Removed SP/WAYF resources from IdP project.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 30 Aug 2006 16:33:48 +0000 (16:33 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 30 Aug 2006 16:33:48 +0000 (16:33 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2003 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

data/spconfig.xml [deleted file]
src/conf/dist.sp-iqidp.xml [deleted file]
src/conf/dist.sp-localidp.xml [deleted file]
src/conf/sp-config.logger [deleted file]
src/conf/sp-example.crt [deleted file]
src/conf/sp-example.jks [deleted file]
src/conf/sp-example.key [deleted file]
src/conf/wayfconfig.xml [deleted file]

diff --git a/data/spconfig.xml b/data/spconfig.xml
deleted file mode 100644 (file)
index dcb2caa..0000000
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.1" encoding="ISO-8859-1"?>
-
-<SPConfig xmlns="urn:mace:shibboleth:target:config:1.0"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="urn:mace:shibboleth:target:config:1.0 ../src/schemas/shibboleth-targetconfig-1.0.xsd"
-       clockSkew="180">
-
-       <Global logger="file:///usr/local/shibboleth-sp/etc/shibd.logger">
-               <UnixListener address="bogus"/>
-               <MemorySessionCache 
-                       cleanupInterval="300" 
-                       cacheTimeout="3600" 
-                       AATimeout="30" 
-                       AAConnectTimeout="15"
-                       defaultLifetime="1800" 
-                       retryInterval="300" 
-                       strictValidity="false" 
-                       propagateErrors="false"
-                       />
-       </Global>
-    
-       <Local localRelayState="true">
-               <RequestMapProvider type="edu.internet2.middleware.shibboleth.sp.provider.NativeRequestMapProvider">
-                       <RequestMap applicationId="default">
-                               <Host name="sp.example.org">
-                                       <Path name="secure" authType="shibboleth" requireSession="true" exportAssertion="true" />
-                               </Host>
-                       </RequestMap>
-               </RequestMapProvider>
-               
-       </Local>
-
-       <Applications id="default" 
-               providerId="https://sp.example.org/shibboleth"
-               homeURL="https://sp.example.org/index.html"
-               xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-               xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-
-               <Sessions lifetime="7200" timeout="3600" checkAddress="false"
-                       handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7">
-                       <SessionInitiator isDefault="true" id="example" Location="/WAYF/idp.example.org"
-                               Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
-                               wayfURL="https://idp.example.org:8443/shibboleth-idp/SSO"
-                               wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
-                       <md:AssertionConsumerService Location="/SAML/POST" isDefault="true" index="1"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
-                       <md:AssertionConsumerService Location="/SAML/Artifact" index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
-                       <md:SingleLogoutService Location="/Logout" Binding="urn:mace:shibboleth:sp:1.3:Logout"/>
-
-               </Sessions>
-
-               <Errors session="file:///usr/local/shibboleth-sp/etc/sessionError.html"
-                       metadata="file:///usr/local/shibboleth-sp/etc/metadataError.html"
-                       rm="file:///usr/local/shibboleth-sp/etc/rmError.html"
-                       access="file:///usr/local/shibboleth-sp/etc/accessError.html"
-                       supportContact="root@localhost"
-                       logoLocation="/shibtarget/logo.jpg"
-                       styleSheet="/shibtarget/main.css"/>
-
-               <CredentialUse TLS="defcreds" Signing="defcreds">
-                       <!-- RelyingParty elements can customize credentials for specific IdPs/sets. -->
-                       <!--
-                       <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
-                       -->
-               </CredentialUse>
-                       
-               <!-- Use designators to request specific attributes or none to ask for all -->
-               <!--
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               -->
-
-               <AAPProvider type="edu.internet2.middleware.shibboleth.aap.provider.XMLAAP" uri="file:///usr/local/shibboleth-sp/etc/AAP.xml"/>
-               
-               <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                       uri="file:///usr/local/shibboleth-sp/etc/example-metadata.xml"/>
-
-               <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust"/>
-                                       
-               <saml:Audience>urn:mace:inqueue</saml:Audience>
-               
-               <Application id="bogus">
-                       <Sessions lifetime="7200" timeout="3600" checkAddress="true"
-                               handlerURL="/secure/admin/Shibboleth.sso" handlerSSL="true"
-                               cookieProps="; path=/secure/admin; secure"/>
-                       <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
-                               AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               </Application>
-
-       </Applications>
-       
-       <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
-       <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
-               <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
-                       <FileResolver Id="defcreds">
-                               <Key format="PEM">
-                                       <Path>file:///usr/local/shibboleth-sp/etc/sp-example.key</Path>
-                               </Key>
-                               <Certificate format="PEM">
-                                       <Path>file:///usr/local/shibboleth-sp/etc/sp-example.crt</Path>
-                               </Certificate>
-                       </FileResolver>
-                       
-               </Credentials>
-       </CredentialsProvider>
-
-       <!-- Specialized attribute handling for cases with complex syntax. -->
-       <AttributeFactory AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
-               type="edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory"/>
-
-</SPConfig>
-
diff --git a/src/conf/dist.sp-iqidp.xml b/src/conf/dist.sp-iqidp.xml
deleted file mode 100644 (file)
index 6ff6658..0000000
+++ /dev/null
@@ -1,244 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!-- Sample configuration file for the Java SP. It shares syntax with the C++ SP, but
-        some elements used only by C++ have been removed here. 
