fix up mime types and EOL style
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 2 Jun 2011 17:31:46 +0000 (17:31 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 2 Jun 2011 17:31:46 +0000 (17:31 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@3035 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

35 files changed:
checkstyle.xml
pom.xml
src/installer/resources/build.xml
src/installer/resources/conf-tmpl/attribute-filter.xml
src/installer/resources/conf-tmpl/attribute-resolver.xml
src/installer/resources/conf-tmpl/handler.xml
src/installer/resources/conf-tmpl/internal.xml
src/installer/resources/conf-tmpl/logging.xml
src/installer/resources/conf-tmpl/relying-party.xml
src/installer/resources/conf-tmpl/service.xml
src/installer/resources/metadata-tmpl/idp-metadata.xml
src/main/assembly/bin.xml
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceContactTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceDescriptionTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceInformationURLTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceLogoTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceNameTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServicePrivacyURLTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceTagSupport.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/package-info.java
src/main/resources/ehcache.xml
src/main/resources/logback.xml
src/main/resources/schema/shibboleth-2.0-idp-profile-handler.xsd
src/main/webapp/WEB-INF/web.xml
src/test/java/edu/internet2/middleware/shibboleth/idp/ShibTestBootstrap.java
src/test/resources/data/conf1/attribute-filter.xml
src/test/resources/data/conf1/attribute-resolver.xml
src/test/resources/data/conf1/handler.xml
src/test/resources/data/conf1/internal.xml
src/test/resources/data/conf1/relying-party.xml
src/test/resources/data/conf1/service.xml
src/test/resources/logback-test.xml
src/tools/bat/aacli.bat
src/tools/bat/cpappend.bat
src/tools/bat/version.bat

index 30803fd..5563667 100644 (file)
@@ -1,6 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN" "http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
-
 <!--
     This configuration file was written by the eclipse-cs plugin configuration editor
 -->
diff --git a/pom.xml b/pom.xml
index ac1ff83..e10d0c9 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>edu.internet2.middleware</groupId>
         </developer>
     </developers>
 
-</project>
\ No newline at end of file
+</project>
index 6d8fd45..5c27404 100755 (executable)
@@ -1,44 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
 <project name="Shibboleth Identity Provider" basedir="../../.." default="install">
 
-    <property name="installer.dir" value="${basedir}/src/installer" />
-    <property name="resources.dir" value="${installer.dir}/resources" />
-    <property name="tools.dir" value="${basedir}/src/tools" />
-    <property name="webapp.dir" value="${basedir}/src/main/webapp" />
-    <property name="war.name" value="idp" />
+    <property name="installer.dir" value="${basedir}/src/installer"/>
+    <property name="resources.dir" value="${installer.dir}/resources"/>
+    <property name="tools.dir" value="${basedir}/src/tools"/>
+    <property name="webapp.dir" value="${basedir}/src/main/webapp"/>
+    <property name="war.name" value="idp"/>
        
     <!-- Load property from the environment -->
-    <property environment="env" />
+    <property environment="env"/>
 
     <!-- Installation specific property file -->
-    <property file="${resources.dir}/install.properties" />
+    <property file="${resources.dir}/install.properties"/>
        
     <!-- Load ant-contrib tasks -->
-    <taskdef resource="net/sf/antcontrib/antlib.xml" />
+    <taskdef resource="net/sf/antcontrib/antlib.xml"/>
 
     <!-- Load Internet2 ant extensions -->
-    <taskdef resource="edu/internet2/middleware/ant/antlib.xml" />
+    <taskdef resource="edu/internet2/middleware/ant/antlib.xml"/>
 
     <target name="install" description="Installs the identity provider software.">
        
-       <echo message="!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" />
-       <echo message="Be sure you have read the installation/upgrade instructions on the Shibboleth website before proceeding." />
-       <echo message="!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" />
+       <echo message="!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"/>
+       <echo message="Be sure you have read the installation/upgrade instructions on the Shibboleth website before proceeding."/>
+       <echo message="!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"/>
         
