Cleaned up some stale testing resources.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 Aug 2006 17:57:08 +0000 (17:57 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 Aug 2006 17:57:08 +0000 (17:57 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1998 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

12 files changed:
testresources/basicIdpHome/arps/arp.site.xml [deleted file]
testresources/basicIdpHome/example-metadata.xml [deleted file]
testresources/basicIdpHome/idp-example.crt [deleted file]
testresources/basicIdpHome/idp-example.jks [deleted file]
testresources/basicIdpHome/idp-example.key [deleted file]
testresources/basicIdpHome/idpconfig.xml [deleted file]
testresources/basicIdpHome/resolver.xml [deleted file]
testresources/basicSpHome/AAP.xml [deleted file]
testresources/basicSpHome/example-metadata.xml [deleted file]
testresources/basicSpHome/sp-example.crt [deleted file]
testresources/basicSpHome/sp-example.key [deleted file]
testresources/basicSpHome/spconfig.xml [deleted file]

diff --git a/testresources/basicIdpHome/arps/arp.site.xml b/testresources/basicIdpHome/arps/arp.site.xml
deleted file mode 100644 (file)
index faf3713..0000000
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<AttributeReleasePolicy 
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-       xmlns="urn:mace:shibboleth:arp:1.0" 
-       xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 ../../../src/schemas/shibboleth-arp-1.0.xsd" >
-       <Description>Simplest possible ARP.</Description>
-       <Rule>
-               <Target>
-                       <AnyTarget/>
-               </Target>
-               <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
-                       <AnyValue release="permit"/>
-               </Attribute>
-               <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName">
-                       <AnyValue release="permit"/>
-               </Attribute>
-                               <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
-                       <AnyValue release="permit"/>
-               </Attribute>
-               <Attribute name="urn:mace:dir:attribute-def:cn">
-                       <AnyValue release="permit"/>
-               </Attribute>
-               <Attribute name="urn:mace:dir:attribute-def:telephoneNumber">
-                       <AnyValue release="permit"/>
-               </Attribute>
-               <Attribute name="urn:mace:dir:attribute-def:title">
-                       <AnyValue release="permit"/>
-               </Attribute>
-               <Attribute name="urn:mace:dir:attribute-def:givenName">
-                       <AnyValue release="permit"/>
-               </Attribute>
-               <Attribute name="urn:mace:dir:attribute-def:surname">
-                       <AnyValue release="permit"/>
-               </Attribute>
-               <Attribute name="urn:mace:dir:attribute-def:unacceptable">
-                       <AnyValue release="permit"/>
-               </Attribute>
-                       </Rule>
-</AttributeReleasePolicy>
diff --git a/testresources/basicIdpHome/example-metadata.xml b/testresources/basicIdpHome/example-metadata.xml
deleted file mode 100644 (file)
index a2ff40d..0000000
+++ /dev/null
@@ -1,319 +0,0 @@
-<EntitiesDescriptor
-    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-    xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
-    xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# ../schemas/xmldsig-core-schema.xsd"
-    Name="urn:mace:shibboleth:examples"
-    validUntil="2010-01-01T00:00:00Z">
-
-       <!--
-       This is a starter set of metadata for testing Shibboleth. It shows
-       a pair of example entities, one an IdP and one an SP. Each party
-       requires metadata from its opposite in order to interact with it.
-       Thus, your metadata describes you, and your partner(s)' metadata
-       is fed into your configuration.
-       
-       The software components do not configure themselves using metadata
-       (e.g. the IdP does not configure itself using IdP metadata). Instead,
-       metadata about SPs is fed into IdPs and metadata about IdPs is fed into
-       SPs. Other metadata is ignored, so the software does not look for
-       conflicts between its own configuration and the metadata that might
-       be present about itself. Metadata is instead maintained based on the
-       external details of your configuration.
-       -->
-
-       <EntityDescriptor entityID="https://idp.example.org/shibboleth">
-       <!--
-       The entityID above looks like a location, but it's actually just a name.
-       Each entity is assigned a URI name. By convention, it will often be a
-       URL, but it should never contain a physical machine hostname that you
-       would not otherwise publish to users of the service. For example, if your
-       installation runs on a machine named "gryphon.example.org", you would
-       generally register that machine in DNS under a second, logical name
-       (such as idp.example.org). This logical name should be used in favor
-       of the real hostname when you assign an entityID. You should use a name
-       like this even if you don't actually register the server in DNS using it.
-       The URL does *not* have to resolve into anything to use it as a name.
-       The point is for the name you choose to be stable, which is why including
-       hostnames is generally bad, since they tend to change.
-       -->
-               
-               <!-- A Shib IdP contains this element with protocol support as shown. -->
-               <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-                       <Extensions>
-                               <!-- This is a Shibboleth extension to express attribute scope rules. -->
-                               <shibmd:Scope>example.org</shibmd:Scope>
-                               <!-- This enables testing against Internet2's test site. -->
-                               <shibmd:Scope>example.edu</shibmd:Scope>
-                       </Extensions>
-                       
-                       <!--
-                       One or more KeyDescriptors tell SPs how the IdP will authenticate itself. A single
-                       descriptor can be used for both signing and for server-TLS if its use attribute
-                       is set to "signing". You can place an X.509 certificate directly in this element
-                       to specify the exact public key certificate to use. This only reflects the public
-                       half of the keypair used by the IdP.
-                       
-                       When the IdP signs XML, it uses the private key included in its Credentials
-                       configuration element, and when TLS is used, the web server will use the
-                       certificate and private key defined by the web server's configuration.
-                       An SP will then try to match the certificates in the KeyDescriptors here
-                       to the ones presented in the XML Signature or SSL session.
-                       
-                       When an inline certificate is used, do not assume that an expired certificate
-                       will be detected and rejected. Often only the key will be extracted without
-                       regard for the certificate, but at the same time, it may be risky to include
-                       an expired certificate and assume it will work. Your SAML implementation
-                       may provide specific guidance on this.