-        [Note: at this time no all elements of this configuration file
-        are supported.]
-        -->
-
-<SPConfig xmlns="urn:mace:shibboleth:target:config:1.0"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="urn:mace:shibboleth:target:config:1.0 ../schemas/shibboleth-targetconfig-1.0.xsd"
-       clockSkew="180">
-
-       <!-- The Global section pertains to shared Shibboleth processes like the shibd daemon. -->
-       <Global logger="$SP_HOME$/etc/shibd.logger">
-               
-    
-               <!-- A listener (TCP or Unix) is required by the syntax
-                       of the configuration file, but is not used by Java.
-                       At some point in the future there may be an RMI listener. -->
-               <UnixListener address="bogus"/>
-               
-               <!--
-               See deploy guide for details, but:
-                       cacheTimeout - how long before expired sessions are purged from the cache
-                       AATimeout - how long to wait for an AA to respond
-                       AAConnectTimeout - how long to wait while connecting to an AA
-                       defaultLifetime - if attributes come back without guidance, how long should they last?
-                       strictValidity - if we have expired attrs, and can't get new ones, keep using them?
-                       propagateErrors - suppress errors while getting attrs or let user see them?
-                       retryInterval - if propagateErrors is false and query fails, how long to wait before trying again
-               Only one session cache can be defined.
-               -->
-               <MemorySessionCache 
-                       cleanupInterval="300" 
-                       cacheTimeout="3600" 
-                       AATimeout="30" 
-                       AAConnectTimeout="15"
-                       defaultLifetime="1800" 
-                       retryInterval="300" 
-                       strictValidity="false" 
-                       propagateErrors="false"
-                       />
-        
-       </Global>
-    
-       <!-- The Local section pertains to resource-serving processes (often process pools) like web servers. -->
-       <Local localRelayState="true">
-               <!--
-               To customize behavior, map hostnames and path components to applicationId and other settings.
-               
-               The RequestMapProvider specified here is authoritative when it assigns an appliationId to 
-               resource directories under the control of this SP. However, the information here about when
-               to require authentication is advistory, and may be overridden by the configuration of the
-               ResourceManager. In particular, the Servlet Filter has initialization parameters in its
-               web.xml that will override what is configured here about requireSession.
-               -->
-               <RequestMapProvider type="edu.internet2.middleware.shibboleth.sp.provider.NativeRequestMapProvider">
-                       <RequestMap applicationId="default">
-                               <Host name="replace.with.your.computer.name">
-                                       <!-- Nominally require shibboleth authentication for all documents under /secure.
-                                                Note that the sample /secure application distributed with the Filter overrides
-                                                this to specify only specific file names/types. -->
-                                       <Path name="secure" authType="shibboleth" requireSession="true" exportAssertion="true">
-                                       </Path>
-                               </Host>
-                       </RequestMap>
-               </RequestMapProvider>
-               
-       </Local>
-
-       <!--
-       The Applications section is where most of Shibboleth's SAML bits are defined.
-       Resource requests are mapped in the Local section into an applicationId that
-       points into to this section.