-        <input message="Where should the Shibboleth Identity Provider software be installed?"
-               addproperty="idp.home.input"
-               defaultvalue="${idp.home}" />
-        <var name="idp.home" value="${idp.home.input}" />
+        <input message="Where should the Shibboleth Identity Provider software be installed?" addproperty="idp.home.input" defaultvalue="${idp.home}"/>
+        <var name="idp.home" value="${idp.home.input}"/>
 
-        <pathToAbsolutePath path="${idp.home}" addproperty="idp.home.path" />
-        <pathToUrl path="${idp.home}" addproperty="idp.home.url" />
+        <pathToAbsolutePath path="${idp.home}" addproperty="idp.home.path"/>
+        <pathToUrl path="${idp.home}" addproperty="idp.home.url"/>
         
         <if>
             <available file="${idp.home.path}" property="idp.home.exists"/>
             <then>
-                <input message="The directory '${idp.home.path}' already exists.  Would you like to overwrite this Shibboleth configuration?"
-                       addproperty="install.config"
-                       validargs="yes,no"
-                       defaultvalue="no" />
+                <input message="The directory '${idp.home.path}' already exists.  Would you like to overwrite this Shibboleth configuration?" addproperty="install.config" validargs="yes,no" defaultvalue="no"/>
             </then>
             <else>
                 <var name="install.config" value="yes"/>
         </if>
 
         <if>
-            <equals arg1="${install.config}" arg2="yes" />
+            <equals arg1="${install.config}" arg2="yes"/>
             <then>
-                <input message="What is the fully qualified hostname of the Shibboleth Identity Provider server?"
-                       addproperty="idp.hostname.input"
-                       defaultvalue="${idp.hostname}" />
-                <var name="idp.hostname" value="${idp.hostname.input}" />
+                <input message="What is the fully qualified hostname of the Shibboleth Identity Provider server?" addproperty="idp.hostname.input" defaultvalue="${idp.hostname}"/>
+                <var name="idp.hostname" value="${idp.hostname.input}"/>
 
-                <input message="A keystore is about to be generated for you. Please enter a password that will be used to protect it."
-                       addproperty="idp.keystore.pass" />
+                <input message="A keystore is about to be generated for you. Please enter a password that will be used to protect it." addproperty="idp.keystore.pass"/>
 
                 <propertyfile file="${resources.dir}/install.properties">
-                    <entry key="idp.home" value="${idp.home.input}" />
-                    <entry key="idp.hostname" value="${idp.hostname.input}" />
+                    <entry key="idp.home" value="${idp.home.input}"/>
+                    <entry key="idp.hostname" value="${idp.hostname.input}"/>
                 </propertyfile>
 
-                <mkdir dir="${idp.home.path}" />
-                <mkdir dir="${idp.home.path}/bin" />
-                <mkdir dir="${idp.home.path}/conf" />
-                <mkdir dir="${idp.home.path}/credentials" />
-                <mkdir dir="${idp.home.path}/lib" />
-                <mkdir dir="${idp.home.path}/lib/endorsed" />
-                <mkdir dir="${idp.home.path}/logs" />
-                <mkdir dir="${idp.home.path}/metadata" />
-                <mkdir dir="${idp.home.path}/war" />
+                <mkdir dir="${idp.home.path}"/>
+                <mkdir dir="${idp.home.path}/bin"/>
+                <mkdir dir="${idp.home.path}/conf"/>
+                <mkdir dir="${idp.home.path}/credentials"/>
+                <mkdir dir="${idp.home.path}/lib"/>
+                <mkdir dir="${idp.home.path}/lib/endorsed"/>
+                <mkdir dir="${idp.home.path}/logs"/>
+                <mkdir dir="${idp.home.path}/metadata"/>
+                <mkdir dir="${idp.home.path}/war"/>
 
-                <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth" />
-                <var name="idp.web.xml.name" value="${webapp.dir}/WEB-INF/web.xml" />
+                <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth"/>
+                <var name="idp.web.xml.name" value="${webapp.dir}/WEB-INF/web.xml"/>
 
-                <regexSplit input="${idp.hostname}" regex="^.*\.(.*\..*$)" addproperty="idp.scope" />
+                <regexSplit input="${idp.hostname}" regex="^.*\.(.*\..*$)" addproperty="idp.scope"/>
 