-                       -->
-                       <KeyDescriptor use="signing">
-                           <ds:KeyInfo>
-                               <ds:X509Data>
-                                       <ds:X509Certificate>
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
-                                       </ds:X509Certificate>
-                               </ds:X509Data>
-                           </ds:KeyInfo>
-                       </KeyDescriptor>
-
-                       <!-- This key is used by Internet2's test site. -->
-                       <KeyDescriptor use="signing">
-                               <ds:KeyInfo>
-                                       <ds:X509Data>
-                                               <ds:X509Certificate>
-MIIDADCCAmmgAwIBAgICBPIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTA1MDUyNjAxMDE1MloXDTA5MDcwNTAxMDE1MlowPjEL
-MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEbMBkGA1UEAxMSd2F5Zi5p
-bnRlcm5ldDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpUs
-kDqIN54O/AbF9rVqe8FJ1q/Ep7edGGOQUjlnt2c2AyVuvveSfW/Hh82DjdF0HMaW
-C5kv/ZInBLi4kO6Xx2EjPijZmK11WxHx+WbhgCziY4KzetL3XT63QdCSSQVnaEJV
-oM9yWsOOHpeWaFiX2alAfkYbCVt9kQiB2amyCuwcOwPWh0Saf7UTEyXoE9IMNWUz
-oaydiwm6TH2zJ7ZNMogeL14o5Fv7I6znKwVGvqrz6iIGWTI7v/ZmnF/jwyW4GOdS
-fX7s/G+M6uSndSM5si+s7iE+MdtP0qZ2M3xd4zWSpYTWRnq3uVMc9w04mF5LZM5q
-B8ktgtaTLS5X2sWv6QIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
-oDANBgkqhkiG9w0BAQQFAAOBgQBDiDqvFbuhMMxAQ89CNBFLiXkcMLrX2Ht96Zux
-JfS8fAx/Obbz5im1jK7peLhFr/9KgLtAkoz4aWtBL+qWcL3a1VYTu9H3Q2w9QbV2
-rxmbK0h8tw6qTA+F4FrErGufQv+kEmm1WRXXeyqEcsadZpsXauRD8iraq9f5WrLX
-AtThLg==
-                                               </ds:X509Certificate>
-                                       </ds:X509Data>
-                               </ds:KeyInfo>
-                       </KeyDescriptor>
-                       
-                       <!-- This tells SPs where/how to resolve SAML 1.x artifacts into SAML assertions. -->
-                       <ArtifactResolutionService index="1"
-                               Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                               Location="https://idp.example.org:8443/shibboleth-idp/Artifact"/>
-
-                       <!-- This enables testing against Internet2's test site. -->
-                       <ArtifactResolutionService index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                               Location="https://wayf.internet2.edu:8443/shibboleth-idp/Artifact"/>
-                       
-                       <!-- This tells SPs that you support only the Shib handle format. -->
-                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-                       
-                       <!-- This tells SPs how and where to request authentication. -->
-                       <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                           Location="https://idp.example.org/shibboleth-idp/SSO"/>
-
-                       <!-- This enables testing against Internet2's test site. -->
-                       <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                               Location="https://wayf.internet2.edu/shibboleth-idp/SSO"/>
-               </IDPSSODescriptor>
-               
-               <!-- Most Shib IdPs also support SAML attribute queries, so this role is also included. -->
-               <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-                       <Extensions>
-                               <!-- This is a Shibboleth extension to express attribute scope rules. -->
-                               <shibmd:Scope>example.org</shibmd:Scope>
-                               <!-- This enables testing against Internet2's test site. -->
-                               <shibmd:Scope>example.edu</shibmd:Scope>
-                       </Extensions>
-                       
-                       <!-- The certificate has to be repeated here (or a different one specified if necessary). -->
-                       <KeyDescriptor use="signing">
-                           <ds:KeyInfo>
-                               <ds:X509Data>
-                                       <ds:X509Certificate>
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
-                                       </ds:X509Certificate>
-                               </ds:X509Data>
-                           </ds:KeyInfo>
-                       </KeyDescriptor>
-
-                       <!-- This key is used by Internet2's test site. -->
-                       <KeyDescriptor use="signing">
-                               <ds:KeyInfo>
-                                       <ds:X509Data>
-                                               <ds:X509Certificate>
-MIIDADCCAmmgAwIBAgICBPIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTA1MDUyNjAxMDE1MloXDTA5MDcwNTAxMDE1MlowPjEL
-MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEbMBkGA1UEAxMSd2F5Zi5p
-bnRlcm5ldDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpUs
-kDqIN54O/AbF9rVqe8FJ1q/Ep7edGGOQUjlnt2c2AyVuvveSfW/Hh82DjdF0HMaW
-C5kv/ZInBLi4kO6Xx2EjPijZmK11WxHx+WbhgCziY4KzetL3XT63QdCSSQVnaEJV
-oM9yWsOOHpeWaFiX2alAfkYbCVt9kQiB2amyCuwcOwPWh0Saf7UTEyXoE9IMNWUz
-oaydiwm6TH2zJ7ZNMogeL14o5Fv7I6znKwVGvqrz6iIGWTI7v/ZmnF/jwyW4GOdS
-fX7s/G+M6uSndSM5si+s7iE+MdtP0qZ2M3xd4zWSpYTWRnq3uVMc9w04mF5LZM5q
-B8ktgtaTLS5X2sWv6QIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
-oDANBgkqhkiG9w0BAQQFAAOBgQBDiDqvFbuhMMxAQ89CNBFLiXkcMLrX2Ht96Zux
-JfS8fAx/Obbz5im1jK7peLhFr/9KgLtAkoz4aWtBL+qWcL3a1VYTu9H3Q2w9QbV2
-rxmbK0h8tw6qTA+F4FrErGufQv+kEmm1WRXXeyqEcsadZpsXauRD8iraq9f5WrLX
-AtThLg==
-                                               </ds:X509Certificate>
-                                       </ds:X509Data>
-                               </ds:KeyInfo>
-                       </KeyDescriptor>
-                       
-                       <!-- This tells SPs how and where to send queries. -->
-                       <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                           Location="https://idp.example.org:8443/shibboleth-idp/AA"/>
-
-                       <!-- This enables testing against Internet2's test site. -->
-                       <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                               Location="https://wayf.internet2.edu:8443/shibboleth-idp/AA"/>
-                       
-                       <!-- This tells SPs that you support only the Shib handle format. -->
-                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-               </AttributeAuthorityDescriptor>
-
-               <!-- This is just information about the entity in human terms. -->
-               <Organization>
-                   <OrganizationName xml:lang="en">Example Identity Provider</OrganizationName>
-                   <OrganizationDisplayName xml:lang="en">Identities 'R' Us</OrganizationDisplayName>
-                   <OrganizationURL xml:lang="en">http://idp.example.org/</OrganizationURL>
-               </Organization>
-               <ContactPerson contactType="technical">
-                   <SurName>Technical Support</SurName>
-                   <EmailAddress>support@idp.example.org</EmailAddress>
-               </ContactPerson>
-
-       </EntityDescriptor>
-
-       <!-- See the comment earlier about how an entityID is chosen/created. -->
-       <EntityDescriptor entityID="https://sp.example.org/shibboleth">
-       
-               <!-- A Shib SP contains this element with protocol support as shown. -->
-               <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-               
-                       <!--
-                       One or more KeyDescriptors tell IdPs how the SP will authenticate itself. A single
-                       descriptor can be used for both signing and for client-TLS if its use attribute
-                       is set to "signing". You can place an X.509 certificate directly in this element
-                       to specify the exact public key certificate to use. This only reflects the public
-                       half of the keypair used by the IdP.