-       -->
-       <Applications id="default" 
-               providerId="https://replace.with.your.computer.name/shibboleth"
-               homeURL="https://replace.with.your.computer.name/index.html"
-               xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-               xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-
-               <!--
-               Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
-               You MUST supply an effectively unique handlerURL value for each of your applications.
-               The value can be a relative path, a URL with no hostname (https:///path) or a full URL.
-               The system can compute a relative value based on the virtual host. Using handlerSSL="true"
-               will force the protocol to be https. You should also add a cookieProps setting of "; secure"
-               in that case. Note that while we default checkAddress to "false", this has a negative
-               impact on the security of the SP. Stealing cookies/sessions is much easier with this
-               disabled.
-               -->
-               <Sessions lifetime="7200" timeout="3600" checkAddress="false"
-                       handlerURL="https://replace.with.your.computer.name:9443/shibboleth-sp/Shibboleth.sso" 
-                       handlerSSL="false" idpHistory="true" idpHistoryDays="7">
-                       
-                       <!--
-                       SessionInitiators handle session requests and relay them to a WAYF or directly
-                       to an IdP, if possible. Automatic session setup will use the default or first
-                       element (or requestSessionWith can specify a specific id to use). Lazy sessions
-                       can be started with any initiator. The only Binding supported is the
-                       "urn:mace:shibboleth:sp:1.3:SessionInit" lazy session profile.
-                       -->
-                       
-                       <!-- This example directs users to a specific federation's WAYF service. -->
-                       <SessionInitiator isDefault="true" id="IQ" Location="/WAYF/InQueue"
-                               Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
-                               wayfURL="https://wayf.internet2.edu/InQueue/WAYF"
-                               wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
-                               
-                       
-                       <!--
-                       md:AssertionConsumerService elements replace the old shireURL function with an
-                       explicit handler for particular profiles, such as SAML 1.1 POST or Artifact.
-                       The isDefault and index attributes are used when sessions are initiated
-                       to determine how to tell the IdP where and how to return the response.
-                       -->
-                       <md:AssertionConsumerService 
-                               Location="/SAML/POST" 
-                               isDefault="true" index="1"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
-                       <md:AssertionConsumerService 
-                               Location="/SAML/Artifact" 
-                               index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
-                       
-                       <!--
-                       md:SingleLogoutService elements are mostly a placeholder for 2.0, but a simple
-                       cookie-clearing option with a ResponseLocation or a return URL parameter is
-                       supported via the "urn:mace:shibboleth:sp:1.3:Logout" Binding value.
-                       -->
-                       <md:SingleLogoutService Location="/Logout" Binding="urn:mace:shibboleth:sp:1.3:Logout"/>
-
-               </Sessions>
-
-               <!--
-               You should customize these pages! You can add attributes with values that can be plugged
-               into your templates. You can remove the access attribute to cause the module to return a
-               standard 403 Forbidden error code if authorization fails, and then customize that condition
-               using your web server.
-               -->
-               <Errors session="sessionError.html"
-                       metadata="metadataError.html"
-                       rm="rmError.html"
-                       access="accessError.html" />
-
-               <!-- Indicates what credentials to use when communicating -->
-               <CredentialUse TLS="defcreds" Signing="defcreds">
-                       <RelyingParty Name="urn:mace:shibboleth:examples" TLS="defcreds" Signing="defcreds" />
-               </CredentialUse>
-                       
-               <!-- Use designators to request specific attributes or none to ask for all -->
-               <!--
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               -->
-
-               <!-- AAP can be inline or in a separate file -->
-               <AAPProvider type="edu.internet2.middleware.shibboleth.aap.provider.XMLAAP" uri="$SP_HOME$/etc/AAP.xml"/>
-               
-               <!-- Operational config consists of metadata and trust providers. Can be external or inline. -->
-
-               <!-- InQueue pilot federation, delete for production deployments. -->
-               <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                       uri="$SP_HOME$/etc/IQ-metadata.xml"/>
-               
-               <!-- The standard trust provider supports SAMLv2 metadata with path validation extensions. -->
-               <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust"/>
-                                       
-               <!--
-               Zero or more SAML Audience condition matches (mainly for Shib 1.1 compatibility).