-                <echo message="Generating signing and encryption key, certificate, and keystore. " />
+                <echo message="Generating signing and encryption key, certificate, and keystore. "/>
                
                <if>
-                   <isset property="env.IdPCertLifetime" />
+                   <isset property="env.IdPCertLifetime"/>
                        <then>
-                               <var name="idp.cert.lifetime" value="${env.IdPCertLifetime}" />
+                               <var name="idp.cert.lifetime" value="${env.IdPCertLifetime}"/>
                        </then>
                        <else>
-                               <var name="idp.cert.lifetime" value="20" />
+                               <var name="idp.cert.lifetime" value="20"/>
                        </else>
                </if>
                        
-                <selfSignedCert hostname="${idp.hostname}"
-                                privateKeyFile="${idp.home.path}/credentials/idp.key"
-                                certificateFile="${idp.home.path}/credentials/idp.crt"
-                                keystoreFile="${idp.home.path}/credentials/idp.jks"
-                                keystorePassword="${idp.keystore.pass}"
-                                uriSubjectAltNames="${idp.entity.id}" 
-                                certificateLifetime="${idp.cert.lifetime}" />
+                <selfSignedCert hostname="${idp.hostname}" privateKeyFile="${idp.home.path}/credentials/idp.key" certificateFile="${idp.home.path}/credentials/idp.crt" keystoreFile="${idp.home.path}/credentials/idp.jks" keystorePassword="${idp.keystore.pass}" uriSubjectAltNames="${idp.entity.id}" certificateLifetime="${idp.cert.lifetime}"/>
 
                 <copy todir="${idp.home.path}/bin" preservelastmodified="true" overwrite="true">
-                    <fileset dir="${tools.dir}/bash" />
-                    <fileset dir="${tools.dir}/bat" />
+                    <fileset dir="${tools.dir}/bash"/>
+                    <fileset dir="${tools.dir}/bat"/>
                     <filterset begintoken="$" endtoken="$">
-                        <filter token="IDP_HOME" value="${idp.home.path}" />
-                        <filter token="IDP_VERSION" value="${version}" />
+                        <filter token="IDP_HOME" value="${idp.home.path}"/>
+                        <filter token="IDP_VERSION" value="${version}"/>
                     </filterset>
                 </copy>
 
                 <copy todir="${idp.home.path}/conf" preservelastmodified="true" overwrite="true">
-                    <fileset dir="${resources.dir}/conf-tmpl" />
+                    <fileset dir="${resources.dir}/conf-tmpl"/>
                     <filterset begintoken="$" endtoken="$">
-                        <filter token="IDP_HOME" value="${idp.home.path}" />
-                        <filter token="IDP_VERSION" value="${version}" />
-                        <filter token="IDP_ENTITY_ID" value="${idp.entity.id}" />
-                        <filter token="IDP_SCOPE" value="${idp.scope}" />
-                        <filter token="IDP_CERTIFICATE" value="${idp.cert}" />
-                        <filter token="IDP_HOSTNAME" value="${idp.hostname}" />
+                        <filter token="IDP_HOME" value="${idp.home.path}"/>
+                        <filter token="IDP_VERSION" value="${version}"/>
+                        <filter token="IDP_ENTITY_ID" value="${idp.entity.id}"/>
+                        <filter token="IDP_SCOPE" value="${idp.scope}"/>
+                        <filter token="IDP_CERTIFICATE" value="${idp.cert}"/>
+                        <filter token="IDP_HOSTNAME" value="${idp.hostname}"/>
                     </filterset>
                 </copy>
 