-                       
-                       The SP uses the private key included in its Credentials configuration element
-                       for both XML signing and client-side TLS. An IdP will then try to match the
-                       certificates in the KeyDescriptors here to the ones presented in the XML
-                       Signature or SSL session.
-                       
-                       When an inline certificate is used, do not assume that an expired certificate
-                       will be detected and rejected. Often only the key will be extracted without
-                       regard for the certificate, but at the same time, it may be risky to include
-                       an expired certificate and assume it will work. Your SAML implementation
-                       may provide specific guidance on this.
-                       -->
-                       <KeyDescriptor use="signing">
-                           <ds:KeyInfo>
-                               <ds:X509Data>
-                                       <ds:X509Certificate>
-MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
-b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
-/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
-qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
-7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p
-JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw
-CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt
-cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
-LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
-gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-                                       </ds:X509Certificate>
-                               </ds:X509Data>
-                           </ds:KeyInfo>
-                       </KeyDescriptor>
-                       
-                       <!-- This tells IdPs that you support only the Shib handle format. -->
-                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-                   
-                       <!--
-                       This tells IdPs where and how to send authentication assertions. Mostly
-                       the SP will tell the IdP what location to use in its request, but this
-                       is how the IdP validates the location and also figures out which
-                       SAML profile to use. There are six listed to accomodate common testing
-                       scenarios used by C++ and Java SP installations. At deployment time,
-                       only the actual endpoints to be used are needed. 
-                       -->
-                       <AssertionConsumerService index="1" isDefault="true"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                               Location="https://sp.example.org/Shibboleth.sso/SAML/POST"/>
-                       <AssertionConsumerService index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
-                               Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
-                       <AssertionConsumerService index="3"
-                       Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                       Location="https://sp.example.org/shibboleth-sp/Shibboleth.sso/SAML/POST"/>
-                   <AssertionConsumerService index="4"
-                       Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
-                       Location="https://sp.example.org/shibboleth-sp/Shibboleth.sso/SAML/Artifact"/>
-                       <AssertionConsumerService index="5"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                               Location="https://sp.example.org:9443/shibboleth-sp/Shibboleth.sso/SAML/POST"/>
-                       <AssertionConsumerService index="6"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
-                               Location="https://sp.example.org:9443/shibboleth-sp/Shibboleth.sso/SAML/Artifact"/>
-                       
-               </SPSSODescriptor>
-
-               <!-- This is just information about the entity in human terms. -->
-               <Organization>
-                       <OrganizationName xml:lang="en">Example Service Provider</OrganizationName>
-                       <OrganizationDisplayName xml:lang="en">Services 'R' Us</OrganizationDisplayName>
-                       <OrganizationURL xml:lang="en">http://sp.example.org/</OrganizationURL>
-               </Organization>
-               <ContactPerson contactType="technical">
-                       <SurName>Technical Support</SurName>
-                       <EmailAddress>support@sp.example.org</EmailAddress>
-               </ContactPerson>
-               
-       </EntityDescriptor>
-
-</EntitiesDescriptor>
diff --git a/testresources/basicIdpHome/idp-example.crt b/testresources/basicIdpHome/idp-example.crt
deleted file mode 100644 (file)
index 8f9fb55..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
------END CERTIFICATE-----
diff --git a/testresources/basicIdpHome/idp-example.jks b/testresources/basicIdpHome/idp-example.jks
deleted file mode 100644 (file)
index 28b90d3..0000000
Binary files a/testresources/basicIdpHome/idp-example.jks and /dev/null differ
diff --git a/testresources/basicIdpHome/idp-example.key b/testresources/basicIdpHome/idp-example.key
deleted file mode 100644 (file)
index 5149449..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZWdS9Zis2G1FSojEC4WZXxg8mGv44womlz9FoSzYLyaTk3mo7
-7KwKWDZxV+TCzc7gtzXkCI11DSzdmKNjAkrYQSDi+ahOXZGuM/Vvc8raH5VtS5if
-L16cfAMv5nhuM//yeYgqWFRKrgNMZdvB1CJaMJ2VBe8O28dHBf9Nqq0dtwIDAQAB
-AoGAKsaVKdlLs9BYhuzIvIpju+6M2LEDS2Rt9qYZzm7O6i77NtfXDIgdq8OEo3Xq
-3bPnfS5Retl8DYdURyBdN4Uh+WR/BUWQjBvOaJLEEdxvuAaLyAjniVREwkc2rXTZ
-xoYYFL/XMyAEt/ye2ZbTw2u5R2i7HCYdddZWMkP1+Vabg8ECQQD7VJXWy8KFiyeC
-thJiVqG/h5IO0y25dId/n81sW2B55eK0c4+IVsqc0a45/U/y2y1wtNBmIEQQn9yY
-pDtWwzVRAkEA3WOgmvxFGTI5V1K5CLCCZzQIUYpzQDQvBu2sKYuy8dK2BMEGe9Zw
-cKVyZJuDKHBvrVI5G6CqkHuFD2PwDvwAhwJBAPdfbM/q4/4/VddAz918uV1j2a2/
-y3yDJq7GIhHp6o5wZ3AHYhnmmyw48YxgOGWntxT80zYBwhy+zAhtdX5TStECQEKL
-drP/TfnD2e6Ag/Ozso642iNAXWIYDWakvBIE1rXPYzzMlFlW3JdPc7H/+I2INlk/
-lMDUK1CggB9fJ8IpRzMCQQDQmqpWZtH6eaMAN6b/9WBdVzqzpCeTWFlL/SwhVbzI
-s+k2zvC4HEAK9Y199g6SHVTQMEAE49wfhhCpY0JdCsQ/
------END RSA PRIVATE KEY-----
diff --git a/testresources/basicIdpHome/idpconfig.xml b/testresources/basicIdpHome/idpconfig.xml
deleted file mode 100644 (file)
index a4ec99c..0000000
+++ /dev/null
@@ -1,126 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!-- Shibboleth Identity Provider configuration -->
-
-       <IdPConfig 
-       xmlns="urn:mace:shibboleth:idp:config:1.0" 
-       xmlns:cred="urn:mace:shibboleth:credentials:1.0" 
-       xmlns:name="urn:mace:shibboleth:namemapper:1.0" 
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-       xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 ../../src/schemas/shibboleth-idpconfig-1.0.xsd" 
-       AAUrl="https://idp.example.org:8443/shibboleth-idp/AA" 
-       resolverConfig="/basicIdpHome/resolver.xml"
-       defaultRelyingParty="urn:mace:shibboleth:examples" 
-       providerId="https://idp.example.org/shibboleth">
-
-
-       <!-- This section contains configuration options that apply only to a site or group of sites
-               This would normally be adjusted when a new federation or bilateral trust relationship is established -->
-       <RelyingParty name="urn:mace:shibboleth:examples" signingCredential="example_cred"> <!-- (signingCredential) must correspond to a <Credential/> element below -->
-               <NameID nameMapping="shm"/> <!-- (nameMapping) must correspond to a <NameMapping/> element below -->
-       </RelyingParty>
-
-       <!-- InQueue example (the schemaHack is needed for 1.1/1.2 SPs)-->
-       <!--
-       <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred"
-                       schemaHack="true"> 
-               <NameID nameMapping="shm"/>
-       </RelyingParty> -->
-       
-       
-       <!-- Configuration for the attribute release policy engine
-               For most configurations this won't need adjustment -->
-       <ReleasePolicyEngine>
-               <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
-                       <Path>/basicIdpHome/arps/</Path>
-               </ArpRepository>
-       </ReleasePolicyEngine>
-
-       
-    <!-- Logging Configuration
-               The defaults work fine in this section, but it is sometimes helpful to use "DEBUG" as the level for 
-               the <ErrorLog/> when trying to diagnose problems -->
-       <!--            
-       <Logging>
-               <ErrorLog level="WARN" location="file:/temp/shib-error.log" />
-               <TransactionLog level="INFO" location="file:/temp/shib-access.log" />
-       </Logging>
-       -->             
-       <!-- Uncomment the configuration section below and comment out the one above if you would like to manually configure log4j -->
-    <!--
-       <Logging>
-               <Log4JConfig location="file:///tmp/log4j.properties" />
-       </Logging> -->
-
-
-       <!-- This configuration section determines how Shibboleth maps between SAML Subjects and local principals.