-               If you get "policy mismatch errors, you probably need to supply metadata about
-               your SP to the IdP if it's running 1.2. Adding an element here is only a partial fix.
-               -->
-               <saml:Audience>urn:mace:inqueue</saml:Audience>
-               
-               <!--
-               You can customize behavior of specific applications here. The default elements inside the
-               outer <Applications> element generally have to be overridden in an all or nothing fashion.
-               That is, if you supply a <Sessions> or <Errors> override, you MUST include all attributes
-               you want to apply, as they will not be inherited. Similarly, if you specify an element such as
-               <MetadataProvider>, it is not additive with the defaults, but replaces them.
-               
-               Note that each application must have a handlerURL that maps uniquely to it and no other
-               application in the <RequestMap>. Otherwise no sessions will reach the application.
-               If each application lives on its own vhost, then a single handler at "/Shibboleth.sso"
-               is sufficient, since the hostname will distinguish the application.
-               
-               The example below shows a special application that requires use of SSL when establishing
-               sessions, restricts the session cookie to SSL and a specific folder, and inherits most other
-               behavior except that it requests only EPPN from the origin instead of asking for all attributes.
-               Note that it will inherit all of the handler endpoints defined for the default application
-               but will append them to the handlerURL defined here.
-               -->
-               <!-- 
-               <Application id="foo-admin">
-                       <Sessions lifetime="7200" timeout="3600" checkAddress="true"
-                               handlerURL="/secure/admin/Shibboleth.sso" handlerSSL="true"
-                               cookieProps="; path=/secure/admin; secure"/>
-                       <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
-                               AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               </Application>
-               -->
-
-       </Applications>
-       
-       <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
-       <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
-               <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
-                       <FileResolver Id="defcreds">
-                               <Key format="PEM">
-                                       <Path>$SP_HOME$/etc/sp-example.key</Path>
-                               </Key>
-                               <Certificate format="PEM">
-                                       <Path>$SP_HOME$/etc/sp-example.crt</Path>
-                               </Certificate>
-                       </FileResolver>
-                       
-                       <!--
-                       Mostly you can define a single keypair above, but you can define and name a second
-                       keypair to be used only in specific cases and then specify when to use it inside a
-                       <CredentialUse> element.
-                       -->
-                       <!--
-                       <FileResolver Id="inqueuecreds">
-                               <Key format="PEM" password="handsoff">
-                                       <Path>$SP_HOME$/etc/inqueue.key</Path>
-                               </Key>
-                               <Certificate format="PEM">
-                                       <Path>$SP_HOME$/etc/inqueue.crt</Path>
-                               </Certificate>
-                       </FileResolver>
-                       -->
-               </Credentials>
-       </CredentialsProvider>
-
-       <!-- Specialized attribute handling for cases with complex syntax. -->
-       <AttributeFactory AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
-               type="edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory"/>
-
-</SPConfig>
-
diff --git a/src/conf/dist.sp-localidp.xml b/src/conf/dist.sp-localidp.xml
deleted file mode 100644 (file)
index 013313d..0000000
+++ /dev/null
@@ -1,253 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!-- Sample configuration file for the Java SP. It shares syntax with the C++ SP, but
-        some elements used only by C++ have been removed here. 
-        [Note: at this time no all elements of this configuration file
-        are supported.]
-        -->
-
-<SPConfig xmlns="urn:mace:shibboleth:target:config:1.0"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="urn:mace:shibboleth:target:config:1.0 ../schemas/shibboleth-targetconfig-1.0.xsd"
-       clockSkew="180">
-
-       <!-- The Global section pertains to shared Shibboleth processes like the shibd daemon. -->
-       <Global logger="$SP_HOME$/etc/shibd.logger">
-               
-    
-               <!-- A listener (TCP or Unix) is required by the syntax
-                       of the configuration file, but is not used by Java.
-                       At some point in the future there may be an RMI listener. -->
-               <UnixListener address="bogus"/>
-               
-               <!--
-               See deploy guide for details, but:
-                       cacheTimeout - how long before expired sessions are purged from the cache
-                       AATimeout - how long to wait for an AA to respond
-                       AAConnectTimeout - how long to wait while connecting to an AA
-                       defaultLifetime - if attributes come back without guidance, how long should they last?