-                <stringFromFile input="${idp.home.path}/credentials/idp.crt" addProperty="idp.cert" />
-                <regexSplit input="${idp.cert}"
-                            regex="\A.*-----\s((?:.*\s)*)-----END.*\Z"
-                            addproperty="idp.metadata.cert" />
+                <stringFromFile input="${idp.home.path}/credentials/idp.crt" addProperty="idp.cert"/>
+                <regexSplit input="${idp.cert}" regex="\A.*-----\s((?:.*\s)*)-----END.*\Z" addproperty="idp.metadata.cert"/>
                 <copy todir="${idp.home.path}/metadata" preservelastmodified="true" overwrite="true">
-                    <fileset dir="${resources.dir}/metadata-tmpl" />
+                    <fileset dir="${resources.dir}/metadata-tmpl"/>
                     <filterset begintoken="$" endtoken="$">
-                        <filter token="IDP_ENTITY_ID" value="${idp.entity.id}" />
-                        <filter token="IDP_SCOPE" value="${idp.scope}" />
-                        <filter token="IDP_CERTIFICATE" value="${idp.metadata.cert}" />
-                        <filter token="IDP_HOSTNAME" value="${idp.hostname}" />
+                        <filter token="IDP_ENTITY_ID" value="${idp.entity.id}"/>
+                        <filter token="IDP_SCOPE" value="${idp.scope}"/>
+                        <filter token="IDP_CERTIFICATE" value="${idp.metadata.cert}"/>
+                        <filter token="IDP_HOSTNAME" value="${idp.hostname}"/>
                     </filterset>
                 </copy>
             </then>
             <else>
                 <propertyfile file="${resources.dir}/install.properties">
-                    <entry key="idp.home" value="${idp.home.input}" />
+                    <entry key="idp.home" value="${idp.home.input}"/>
                 </propertyfile>
                
                 <if> 
                     <available file="${idp.home.path}/conf/web.xml" property="idp.web.xml.exists"/>
                     <then>
                         <echo message="Using ${idp.home.path}/conf/web.xml rather than default web.xml"/>
-                        <var name="idp.web.xml.name" value="${idp.home.path}/conf/web.xml" />
+                        <var name="idp.web.xml.name" value="${idp.home.path}/conf/web.xml"/>
                     </then>
                     <else>
-                        <var name="idp.web.xml.name" value="${webapp.dir}/WEB-INF/web.xml" />
+                        <var name="idp.web.xml.name" value="${webapp.dir}/WEB-INF/web.xml"/>
                     </else>
                 </if>
 
                     Even if we're not overwritting the config we should still add new files, for example, files added
                     in a new release.
                 -->
-                <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth" />
-                <regexSplit input="${idp.hostname}" regex="^.*\.(.*\..*$)" addproperty="idp.scope" />
-                <stringFromFile input="${idp.home.path}/credentials/idp.crt" addProperty="idp.cert" />
+                <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth"/>
+                <regexSplit input="${idp.hostname}" regex="^.*\.(.*\..*$)" addproperty="idp.scope"/>
+                <stringFromFile input="${idp.home.path}/credentials/idp.crt" addProperty="idp.cert"/>
                     
                 <copy todir="${idp.home.path}/bin" preservelastmodified="true" overwrite="false">
                     <fileset dir="${tools.dir}/bash">
                        <present present="srconly" targetdir="${idp.home.path}/bin"/>
                        </fileset>
                     <filterset begintoken="$" endtoken="$">
-                        <filter token="IDP_HOME" value="${idp.home.path}" />
-                        <filter token="IDP_VERSION" value="${version}" />
+                        <filter token="IDP_HOME" value="${idp.home.path}"/>
+                        <filter token="IDP_VERSION" value="${version}"/>
                     </filterset>
                 </copy>
 
                        <present present="srconly" targetdir="${idp.home.path}/conf"/>
                        </fileset>
                     <filterset begintoken="$" endtoken="$">
-                        <filter token="IDP_HOME" value="${idp.home.path}" />
-                        <filter token="IDP_VERSION" value="${version}" />
-                        <filter token="IDP_ENTITY_ID" value="${idp.entity.id}" />
-                        <filter token="IDP_SCOPE" value="${idp.scope}" />
-                        <filter token="IDP_CERTIFICATE" value="${idp.cert}" />
-                        <filter token="IDP_HOSTNAME" value="${idp.hostname}" />
+                        <filter token="IDP_HOME" value="${idp.home.path}"/>
+                        <filter token="IDP_VERSION" value="${version}"/>
+                        <filter token="IDP_ENTITY_ID" value="${idp.entity.id}"/>
+                        <filter token="IDP_SCOPE" value="${idp.scope}"/>
+                        <filter token="IDP_CERTIFICATE" value="${idp.cert}"/>
+                        <filter token="IDP_HOSTNAME" value="${idp.hostname}"/>
                     </filterset>
                 </copy>
             </else>
         </if>
                             