-               The default mapping uses shibboleth handles, but other formats can be added.
-               The mappings listed here are only active when they are referenced within a <RelyingParty/> element above -->
-       <NameMapping 
-               xmlns="urn:mace:shibboleth:namemapper:1.0" 
-               id="shm" 
-               format="urn:mace:shibboleth:1.0:nameIdentifier" 
-               type="SharedMemoryShibHandle" 
-               handleTTL="28800"/>
-
-
-       <!-- Determines how SAML artifacts are stored and retrieved
-               The (sourceLocation) attribute must be specified when using type 2 artifacts -->
-       <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
-
-
-       <!-- This configuration section determines the keys/certs to be used when signing SAML assertions -->
-       <!-- The credentials listed here are used when referenced within <RelyingParty/> elements above -->
-       <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
-               <FileResolver Id="example_cred">
-                       <Key>
-                               <Path>/basicIdpHome/idp-example.key</Path>
-                       </Key>
-                       <Certificate>
-                               <Path>/basicIdpHome/idp-example.crt</Path>
-                       </Certificate>
-               </FileResolver>
-       
-               <!-- InQueue example (Deployments would need to generate an InQueue-compatible certificate) -->
-               <!--
-               <FileResolver Id="inqueue_cred">
-                       <Key>
-                               <Path>$IDP_HOME$/etc/idp-inqueue.key</Path>
-                       </Key>
-                       <Certificate>
-                               <Path>$IDP_HOME$/etc/idp-inqueue.crt</Path>
-                       </Certificate>
-               </FileResolver>
-                -->
-       </Credentials>
-
-
-       <!-- Protocol handlers specify what type of requests the IdP can respond to.  The default set listed here should work 
-               for most configurations.  Modifications to this section may require modifications to the deployment descriptor -->
-       <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
-               <Location>https?://[^:/]+(:(443|80))?/shibboleth-idp/SSO</Location> <!-- regex works when using default protocol ports -->
-       </ProtocolHandler>
-       <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
-               <Location>.+:8443/shibboleth-idp/AA</Location>
-       </ProtocolHandler>
-       <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
-               <Location>.+:8443/shibboleth-idp/Artifact</Location>
-       </ProtocolHandler>
-       <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.Shibboleth_StatusHandler">
-               <Location>https://[^:/]+(:443)?/shibboleth-idp/Status</Location>
-       </ProtocolHandler>
-
-       
-       <!-- This section configures the loading of SAML2 metadata, which contains information about system entities and 
-               how to authenticate them.  The metadatatool utility can be used to keep federation metadata files in synch.
-               Metadata can also be placed directly within this these elements. -->
-       <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                uri="/basicIdpHome/example-metadata.xml"/>
-       
-       
-       <!-- InQueue example (Deployments would need to get updated InQueue metadata) -->
-       <!--
-       <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                uri="$IDP_HOME$/etc/IQ-metadata.xml"/> -->
-</IdPConfig>
-
diff --git a/testresources/basicIdpHome/resolver.xml b/testresources/basicIdpHome/resolver.xml
deleted file mode 100644 (file)
index 2c660e8..0000000
+++ /dev/null
@@ -1,53 +0,0 @@
-<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-       xmlns="urn:mace:shibboleth:resolver:1.0" 
-       xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 ../../src/schemas/shibboleth-resolver-1.0.xsd">
-       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:title">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-               
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
-               smartScope="example.org">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:telephoneNumber">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:cn">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:givenName">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-               
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:surname">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-               
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:unacceptable">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-                       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:unreleasable">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-                       
-       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName"
-               smartScope="example.org">
-               <DataConnectorDependency requires="jutest"/>
-       </SimpleAttributeDefinition>
-                                       
-       <CustomDataConnector id="jutest" class="edu.internet2.middleware.shibboleth.runner.AttributeSourceForTests"/>
-
-</AttributeResolver>
diff --git a/testresources/basicSpHome/AAP.xml b/testresources/basicSpHome/AAP.xml
deleted file mode 100644 (file)
index e726fb5..0000000
+++ /dev/null
@@ -1,298 +0,0 @@
-<AttributeAcceptancePolicy xmlns="urn:mace:shibboleth:1.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="urn:mace:shibboleth:1.0 ../../src/schemas/shibboleth.xsd">
-
-       <!--
-       An AAP is a set of AttributeRule elements, each one
-       referencing a specific attribute by URI. All attributes that
-       should be visible to an application running at the target should
-       be listed, or they will be filtered out.
-       
-       The Header and Alias attributes map an attribute to an HTTP header
-       and to an htaccess rule name respectively. Without Header, the attribute
-       will only be obtainable from the exported SAML assertion in raw XML.
-       
-       Scoped attributes are also filtered on Scope via the Domain elements
-       in the site metadata.
-       -->
-       
-       <!-- First some useful eduPerson attributes that many sites might use. -->
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" Scoped="true" CaseSensitive="false" Header="Shib-EP-Affiliation" Alias="affiliation">
-               <!-- Filtering rule to limit values to eduPerson-defined enumeration. -->
-        <AnySite>
-            <Value>MEMBER</Value>
-            <Value>FACULTY</Value>
-            <Value>STUDENT</Value>
-            <Value>STAFF</Value>
-            <Value>ALUM</Value>
-            <Value>AFFILIATE</Value>
-            <Value>EMPLOYEE</Value>
-        </AnySite>
-        
-        <!-- Example of Scope rule to override site metadata. -->
-        <SiteRule Name="urn:mace:inqueue:shibdev.edu">
-               <Scope Accept="false">shibdev.edu</Scope>
-               <Scope Type="regexp">^.+\.shibdev\.edu$</Scope>
-        </SiteRule>
-       </AttributeRule>
-
-       <!--
-       This attribute is provided mostly to ease testing because an IdP out of the box only
-       sends the unscoped version. It has little use because it lacks the context needed to
-       work in a multi-domain scenario and is a subset of the scoped version anyway.