-                       strictValidity - if we have expired attrs, and can't get new ones, keep using them?
-                       propagateErrors - suppress errors while getting attrs or let user see them?
-                       retryInterval - if propagateErrors is false and query fails, how long to wait before trying again
-               Only one session cache can be defined.
-               -->
-               <MemorySessionCache 
-                       cleanupInterval="300" 
-                       cacheTimeout="3600" 
-                       AATimeout="30" 
-                       AAConnectTimeout="15"
-                       defaultLifetime="1800" 
-                       retryInterval="300" 
-                       strictValidity="false" 
-                       propagateErrors="false"
-                       />
-        
-       </Global>
-    
-       <!-- The Local section pertains to resource-serving processes (often process pools) like web servers. -->
-       <Local localRelayState="true">
-               <!--
-               To customize behavior, map hostnames and path components to applicationId and other settings.
-               
-               The RequestMapProvider specified here is authoritative when it assigns an appliationId to 
-               resource directories under the control of this SP. However, the information here about when
-               to require authentication is advistory, and may be overridden by the configuration of the
-               ResourceManager. In particular, the Servlet Filter has initialization parameters in its
-               web.xml that will override what is configured here about requireSession.
-               -->
-               <RequestMapProvider type="edu.internet2.middleware.shibboleth.sp.provider.NativeRequestMapProvider">
-                       <RequestMap applicationId="default">
-                               <Host name="sp.example.org">
-                                       <!-- Nominally require shibboleth authentication for all documents under /secure.
-                                                Note that the sample /secure application distributed with the Filter overrides
-                                                this to specify only specific file names/types. -->
-                                       <Path name="secure" authType="shibboleth" requireSession="true" exportAssertion="true">
-                                       </Path>
-                               </Host>
-                       </RequestMap>
-               </RequestMapProvider>
-               
-       </Local>
-
-       <!--
-       The Applications section is where most of Shibboleth's SAML bits are defined.
-       Resource requests are mapped in the Local section into an applicationId that
-       points into to this section.
-       -->
-       <Applications id="default" 
-               providerId="https://sp.example.org/shibboleth"
-               homeURL="https://sp.example.org/index.html"
-               xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-               xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-
-               <!--
-               Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
-               You MUST supply an effectively unique handlerURL value for each of your applications.
-               The value can be a relative path, a URL with no hostname (https:///path) or a full URL.
-               The system can compute a relative value based on the virtual host. Using handlerSSL="true"
-               will force the protocol to be https. You should also add a cookieProps setting of "; secure"
-               in that case. Note that while we default checkAddress to "false", this has a negative
-               impact on the security of the SP. Stealing cookies/sessions is much easier with this
-               disabled.
-               -->
-               <Sessions lifetime="7200" timeout="3600" checkAddress="false"
-                       handlerURL="https://sp.example.org:9443/shibboleth-sp/Shibboleth.sso" 
-                       handlerSSL="false" idpHistory="true" idpHistoryDays="7">
-                       
-                       <!--
-                       SessionInitiators handle session requests and relay them to a WAYF or directly
-                       to an IdP, if possible. Automatic session setup will use the default or first
-                       element (or requestSessionWith can specify a specific id to use). Lazy sessions
-                       can be started with any initiator. The only Binding supported is the
-                       "urn:mace:shibboleth:sp:1.3:SessionInit" lazy session profile.
-                       -->
-                       
-                       <!-- This default example directs users to a specific IdP's SSO service. -->
-                       <SessionInitiator isDefault="true" id="example" Location="/WAYF/idp.example.org"
-                               Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
-                               wayfURL="https://idp.example.org:443/shibboleth-idp/SSO"
-                               wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
-                               
-                       <!-- This example directs users to a specific federation's WAYF service. -->
-                       <SessionInitiator id="IQ" Location="/WAYF/InQueue"
-                               Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
-                               wayfURL="https://wayf.internet2.edu/InQueue/WAYF"
-                               wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
-                       
-                       <!--
-                       md:AssertionConsumerService elements replace the old shireURL function with an
-                       explicit handler for particular profiles, such as SAML 1.1 POST or Artifact.
-                       The isDefault and index attributes are used when sessions are initiated
-                       to determine how to tell the IdP where and how to return the response.