-        <chmod file="${idp.home.path}/bin/*.sh" perm="+x" />
+        <chmod file="${idp.home.path}/bin/*.sh" perm="+x"/>
 
        <delete>
-           <fileset dir="${idp.home.path}/lib" includes="**/*.jar" />
+           <fileset dir="${idp.home.path}/lib" includes="**/*.jar"/>
         </delete>
         <copy todir="${idp.home.path}/lib" preservelastmodified="true" overwrite="true">
-            <fileset dir="${basedir}/lib" />
+            <fileset dir="${basedir}/lib"/>
         </copy>
         <copy todir="${idp.home.path}/lib/endorsed" preservelastmodified="true" failonerror="false" overwrite="true">
-            <fileset dir="endorsed" />
+            <fileset dir="endorsed"/>
         </copy>
 
         <!-- create web.xml -->
-        <copy file="${idp.web.xml.name}"
-              todir="${installer.dir}"
-              preservelastmodified="true"
-              overwrite="true">
+        <copy file="${idp.web.xml.name}" todir="${installer.dir}" preservelastmodified="true" overwrite="true">
             <filterset begintoken="$" endtoken="$">
-                <filter token="IDP_HOME" value="${idp.home.url}" />
+                <filter token="IDP_HOME" value="${idp.home.url}"/>
             </filterset>
         </copy>
 
         <!-- build the war file -->
         <war warfile="${installer.dir}/${war.name}.war" webxml="${installer.dir}/web.xml">
             <lib dir="${basedir}/lib" excludes="servlet-api*.jar,jsp-api*.jar"/>
-            <webinf dir="${webapp.dir}/WEB-INF" excludes="web.xml" />
-            <fileset dir="${webapp.dir}" excludes="WEB-INF/**" />
+            <webinf dir="${webapp.dir}/WEB-INF" excludes="web.xml"/>
+            <fileset dir="${webapp.dir}" excludes="WEB-INF/**"/>
         </war>
-       <copy file="${installer.dir}/${war.name}.war" todir="${idp.home.path}/war" preservelastmodified="true" overwrite="true" />
+       <copy file="${installer.dir}/${war.name}.war" todir="${idp.home.path}/war" preservelastmodified="true" overwrite="true"/>
 
         <!-- Remove generated files -->
-        <delete file="${installer.dir}/web.xml" />
-       <delete file="${installer.dir}/${war.name}.war" />
+        <delete file="${installer.dir}/web.xml"/>
+       <delete file="${installer.dir}/${war.name}.war"/>
        
     </target>
 
     <target name="renew-cert" description="Create a new certificate/key pair."> 
-        <input message="This will create a new set of credentials for your IdP, overwriting existing credentials.  Do you really wish to proceed?" addproperty="renew.cert.do" validargs="yes,no" defaultvalue="no" /> 
-        <if> <equals arg1="${renew.cert.do}" arg2="yes" /> 
+        <input message="This will create a new set of credentials for your IdP, overwriting existing credentials.  Do you really wish to proceed?" addproperty="renew.cert.do" validargs="yes,no" defaultvalue="no"/> 
+        <if> <equals arg1="${renew.cert.do}" arg2="yes"/> 
             <then> 
 
-                <input message="Where is the Shibboleth Identity Provider installed?"
-                       addproperty="idp.home.input"
-                       defaultvalue="${idp.home}" />
-                <var name="idp.home" value="${idp.home.input}" />
+                <input message="Where is the Shibboleth Identity Provider installed?" addproperty="idp.home.input" defaultvalue="${idp.home}"/>
+                <var name="idp.home" value="${idp.home.input}"/>
               
-                <pathToAbsolutePath path="${idp.home}" addproperty="idp.home.path" /> 
+                <pathToAbsolutePath path="${idp.home}" addproperty="idp.home.path"/> 
             