-        -->
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonAffiliation" CaseSensitive="false" Header="Shib-EP-UnscopedAffiliation" Alias="unscoped-affiliation">
-        <AnySite>
-            <Value>MEMBER</Value>
-            <Value>FACULTY</Value>
-            <Value>STUDENT</Value>
-            <Value>STAFF</Value>
-            <Value>ALUM</Value>
-            <Value>AFFILIATE</Value>
-            <Value>EMPLOYEE</Value>
-        </AnySite>
-       </AttributeRule>
-       
-    <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" Scoped="true" Header="REMOTE_USER" Alias="user">
-               <!-- Basic rule to pass through any value. -->
-        <AnySite>
-            <Value Type="regexp">^[^@]+$</Value>
-        </AnySite>
-    </AttributeRule>
-
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonEntitlement" Header="Shib-EP-Entitlement" Alias="entitlement">
-               <!-- Entitlements tend to be filtered per-site. -->
-               
-               <!--
-               Optional site rule that applies to any site
-               <AnySite>
-                       <Value>urn:mace:example.edu:exampleEntitlement</Value>
-               </AnySite>
-               -->
-               
-               <!-- Specific rules for an origin site, these are just development/sample sites. -->
-               <SiteRule Name="urn:mace:inqueue:example.edu">
-                       <Value Type="regexp">^urn:mace:.+$</Value>
-               </SiteRule>
-               <SiteRule Name="urn:mace:inqueue:shibdev.edu">
-                       <Value Type="regexp">^urn:mace:.+$</Value>
-               </SiteRule>
-       </AttributeRule>
-
-       <!-- A persistent id attribute that supports personalized anonymous access. -->
-       
-       <!-- First, the deprecated version: -->
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonTargetedID" Scoped="true" Header="Shib-TargetedID" Alias="targeted_id">
-        <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-
-       <!-- Second, the new version: -->
-       <AttributeRule Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" Header="Shib-TargetedID" Alias="targeted_id">
-        <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <!-- Some more eduPerson attributes, uncomment these to use them... -->
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonNickname">
-        <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" CaseSensitive="false" Header="Shib-EP-PrimaryAffiliation">
-        <AnySite>
-            <Value>MEMBER</Value>
-            <Value>FACULTY</Value>
-            <Value>STUDENT</Value>
-            <Value>STAFF</Value>
-            <Value>ALUM</Value>
-            <Value>AFFILIATE</Value>
-            <Value>EMPLOYEE</Value>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" Header="Shib-EP-PrimaryOrgUnitDN">
-        <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" Header="Shib-EP-OrgUnitDN">
-        <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonOrgDN" Header="Shib-EP-OrgDN">
-        <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-
-
-
-       <!--Examples of common LDAP-based attributes, uncomment to use these... -->
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:cn" Header="Shib-Person-commonName">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:sn" Header="Shib-Person-surname">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:surname" Header="Shib-Person-surname">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-               
-       <AttributeRule Name="urn:mace:dir:attribute-def:telephoneNumber" Header="Shib-Person-telephoneNumber">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:title" Header="Shib-OrgPerson-title">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:initials" Header="Shib-InetOrgPerson-initials">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:description" Header="Shib-Person-description">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:carLicense" Header="Shib-InetOrgPerson-carLicense">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:departmentNumber" Header="Shib-InetOrgPerson-deptNum">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:displayName" Header="Shib-InetOrgPerson-displayName">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:employeeNumber" Header="Shib-InetOrgPerson-employeeNum">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:employeeType" Header="Shib-InetOrgPerson-employeeType">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:preferredLanguage" Header="Shib-InetOrgPerson-prefLang">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:manager" Header="Shib-InetOrgPerson-manager">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:roomNumber" Header="Shib-InetOrgPerson-roomNum">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:seeAlso" Header="Shib-OrgPerson-seeAlso">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" Header="Shib-OrgPerson-fax">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:street" Header="Shib-OrgPerson-street">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:postOfficeBox" Header="Shib-OrgPerson-POBox">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:postalCode" Header="Shib-OrgPerson-postalCode">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:st" Header="Shib-OrgPerson-state">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:givenName" Header="Shib-InetOrgPerson-givenName">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:l" Header="Shib-OrgPerson-locality">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:businessCategory" Header="Shib-InetOrgPerson-businessCat">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:ou" Header="Shib-OrgPerson-orgUnit">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-       <AttributeRule Name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" Header="Shib-OrgPerson-OfficeName">
-               <AnySite>
-            <AnyValue/>
-        </AnySite>
-       </AttributeRule>
-       
-
-</AttributeAcceptancePolicy>
diff --git a/testresources/basicSpHome/example-metadata.xml b/testresources/basicSpHome/example-metadata.xml
deleted file mode 100644 (file)
index a2ff40d..0000000
+++ /dev/null
@@ -1,319 +0,0 @@
-<EntitiesDescriptor
-    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-    xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
-    xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# ../schemas/xmldsig-core-schema.xsd"
-    Name="urn:mace:shibboleth:examples"
-    validUntil="2010-01-01T00:00:00Z">
-
-       <!--
-       This is a starter set of metadata for testing Shibboleth. It shows
-       a pair of example entities, one an IdP and one an SP. Each party
-       requires metadata from its opposite in order to interact with it.
-       Thus, your metadata describes you, and your partner(s)' metadata
-       is fed into your configuration.
-       
-       The software components do not configure themselves using metadata
-       (e.g. the IdP does not configure itself using IdP metadata). Instead,
-       metadata about SPs is fed into IdPs and metadata about IdPs is fed into
-       SPs. Other metadata is ignored, so the software does not look for
-       conflicts between its own configuration and the metadata that might
-       be present about itself. Metadata is instead maintained based on the
-       external details of your configuration.
-       -->
-
-       <EntityDescriptor entityID="https://idp.example.org/shibboleth">
-       <!--
-       The entityID above looks like a location, but it's actually just a name.
-       Each entity is assigned a URI name. By convention, it will often be a
-       URL, but it should never contain a physical machine hostname that you
-       would not otherwise publish to users of the service. For example, if your
-       installation runs on a machine named "gryphon.example.org", you would
-       generally register that machine in DNS under a second, logical name
-       (such as idp.example.org). This logical name should be used in favor
-       of the real hostname when you assign an entityID. You should use a name
-       like this even if you don't actually register the server in DNS using it.
-       The URL does *not* have to resolve into anything to use it as a name.