-                       -->
-                       <md:AssertionConsumerService 
-                               Location="/SAML/POST" 
-                               isDefault="true" index="1"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
-                       <md:AssertionConsumerService 
-                               Location="/SAML/Artifact" 
-                               index="2"
-                               Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
-                       
-                       <!--
-                       md:SingleLogoutService elements are mostly a placeholder for 2.0, but a simple
-                       cookie-clearing option with a ResponseLocation or a return URL parameter is
-                       supported via the "urn:mace:shibboleth:sp:1.3:Logout" Binding value.
-                       -->
-                       <md:SingleLogoutService Location="/Logout" Binding="urn:mace:shibboleth:sp:1.3:Logout"/>
-
-               </Sessions>
-
-               <!--
-               You should customize these pages! You can add attributes with values that can be plugged
-               into your templates. You can remove the access attribute to cause the module to return a
-               standard 403 Forbidden error code if authorization fails, and then customize that condition
-               using your web server.
-               -->
-               <Errors session="sessionError.html"
-                       metadata="metadataError.html"
-                       rm="rmError.html"
-                       access="accessError.html" />
-
-               <!-- Indicates what credentials to use when communicating -->
-               <CredentialUse TLS="defcreds" Signing="defcreds">
-                       <RelyingParty Name="urn:mace:shibboleth:examples" TLS="defcreds" Signing="defcreds" />
-               </CredentialUse>
-                       
-               <!-- Use designators to request specific attributes or none to ask for all -->
-               <!--
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
-                       AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               -->
-
-               <!-- AAP can be inline or in a separate file -->
-               <AAPProvider type="edu.internet2.middleware.shibboleth.aap.provider.XMLAAP" uri="$SP_HOME$/etc/AAP.xml"/>
-               
-               <!-- Operational config consists of metadata and trust providers. Can be external or inline. -->
-
-               <!-- Dummy metadata for private testing, delete for production deployments. -->
-               <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                       uri="$SP_HOME$/etc/example-metadata.xml"/>
-
-               <!-- InQueue pilot federation, delete for production deployments. -->
-               <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                       uri="$SP_HOME$/etc/IQ-metadata.xml"/>
-               
-               <!-- The standard trust provider supports SAMLv2 metadata with path validation extensions. -->
-               <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust"/>
-                                       
-               <!--
-               Zero or more SAML Audience condition matches (mainly for Shib 1.1 compatibility).
-               If you get "policy mismatch errors, you probably need to supply metadata about
-               your SP to the IdP if it's running 1.2. Adding an element here is only a partial fix.
-               -->
-               <saml:Audience>urn:mace:inqueue</saml:Audience>
-               
-               <!--
-               You can customize behavior of specific applications here. The default elements inside the
-               outer <Applications> element generally have to be overridden in an all or nothing fashion.
-               That is, if you supply a <Sessions> or <Errors> override, you MUST include all attributes
-               you want to apply, as they will not be inherited. Similarly, if you specify an element such as
-               <MetadataProvider>, it is not additive with the defaults, but replaces them.
-               
-               Note that each application must have a handlerURL that maps uniquely to it and no other
-               application in the <RequestMap>. Otherwise no sessions will reach the application.
-               If each application lives on its own vhost, then a single handler at "/Shibboleth.sso"
-               is sufficient, since the hostname will distinguish the application.
-               
-               The example below shows a special application that requires use of SSL when establishing
-               sessions, restricts the session cookie to SSL and a specific folder, and inherits most other
-               behavior except that it requests only EPPN from the origin instead of asking for all attributes.
-               Note that it will inherit all of the handler endpoints defined for the default application
-               but will append them to the handlerURL defined here.
-               -->
-               <!-- 
-               <Application id="foo-admin">
-                       <Sessions lifetime="7200" timeout="3600" checkAddress="true"
-                               handlerURL="/secure/admin/Shibboleth.sso" handlerSSL="true"
-                               cookieProps="; path=/secure/admin; secure"/>
-                       <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
-                               AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
-               </Application>
-               -->
-
-       </Applications>
-       
-       <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
-       <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
-               <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
-                       <FileResolver Id="defcreds">
-                               <Key format="PEM">
-                                       <Path>$SP_HOME$/etc/sp-example.key</Path>
-                               </Key>
-                               <Certificate format="PEM">
-                                       <Path>$SP_HOME$/etc/sp-example.crt</Path>
-                               </Certificate>
-                       </FileResolver>
-                       
-                       <!--
-                       Mostly you can define a single keypair above, but you can define and name a second
-                       keypair to be used only in specific cases and then specify when to use it inside a
-                       <CredentialUse> element.