-                <input message="What is the fully qualified hostname of the Shibboleth Identity Provider server?" 
-                       addproperty="idp.hostname.input" 
-                       defaultvalue="${idp.hostname}" /> 
-                <var name="idp.hostname" value="${idp.hostname.input}" /> 
-                <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth" /> 
+                <input message="What is the fully qualified hostname of the Shibboleth Identity Provider server?" addproperty="idp.hostname.input" defaultvalue="${idp.hostname}"/> 
+                <var name="idp.hostname" value="${idp.hostname.input}"/> 
+                <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth"/> 
 
-                <echo message="Backing up old credentials" /> 
+                <echo message="Backing up old credentials"/> 
                 <buildnumber file="${resources.dir}/credentials.buildno"/>
                 <copy todir="${idp.home.path}/credentials" overwrite="true">
                     <fileset dir="${idp.home.path}/credentials" excludes="*bak*,buildno"/>
                     <globmapper from="idp.*" to="idp.*.bak.${build.number}"/>
                 </copy>
 
-                <input message="A keystore is about to be generated for you. Please enter a password that will be used to protect it." 
-                       addproperty="idp.keystore.pass" /> 
+                <input message="A keystore is about to be generated for you. Please enter a password that will be used to protect it." addproperty="idp.keystore.pass"/> 
 
                 <if>
-                    <isset property="env.IdPCertLifetime" />
+                    <isset property="env.IdPCertLifetime"/>
                     <then>
-                        <var name="idp.cert.lifetime" value="${env.IdPCertLifetime}" />
+                        <var name="idp.cert.lifetime" value="${env.IdPCertLifetime}"/>
                     </then>
                     <else>
-                        <var name="idp.cert.lifetime" value="20" />
+                        <var name="idp.cert.lifetime" value="20"/>
                     </else>
                 </if>
         
-                <echo message="Generating signing and encryption key, certificate, and keystore. " /> 
-                <selfSignedCert hostname="${idp.hostname}" 
-                                privateKeyFile="${idp.home.path}/credentials/idp.key" 
-                                certificateFile="${idp.home.path}/credentials/idp.crt" 
-                                keystoreFile="${idp.home.path}/credentials/idp.jks" 
-                                keystorePassword="${idp.keystore.pass}" 
-                                uriSubjectAltNames="${idp.entity.id}" 
-                                certificateLifetime="${idp.cert.lifetime}"/> 
+                <echo message="Generating signing and encryption key, certificate, and keystore. "/> 
+                <selfSignedCert hostname="${idp.hostname}" privateKeyFile="${idp.home.path}/credentials/idp.key" certificateFile="${idp.home.path}/credentials/idp.crt" keystoreFile="${idp.home.path}/credentials/idp.jks" keystorePassword="${idp.keystore.pass}" uriSubjectAltNames="${idp.entity.id}" certificateLifetime="${idp.cert.lifetime}"/> 
             </then>
         </if> 
     </target> 
index 5ad7218..15bb1fb 100644 (file)
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <!-- 
     This file is an EXAMPLE policy file.  While the policy presented in this 
     example file is functional, it isn't very interesting.
@@ -7,22 +6,14 @@
     Deployers should refer to the Shibboleth 2 documentation for a complete list of components 
     and their options.
 -->
-
-<afp:AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" 
-                            xmlns:afp="urn:mace:shibboleth:2.0:afp"
-                            xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" 
-                            xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
-                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                            xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
-                                                urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd
-                                                urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
+<afp:AttributeFilterPolicyGroup xmlns:afp="urn:mace:shibboleth:2.0:afp" xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="ShibbolethFilterPolicy" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd                                                 urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd                                                 urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
 
     <!--  Release the transient ID to anyone -->
     <afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
-        <afp:PolicyRequirementRule xsi:type="basic:ANY" />
+        <afp:PolicyRequirementRule xsi:type="basic:ANY"/>
 
         <afp:AttributeRule attributeID="transientId">
-            <afp:PermitValueRule xsi:type="basic:ANY" />
+            <afp:PermitValueRule xsi:type="basic:ANY"/>
         </afp:AttributeRule>
 
     </afp:AttributeFilterPolicy>
@@ -69,4 +60,4 @@
     </afp:AttributeFilterPolicy>
     -->
 