-       The point is for the name you choose to be stable, which is why including
-       hostnames is generally bad, since they tend to change.
-       -->
-               
-               <!-- A Shib IdP contains this element with protocol support as shown. -->
-               <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-                       <Extensions>
-                               <!-- This is a Shibboleth extension to express attribute scope rules. -->
-                               <shibmd:Scope>example.org</shibmd:Scope>
-                               <!-- This enables testing against Internet2's test site. -->
-                               <shibmd:Scope>example.edu</shibmd:Scope>
-                       </Extensions>
-                       
-                       <!--
-                       One or more KeyDescriptors tell SPs how the IdP will authenticate itself. A single
-                       descriptor can be used for both signing and for server-TLS if its use attribute
-                       is set to "signing". You can place an X.509 certificate directly in this element
-                       to specify the exact public key certificate to use. This only reflects the public
-                       half of the keypair used by the IdP.
-                       
-                       When the IdP signs XML, it uses the private key included in its Credentials
-                       configuration element, and when TLS is used, the web server will use the
-                       certificate and private key defined by the web server's configuration.
-                       An SP will then try to match the certificates in the KeyDescriptors here
-                       to the ones presented in the XML Signature or SSL session.
-                       
-                       When an inline certificate is used, do not assume that an expired certificate
-                       will be detected and rejected. Often only the key will be extracted without
-                       regard for the certificate, but at the same time, it may be risky to include
-                       an expired certificate and assume it will work. Your SAML implementation
-                       may provide specific guidance on this.
-                       -->
-                       <KeyDescriptor use="signing">
-                           <ds:KeyInfo>
-                               <ds:X509Data>
-                                       <ds:X509Certificate>
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
-                                       </ds:X509Certificate>
-                               </ds:X509Data>
-                           </ds:KeyInfo>
-                       </KeyDescriptor>
-
-                       <!-- This key is used by Internet2's test site. -->
-                       <KeyDescriptor use="signing">
-                               <ds:KeyInfo>
-                                       <ds:X509Data>
-                                               <ds:X509Certificate>
-MIIDADCCAmmgAwIBAgICBPIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTA1MDUyNjAxMDE1MloXDTA5MDcwNTAxMDE1MlowPjEL
-MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEbMBkGA1UEAxMSd2F5Zi5p
-bnRlcm5ldDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpUs
-kDqIN54O/AbF9rVqe8FJ1q/Ep7edGGOQUjlnt2c2AyVuvveSfW/Hh82DjdF0HMaW
-C5kv/ZInBLi4kO6Xx2EjPijZmK11WxHx+WbhgCziY4KzetL3XT63QdCSSQVnaEJV
-oM9yWsOOHpeWaFiX2alAfkYbCVt9kQiB2amyCuwcOwPWh0Saf7UTEyXoE9IMNWUz
-oaydiwm6TH2zJ7ZNMogeL14o5Fv7I6znKwVGvqrz6iIGWTI7v/ZmnF/jwyW4GOdS
-fX7s/G+M6uSndSM5si+s7iE+MdtP0qZ2M3xd4zWSpYTWRnq3uVMc9w04mF5LZM5q
-B8ktgtaTLS5X2sWv6QIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
-oDANBgkqhkiG9w0BAQQFAAOBgQBDiDqvFbuhMMxAQ89CNBFLiXkcMLrX2Ht96Zux
-JfS8fAx/Obbz5im1jK7peLhFr/9KgLtAkoz4aWtBL+qWcL3a1VYTu9H3Q2w9QbV2
-rxmbK0h8tw6qTA+F4FrErGufQv+kEmm1WRXXeyqEcsadZpsXauRD8iraq9f5WrLX
-AtThLg==
-                                               </ds:X509Certificate>
-                                       </ds:X509Data>
-                               </ds:KeyInfo>
-                       </KeyDescriptor>
-                       
-                       <!-- This tells SPs where/how to resolve SAML 1.x artifacts into SAML assertions. -->
-                       <ArtifactResolutionService index="1"
-                               Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                               Location="https://idp.example.org:8443/shibboleth-idp/Artifact"/>
-
-                       <!-- This enables testing against Internet2's test site. -->
-                       <ArtifactResolutionService index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                               Location="https://wayf.internet2.edu:8443/shibboleth-idp/Artifact"/>
-                       
-                       <!-- This tells SPs that you support only the Shib handle format. -->
-                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-                       
-                       <!-- This tells SPs how and where to request authentication. -->
-                       <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                           Location="https://idp.example.org/shibboleth-idp/SSO"/>
-
-                       <!-- This enables testing against Internet2's test site. -->
-                       <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                               Location="https://wayf.internet2.edu/shibboleth-idp/SSO"/>
-               </IDPSSODescriptor>
-               
-               <!-- Most Shib IdPs also support SAML attribute queries, so this role is also included. -->
-               <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-                       <Extensions>
-                               <!-- This is a Shibboleth extension to express attribute scope rules. -->
-                               <shibmd:Scope>example.org</shibmd:Scope>
-                               <!-- This enables testing against Internet2's test site. -->
-                               <shibmd:Scope>example.edu</shibmd:Scope>
-                       </Extensions>
-                       
-                       <!-- The certificate has to be repeated here (or a different one specified if necessary). -->
-                       <KeyDescriptor use="signing">
-                           <ds:KeyInfo>
-                               <ds:X509Data>
-                                       <ds:X509Certificate>
-MIICkjCCAfugAwIBAgIJAK7VCxPsh8yrMA0GCSqGSIb3DQEBBAUAMDsxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxl
-Lm9yZzAeFw0wNTA2MjAxNTUwNDFaFw0zMjExMDUxNTUwNDFaMDsxCzAJBgNVBAYT
-AlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9y
-ZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2VnUvWYrNhtRUqIxAuFmV8YP
-Jhr+OMKJpc/RaEs2C8mk5N5qO+ysClg2cVfkws3O4Lc15AiNdQ0s3ZijYwJK2EEg
-4vmoTl2RrjP1b3PK2h+VbUuYny9enHwDL+Z4bjP/8nmIKlhUSq4DTGXbwdQiWjCd
-lQXvDtvHRwX/TaqtHbcCAwEAAaOBnTCBmjAdBgNVHQ4EFgQUlmI7WqzIDJzcfAyU
-v2kmk3p9sbAwawYDVR0jBGQwYoAUlmI7WqzIDJzcfAyUv2kmk3p9sbChP6Q9MDsx
-CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxGDAWBgNVBAMTD2lkcC5l
-eGFtcGxlLm9yZ4IJAK7VCxPsh8yrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
-BQADgYEAsatF5gh1ZBF1QuXxchKp2BKVOsK+23y+FqhuOuVi/PTMf+Li84Ih25Al
-Jyy3OKc0oprM6tCJaiSooy32KTW6a1xhPm2MwuXzD33SPoKItue/ndp8Bhx/PO9U
-w14fpgtAk2x8xD7cpHsZ073JHxEcjEetD8PTtrFdNu6GwIrv6Sk=
-                                       </ds:X509Certificate>
-                               </ds:X509Data>
-                           </ds:KeyInfo>
-                       </KeyDescriptor>
-
-                       <!-- This key is used by Internet2's test site. -->
-                       <KeyDescriptor use="signing">
-                               <ds:KeyInfo>
-                                       <ds:X509Data>
-                                               <ds:X509Certificate>
-MIIDADCCAmmgAwIBAgICBPIwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
-MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
-F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
-bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
-LS0gMjAwMjA3MDFBMB4XDTA1MDUyNjAxMDE1MloXDTA5MDcwNTAxMDE1MlowPjEL
-MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEbMBkGA1UEAxMSd2F5Zi5p
-bnRlcm5ldDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpUs
-kDqIN54O/AbF9rVqe8FJ1q/Ep7edGGOQUjlnt2c2AyVuvveSfW/Hh82DjdF0HMaW
-C5kv/ZInBLi4kO6Xx2EjPijZmK11WxHx+WbhgCziY4KzetL3XT63QdCSSQVnaEJV
-oM9yWsOOHpeWaFiX2alAfkYbCVt9kQiB2amyCuwcOwPWh0Saf7UTEyXoE9IMNWUz
-oaydiwm6TH2zJ7ZNMogeL14o5Fv7I6znKwVGvqrz6iIGWTI7v/ZmnF/jwyW4GOdS
-fX7s/G+M6uSndSM5si+s7iE+MdtP0qZ2M3xd4zWSpYTWRnq3uVMc9w04mF5LZM5q
-B8ktgtaTLS5X2sWv6QIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF
-oDANBgkqhkiG9w0BAQQFAAOBgQBDiDqvFbuhMMxAQ89CNBFLiXkcMLrX2Ht96Zux
-JfS8fAx/Obbz5im1jK7peLhFr/9KgLtAkoz4aWtBL+qWcL3a1VYTu9H3Q2w9QbV2
-rxmbK0h8tw6qTA+F4FrErGufQv+kEmm1WRXXeyqEcsadZpsXauRD8iraq9f5WrLX
-AtThLg==
-                                               </ds:X509Certificate>
-                                       </ds:X509Data>
-                               </ds:KeyInfo>
-                       </KeyDescriptor>
-                       
-                       <!-- This tells SPs how and where to send queries. -->
-                       <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                           Location="https://idp.example.org:8443/shibboleth-idp/AA"/>
-
-                       <!-- This enables testing against Internet2's test site. -->
-                       <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                               Location="https://wayf.internet2.edu:8443/shibboleth-idp/AA"/>
-                       
-                       <!-- This tells SPs that you support only the Shib handle format. -->
-                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-               </AttributeAuthorityDescriptor>
-
-               <!-- This is just information about the entity in human terms. -->
-               <Organization>
-                   <OrganizationName xml:lang="en">Example Identity Provider</OrganizationName>
-                   <OrganizationDisplayName xml:lang="en">Identities 'R' Us</OrganizationDisplayName>
-                   <OrganizationURL xml:lang="en">http://idp.example.org/</OrganizationURL>
-               </Organization>
-               <ContactPerson contactType="technical">
-                   <SurName>Technical Support</SurName>
-                   <EmailAddress>support@idp.example.org</EmailAddress>
-               </ContactPerson>
-
-       </EntityDescriptor>
-
-       <!-- See the comment earlier about how an entityID is chosen/created. -->
-       <EntityDescriptor entityID="https://sp.example.org/shibboleth">
-       
-               <!-- A Shib SP contains this element with protocol support as shown. -->
-               <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-               
-                       <!--
-                       One or more KeyDescriptors tell IdPs how the SP will authenticate itself. A single
-                       descriptor can be used for both signing and for client-TLS if its use attribute
-                       is set to "signing". You can place an X.509 certificate directly in this element
-                       to specify the exact public key certificate to use. This only reflects the public
-                       half of the keypair used by the IdP.
-                       
-                       The SP uses the private key included in its Credentials configuration element
-                       for both XML signing and client-side TLS. An IdP will then try to match the
-                       certificates in the KeyDescriptors here to the ones presented in the XML
-                       Signature or SSL session.
-                       
-                       When an inline certificate is used, do not assume that an expired certificate
-                       will be detected and rejected. Often only the key will be extracted without
-                       regard for the certificate, but at the same time, it may be risky to include
-                       an expired certificate and assume it will work. Your SAML implementation
-                       may provide specific guidance on this.
-                       -->
-                       <KeyDescriptor use="signing">
-                           <ds:KeyInfo>
-                               <ds:X509Data>
-                                       <ds:X509Certificate>
-MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
-b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
-/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
-qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
-7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p
-JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw
-CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt
-cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
-LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
-gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-                                       </ds:X509Certificate>
-                               </ds:X509Data>
-                           </ds:KeyInfo>
-                       </KeyDescriptor>
-                       
-                       <!-- This tells IdPs that you support only the Shib handle format. -->
-                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
-                   
-                       <!--
-                       This tells IdPs where and how to send authentication assertions. Mostly
-                       the SP will tell the IdP what location to use in its request, but this
-                       is how the IdP validates the location and also figures out which
-                       SAML profile to use. There are six listed to accomodate common testing
-                       scenarios used by C++ and Java SP installations. At deployment time,
-                       only the actual endpoints to be used are needed. 