-                       -->
-                       <!--
-                       <FileResolver Id="inqueuecreds">
-                               <Key format="PEM" password="handsoff">
-                                       <Path>$SP_HOME$/etc/inqueue.key</Path>
-                               </Key>
-                               <Certificate format="PEM">
-                                       <Path>$SP_HOME$/etc/inqueue.crt</Path>
-                               </Certificate>
-                       </FileResolver>
-                       -->
-               </Credentials>
-       </CredentialsProvider>
-
-       <!-- Specialized attribute handling for cases with complex syntax. -->
-       <AttributeFactory AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
-               type="edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory"/>
-
-</SPConfig>
-
diff --git a/src/conf/sp-config.logger b/src/conf/sp-config.logger
deleted file mode 100644 (file)
index dce2892..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-# You can override the log4j configuration by specifying a logger
-# attribute for the SPConfig element in the SP configuration file
-# (if the normal logging isn't adequate)
-
-log4j.logger.edu.internet2.middleware=INFO, stdout
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%-5p %-36X{serviceId} %d{ISO8601} (%c:%L) - %m%n
-
diff --git a/src/conf/sp-example.crt b/src/conf/sp-example.crt
deleted file mode 100644 (file)
index e8261f3..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
-BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
-b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
-/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
-qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
-7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p
-JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw
-CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt
-cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
-LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
-gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
------END CERTIFICATE-----
diff --git a/src/conf/sp-example.jks b/src/conf/sp-example.jks
deleted file mode 100644 (file)
index 7115deb..0000000
Binary files a/src/conf/sp-example.jks and /dev/null differ
diff --git a/src/conf/sp-example.key b/src/conf/sp-example.key
deleted file mode 100644 (file)
index 5149449..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZWdS9Zis2G1FSojEC4WZXxg8mGv44womlz9FoSzYLyaTk3mo7
-7KwKWDZxV+TCzc7gtzXkCI11DSzdmKNjAkrYQSDi+ahOXZGuM/Vvc8raH5VtS5if
-L16cfAMv5nhuM//yeYgqWFRKrgNMZdvB1CJaMJ2VBe8O28dHBf9Nqq0dtwIDAQAB
-AoGAKsaVKdlLs9BYhuzIvIpju+6M2LEDS2Rt9qYZzm7O6i77NtfXDIgdq8OEo3Xq
-3bPnfS5Retl8DYdURyBdN4Uh+WR/BUWQjBvOaJLEEdxvuAaLyAjniVREwkc2rXTZ
-xoYYFL/XMyAEt/ye2ZbTw2u5R2i7HCYdddZWMkP1+Vabg8ECQQD7VJXWy8KFiyeC
-thJiVqG/h5IO0y25dId/n81sW2B55eK0c4+IVsqc0a45/U/y2y1wtNBmIEQQn9yY
-pDtWwzVRAkEA3WOgmvxFGTI5V1K5CLCCZzQIUYpzQDQvBu2sKYuy8dK2BMEGe9Zw
-cKVyZJuDKHBvrVI5G6CqkHuFD2PwDvwAhwJBAPdfbM/q4/4/VddAz918uV1j2a2/
-y3yDJq7GIhHp6o5wZ3AHYhnmmyw48YxgOGWntxT80zYBwhy+zAhtdX5TStECQEKL
-drP/TfnD2e6Ag/Ozso642iNAXWIYDWakvBIE1rXPYzzMlFlW3JdPc7H/+I2INlk/
-lMDUK1CggB9fJ8IpRzMCQQDQmqpWZtH6eaMAN6b/9WBdVzqzpCeTWFlL/SwhVbzI
-s+k2zvC4HEAK9Y199g6SHVTQMEAE49wfhhCpY0JdCsQ/
------END RSA PRIVATE KEY-----
diff --git a/src/conf/wayfconfig.xml b/src/conf/wayfconfig.xml
deleted file mode 100644 (file)
index 5f85e6d..0000000
+++ /dev/null
@@ -1,111 +0,0 @@
-<?xml version="1.0"?>
-<WayfConfig 
-        xmlns="urn:mace:shibboleth:wayf:config:1.0" 
-        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
-
-<!-- The default behaviour of Service is controlled via the elements
-     and attributes below.  Non default behaviour is achieved by
-     specifying any or all of these in the specific
-     DiscoveryServiceHanlder element.
