboundMessageTransport());
 +            ServiceInformationImpl serviceInfo =
 +                    (ServiceInformationImpl) session.getServicesInformation().get(requestContext.getPeerEntityId());
 +            serviceInfo.setSAML2NameIdentifier(nameID);
 +            //index session by nameid
 +            SessionManager<Session> sessionManager = getSessionManager();
 +            String index = sessionManager.getIndexFromNameID(nameID);
 +            if (index != null) {
 +                sessionManager.indexSession(session, index);
 +            }
          } catch (ProfileException e) {
+             if (requestContext.isUnsolicited()) {
+                 // Just delegate to the IdP's global error handler
+                 log.warn("Unsolicited response generation failed: {}", e.getMessage());
+                 throw e;
+             }
              samlResponse = buildErrorResponse(requestContext);
          }
  
          public void setLoginContext(Saml2LoginContext context) {
              loginContext = context;
          }
      }
 -}
 +}
          </xsd:complexContent>
      </xsd:complexType>
  
 +    <xsd:complexType name="SAML2SLO">
 +        <xsd:annotation>
 +            <xsd:documentation>Configuration type for SAML 2 SLO profile handlers.</xsd:documentation>
 +        </xsd:annotation>
 +        <xsd:complexContent>
 +            <xsd:extension base="SAML2ProfileHandler" />
 +        </xsd:complexContent>
 +    </xsd:complexType>
 +
+     <xsd:complexType name="SAML2ECP">
+         <xsd:annotation>
+             <xsd:documentation>Configuration type for ECP SAML 2 SSO profile handlers.</xsd:documentation>
+         </xsd:annotation>
+         <xsd:complexContent>
+             <xsd:extension base="SAML2ProfileHandler">
+                 <xsd:attribute name="authnContextClassRef" type="xsd:anyURI">
+                     <xsd:annotation>
+                         <xsd:documentation>
+                             A context class reference to insert into the assertions generated by the handler.
+                         </xsd:documentation>
+                     </xsd:annotation>
+                 </xsd:attribute>
+             </xsd:extension>
+         </xsd:complexContent>
+     </xsd:complexType>
      <xsd:complexType name="SAML2AttributeQuery">
          <xsd:annotation>
              <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
          <url-pattern>/AuthnEngine</url-pattern>
      </servlet-mapping>
  
 +    <!-- SLO Servlet -->
 +    <servlet>
 +        <servlet-name>SLOServlet</servlet-name>
 +        <servlet-class>edu.internet2.middleware.shibboleth.idp.slo.SLOServlet</servlet-class>
 +        <load-on-startup>3</load-on-startup>
 +    </servlet>
 +
 +    <servlet-mapping>
 +        <servlet-name>SLOServlet</servlet-name>
 +        <url-pattern>/SLOServlet</url-pattern>
 +    </servlet-mapping>
 +    
 +    <!-- Servlet for IdP - initiated Logout -->
 +    <servlet>
 +        <servlet-name>LogoutServlet</servlet-name>
 +        <servlet-class>edu.internet2.middleware.shibboleth.idp.slo.LogoutServlet</servlet-class>
 +        <init-param>
 +            <!-- Path for front-channel single logout profile handler -->
 +            <param-name>profileHandlerPath</param-name>
 +            <param-value>/profile/SAML2/Redirect/SLO</param-value>
 +        </init-param>
 +        <load-on-startup>3</load-on-startup>
 +    </servlet>
 +    <servlet-mapping>
 +        <servlet-name>LogoutServlet</servlet-name>
 +        <url-pattern>/Logout</url-pattern>
 +    </servlet-mapping>
 +
-     <!-- Servlet protected by container user for RemoteUser authentication -->
+     <!-- Servlet protected by container used for RemoteUser authentication -->
      <servlet>
          <servlet-name>RemoteUserAuthHandler</servlet-name>
          <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet</servlet-class>