-                       -->
-                       <AssertionConsumerService index="1" isDefault="true"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                               Location="https://sp.example.org/Shibboleth.sso/SAML/POST"/>
-                       <AssertionConsumerService index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
-                               Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
-                       <AssertionConsumerService index="3"
-                       Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                       Location="https://sp.example.org/shibboleth-sp/Shibboleth.sso/SAML/POST"/>
-                   <AssertionConsumerService index="4"
-                       Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
-                       Location="https://sp.example.org/shibboleth-sp/Shibboleth.sso/SAML/Artifact"/>
-                       <AssertionConsumerService index="5"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
-                               Location="https://sp.example.org:9443/shibboleth-sp/Shibboleth.sso/SAML/POST"/>
-                       <AssertionConsumerService index="6"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
-                               Location="https://sp.example.org:9443/shibboleth-sp/Shibboleth.sso/SAML/Artifact"/>
-                       
-               </SPSSODescriptor>
-
-               <!-- This is just information about the entity in human terms. -->
-               <Organization>
-                       <OrganizationName xml:lang="en">Example Service Provider</OrganizationName>
-                       <OrganizationDisplayName xml:lang="en">Services 'R' Us</OrganizationDisplayName>
-                       <OrganizationURL xml:lang="en">http://sp.example.org/</OrganizationURL>
-               </Organization>
-               <ContactPerson contactType="technical">
-                       <SurName>Technical Support</SurName>
-                       <EmailAddress>support@sp.example.org</EmailAddress>
-               </ContactPerson>
-               
-       </EntityDescriptor>
-
-</EntitiesDescriptor>
diff --git a/testresources/basicSpHome/sp-example.crt b/testresources/basicSpHome/sp-example.crt
deleted file mode 100644 (file)
index e8261f3..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
-b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
-/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
-qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
-7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p
-JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw
-CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt
-cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
-LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
-gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
------END CERTIFICATE-----
diff --git a/testresources/basicSpHome/sp-example.key b/testresources/basicSpHome/sp-example.key
deleted file mode 100644 (file)
index 5149449..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZWdS9Zis2G1FSojEC4WZXxg8mGv44womlz9FoSzYLyaTk3mo7
-7KwKWDZxV+TCzc7gtzXkCI11DSzdmKNjAkrYQSDi+ahOXZGuM/Vvc8raH5VtS5if
-L16cfAMv5nhuM//yeYgqWFRKrgNMZdvB1CJaMJ2VBe8O28dHBf9Nqq0dtwIDAQAB
-AoGAKsaVKdlLs9BYhuzIvIpju+6M2LEDS2Rt9qYZzm7O6i77NtfXDIgdq8OEo3Xq
-3bPnfS5Retl8DYdURyBdN4Uh+WR/BUWQjBvOaJLEEdxvuAaLyAjniVREwkc2rXTZ
-xoYYFL/XMyAEt/ye2ZbTw2u5R2i7HCYdddZWMkP1+Vabg8ECQQD7VJXWy8KFiyeC
-thJiVqG/h5IO0y25dId/n81sW2B55eK0c4+IVsqc0a45/U/y2y1wtNBmIEQQn9yY
-pDtWwzVRAkEA3WOgmvxFGTI5V1K5CLCCZzQIUYpzQDQvBu2sKYuy8dK2BMEGe9Zw
-cKVyZJuDKHBvrVI5G6CqkHuFD2PwDvwAhwJBAPdfbM/q4/4/VddAz918uV1j2a2/
-y3yDJq7GIhHp6o5wZ3AHYhnmmyw48YxgOGWntxT80zYBwhy+zAhtdX5TStECQEKL
-drP/TfnD2e6Ag/Ozso642iNAXWIYDWakvBIE1rXPYzzMlFlW3JdPc7H/+I2INlk/
-lMDUK1CggB9fJ8IpRzMCQQDQmqpWZtH6eaMAN6b/9WBdVzqzpCeTWFlL/SwhVbzI
-s+k2zvC4HEAK9Y199g6SHVTQMEAE49wfhhCpY0JdCsQ/
------END RSA PRIVATE KEY-----
diff --git a/testresources/basicSpHome/spconfig.xml b/testresources/basicSpHome/spconfig.xml
deleted file mode 100644 (file)
index f9d43d2..0000000
+++ /dev/null
@@ -1,116 +0,0 @@
-<?xml version="1.1" encoding="ISO-8859-1"?>
-
-<SPConfig xmlns="urn:mace:shibboleth:target:config:1.0"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="urn:mace:shibboleth:target:config:1.0 ../../src/schemas/shibboleth-targetconfig-1.0.xsd"
-       clockSkew="180">
-
-       <Global>
-               <UnixListener address="bogus"/>
-               <MemorySessionCache 
-                       cleanupInterval="300" 
-                       cacheTimeout="3600" 
-                       AATimeout="30" 
-                       AAConnectTimeout="15"
-                       defaultLifetime="1800" 
-                       retryInterval="300" 
-                       strictValidity="false" 
-                       propagateErrors="false"
-                       />
-       </Global>
-    
-       <Local localRelayState="true">
-               <RequestMapProvider type="edu.internet2.middleware.shibboleth.sp.provider.NativeRequestMapProvider">
-                       <RequestMap applicationId="default">
-                               <Host name="sp.example.org">
-                                       <Path name="secure" authType="shibboleth" requireSession="true" exportAssertion="true" />
-                               </Host>
-                       </RequestMap>
-               </RequestMapProvider>
-               
-       </Local>
-
-       <Applications id="default" 
-               providerId="https://sp.example.org/shibboleth"
-               homeURL="https://sp.example.org/index.html"
-               xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-               xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-
-               <Sessions lifetime="7200" timeout="3600" checkAddress="false"
-                       handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7">
-                       <SessionInitiator isDefault="true" id="example" Location="/WAYF/idp.example.org"
-                               Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
-                               wayfURL="https://idp.example.org:8443/shibboleth-idp/SSO"
-                               wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
-                       <md:AssertionConsumerService Location="/SAML/POST" isDefault="true" index="1"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
-                       <md:AssertionConsumerService Location="/SAML/Artifact" index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
-                       <md:SingleLogoutService Location="/Logout" Binding="urn:mace:shibboleth:sp:1.3:Logout"/>
-
-               </Sessions>
-
-               <Errors session="sessionError.html"
-                       metadata="metadataError.html"
-                       rm="rmError.html"
-                       access="accessError.html"
-                       supportContact="root@localhost"
-                       logoLocation="/shibtarget/logo.jpg"
-                       styleSheet="/shibtarget/main.css"/>
-
-               <CredentialUse TLS="defcreds" Signing="defcreds">
-                       <!-- RelyingParty elements can customize credentials for specific IdPs/sets. -->
-                       <!--
-                       <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
-                       -->
-               </CredentialUse>
-                       
-               <!-- Use designators to request specific attributes or none to ask for all -->
-               <!--
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               -->
-
-               <AAPProvider type="edu.internet2.middleware.shibboleth.aap.provider.XMLAAP" 
-                       uri="/basicSpHome/AAP.xml"/>
-               
-               <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                       uri="/basicSpHome/example-metadata.xml"/>
-
-               <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust"/>
-                                       
-               <saml:Audience>urn:mace:inqueue</saml:Audience>
-               
-               <Application id="bogus">
-                       <Sessions lifetime="7200" timeout="3600" checkAddress="true"
-                               handlerURL="/secure/admin/Shibboleth.sso" handlerSSL="true"
-                               cookieProps="; path=/secure/admin; secure"/>
-                       <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
-                               AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               </Application>
-
-       </Applications>
-       
-       <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
-       <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
-               <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
-                       <FileResolver Id="defcreds">
-                               <Key format="PEM">
-                                       <Path>/basicSpHome/sp-example.key</Path>
-                               </Key>
-                               <Certificate format="PEM">
-                                       <Path>/basicSpHome/sp-example.crt</Path>
-                               </Certificate>
-                       </FileResolver>
-                       
-               </Credentials>
-       </CredentialsProvider>
-
-       <!-- Specialized attribute handling for cases with complex syntax. -->
-       <AttributeFactory AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
-               type="edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory"/>
-
-</SPConfig>
-