-
-     The handleCookie attribute is one of 'NeverFollow', 'AlwaysFollow',
-     'FollowSingle' or 'ClearCookie' and controls how the WAYF deals
-     with the _saml_idp cookie.
-
-     The cacheDomain attribute sets the domain that the cookie will be
-     written to.
-
-     The cacheExpiration attribute sets the expiration time of the
-     cookie (if the 'Remember for a week' selection is made).
-
-     The jspFile & errorJspFile attributes control the display
-
-     The provideList attribute controls whether a single list of all
-     possible IdPs is presented.  The default wayfs.jsp works best
-     if this is true if provideListofList is true.
-     
-     The provideListOfList attribute controls whether mutiple lists
-     are presented (one for each MetadatProvider).
-
-     The showUsableIdPs attribute controls the contents of the above
-     lists.  The single list (provideList=true) is trimmed by
-     excluding IdPs which do not share a metadata file with the SP.
-     The multiple lists (provideListOfList=true) is trimmed by
-     excluding all lists which do not specify the SP.
-     
-     The SearchIgnore element contains a list of words to be ignored while
-     performing a search.
--->
-
-        <Default 
-            handleCookie="NeverFollow"
-            jspFile="/wayf.jsp"
-            errorJspFile="/wayferror.jsp"
-            provideList="false"
-            provideListOfList="true"
-            showUnusableIdPs="false"
-            cacheExpiration="604800" >
-            <SearchIgnore>
-                <IgnoreText>Institution</IgnoreText>
-                <IgnoreText>University</IgnoreText>
-                <IgnoreText>State </IgnoreText>
-                <IgnoreText>School</IgnoreText>
-            </SearchIgnore>
-        </Default>
-        
-<!-- The MetadataProvider is in a similar syntax to that used to
-     configure an IdP.  This means that plugins for the IdP can be
-     used interchangably between the IdP and WAYF.
-
-     The identifier element is used to uniquely distinguish the
-     metadata in a Federation element below -->
-
-        <MetadataProvider 
-                displayName="Put in User Friendly Name here"
-                identifier="FirstSite"
-                type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                uri="file:///usr/local/sites.xml"/>
-
-<!-- If the WAYF is to handle data from more than one metadata source
-     then more metadataproviders can be provided, as below
-        
-       <MetadataProvider 
-                displayName="Another Name Here"
-                identifier="SecondSite"
-                type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                uri="file:/usr/local/moresites.xml"/>
--->
-
-<!-- Every handler has to be declared with a DiscoverServiceHandler
-     element.  As well as the attributes and elements described above,
-     each DiscoveryServiceHandler *MUST* have a location attribute.
-     
-     The default wayf.xml specifies that "/WAYF" and "/*.wayf" are the
-     possibilities for DiscoveryServices.  If a URL matches the above,
-     but does not match any location in a DiscoveryServiceHandler,
-     then the first handler for which the default attribute is set
-     true is invoked -->
-
-
-    <DiscoveryServiceHandler
-        location=".+/WAYF" 
-        default="true" />
-
-<!-- The ClearCache handler causes the cookie to be deleted.  The jsp shipped
-     with the WAYF refers to this handler -->
-        
-    <DiscoveryServiceHandler
-        location=".+/ClearCache.wayf"
-        handleCookie="ClearCookie" />
-
-<!-- Example of how to constrain a DiscoveryService to one (or more)
-     explicit metadata sources.  (The default is to use all metadata
-     sources)
-
- <DiscoveryServiceHandler location=".+/SecondOnly.wayf" >
-
-        <Federation identifier="SecondSite"/>
-    </DiscoveryServiceHandler>  
--->
-
-</WayfConfig>