-</afp:AttributeFilterPolicyGroup>
\ No newline at end of file
+</afp:AttributeFilterPolicyGroup>
index a373353..1820f00 100644 (file)
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <!-- 
     This file is an EXAMPLE configuration file.  While the configuration presented in this 
     example file is functional, it isn't very interesting.  However, there are lots of example
@@ -9,18 +8,7 @@
     Deployers should refer to the Shibboleth 2 documentation for a complete list of components 
     and their options.
 -->
-
-
-<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
-                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
-                   xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
-                   xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security"
-                   xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
-                                       urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
-                                       urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
-                                       urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
-                                       urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
-                                       urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
+<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd                                        urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd                                        urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd                                        urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd                                        urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
 
     <!-- ========================================== -->
     <!--      Attribute Definitions                 -->
 
     <!-- Name Identifier related attributes -->
     <resolver:AttributeDefinition id="transientId" xsi:type="ad:TransientId">
-        <resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID" nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
+        <resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier"/>
+        <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID" nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
     </resolver:AttributeDefinition>
 
     <!-- ========================================== -->
     <!-- ========================================== -->
     <!--      Principal Connectors                  -->
     <!-- ========================================== -->
-    <resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
-    <resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
-    <resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
+    <resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier"/>
+    <resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
+    <resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
 
-</resolver:AttributeResolver>
\ No newline at end of file
+</resolver:AttributeResolver>
index 8d00f8a..3079e99 100644 (file)
@@ -1,11 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
-<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
-                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                     xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
+<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
 
     <!-- Error Handler -->
-    <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp" />
+    <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
 
     <!-- Profile Handlers -->
     <!-- 
         <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
     </ph:ProfileHandler>    
 
-    <ph:ProfileHandler xsi:type="ph:ShibbolethSSO"
-                    inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post 
-                                                urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
+    <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post                                                  urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
         <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" 
-                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+    <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
         <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" 
-                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+    <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
         <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO" 
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO" 
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO" 
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO"
-                    inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2ECP"
-          inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-          outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery"
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" 
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
     </ph:ProfileHandler>
     
index 0e3e5d8..9b17e1f 100644 (file)
@@ -1,20 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd                          http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
 
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-                         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd" >
-
-    <bean id="shibboleth.CacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
+    <bean id="shibboleth.CacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
 
     <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
-        <constructor-arg value="true" type="boolean" />
+        <constructor-arg value="true" type="boolean"/>
     </bean>
     
     <bean id="shibboleth.LogbackLogging" class="edu.internet2.middleware.shibboleth.common.log.LogbackLoggingService" depends-on="shibboleth.TaskTimer">
-       <constructor-arg ref="shibboleth.TaskTimer" />
-       <constructor-arg value="$IDP_HOME$/conf/logging.xml" />
-       <constructor-arg value="600000" />
+       <constructor-arg ref="shibboleth.TaskTimer"/>
+       <constructor-arg value="$IDP_HOME$/conf/logging.xml"/>
+       <constructor-arg value="600000"/>
     </bean>
     
     <!-- Spring configuration file that bootstraps OpenSAML -->
         <constructor-arg>
             <list>
                 <bean id="shibMetadataExtensions" class="org.opensaml.util.resource.ClasspathResource">
-                    <constructor-arg value="/shibboleth-saml-ext-config.xml" />
+                    <constructor-arg value="/shibboleth-saml-ext-config.xml"/>
                 </bean>
             </list>
         </constructor-arg>
-        <property name="parserPool" ref="shibboleth.ParserPool" />
+        <property name="parserPool" ref="shibboleth.ParserPool"/>
     </bean>
 
     <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg value="SHA1PRNG" />
+        <constructor-arg value="SHA1PRNG"/>
     </bean>
 
     <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" depends-on="shibboleth.LogbackLogging">
         </property>
     </bean>
 
-    <bean id="shibboleth.TemplateEngine"
-        class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine"
-        depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.VelocityEngine" />
+    <bean id="shibboleth.TemplateEngine" class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine" depends-on="shibboleth.LogbackLogging">
+        <constructor-arg ref="shibboleth.VelocityEngine"/>
     </bean>
 
-    <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" 
-          depends-on="shibboleth.LogbackLogging" init-method="initialize">
-        <property name="maxPoolSize" value="100" />
-        <property name="coalescing" value="true" />
-        <property name="ignoreComments" value="true" />
-        <property name="ignoreElementContentWhitespace" value="true" />
-        <property name="namespaceAware" value="true" />
+    <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" depends-on="shibboleth.LogbackLogging" init-method="initialize">
+        <property name="maxPoolSize" value="100"/>
+        <property name="coalescing" value="true"/>
+        <property name="ignoreComments" value="true"/>
+        <property name="ignoreElementContentWhitespace" value="true"/>
+        <property name="namespaceAware" value="true"/>
         <property name="builderAttributes">
             <map>
                 <entry>
                     <key>
                         <value>http://apache.org/xml/properties/security-manager</value>
                     </key>
-                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager" />
+                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager"/>
                 </entry>
             </map>
         </property>
         </property>
     </bean>
 
-    <bean id="shibboleth.StorageService" class="edu.internet2.middleware.shibboleth.common.util.EventingMapBasedStorageService" depends-on="shibboleth.LogbackLogging" />
+    <bean id="shibboleth.StorageService" class="edu.internet2.middleware.shibboleth.common.util.EventingMapBasedStorageService" depends-on="shibboleth.LogbackLogging"/>
 
     <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.TaskTimer" />
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg value="600000" type="long" />
+        <constructor-arg ref="shibboleth.TaskTimer"/>
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg value="600000" type="long"/>
     </bean>
 
-    <bean id="shibboleth.SessionManager"
-          class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl"
-          depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg value="1800000" type="long" />
+    <bean id="shibboleth.SessionManager" class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl" depends-on="shibboleth.LogbackLogging">
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg value="1800000" type="long"/>
     </bean>
 
     <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg type="long" value="300000" />
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg type="long" value="300000"/>
     </bean>
     
     <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg type="long" value="300000" />
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg type="long" value="300000"/>
     </bean>
 
     <util:map id="shibboleth.MessageDecoders">
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostSimpleSignDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostDecoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
             </key>
-            <bean id="shibboleth.SAML2HttpRedirectDecoder"
-                class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+            <bean id="shibboleth.SAML2HttpRedirectDecoder" class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder">
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
             </key>
-            <bean id="shibboleth.SAML2HttpSoap11Decoder"
-                class="org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+            <bean id="shibboleth.SAML2HttpSoap11Decoder" class="org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder">
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
             </key>
             <bean id="shibboleth.SAML1HttpPostDecoder" class="org.opensaml.saml1.binding.decoding.HTTPPostDecoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
-                <constructor-arg ref="shibboleth.ParserPool" />
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
             </key>
-            <bean id="shibboleth.SAML1HttpSoap11Decoder"
-                class="org.opensaml.saml1.binding.decoding.HTTPSOAP11Decoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
-                <constructor-arg ref="shibboleth.ParserPool" />
+            <bean id="shibboleth.SAML1HttpSoap11Decoder" class="org.opensaml.saml1.binding.decoding.HTTPSOAP11Decoder">
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:mace:shibboleth:1.0:profiles:AuthnRequest</value>
             </key>
-            <bean id="shibboleth.ShibbolethSSODecoder"
-                class="edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder">
+            <bean id="shibboleth.ShibbolethSSODecoder" class="edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder">
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:mace:shibboleth:2.0:profiles:AuthnRequest</value>
             </key>
-            <bean id="shibboleth.UnsolicitedSSODecoder"
-                class="edu.internet2.middleware.shibboleth.idp.profile.saml2.UnsolicitedSSODecoder">
-                <constructor-arg ref="shibboleth.IdGenerator" />
+            <bean id="shibboleth.UnsolicitedSSODecoder" class="edu.internet2.middleware.shibboleth.idp.profile.saml2.UnsolicitedSSODecoder">
+                <constructor-arg ref="shibboleth.IdGenerator"/>
             </bean>
         </entry>
     </util:map>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostSimpleSignEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder">
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml2-post-simplesign-binding.vm" />
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml2-post-simplesign-binding.vm"/>
             </bean>
         </entry>
         <entry>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostEncoder">
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml2-post-binding.vm" />
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml2-post-binding.vm"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
             </key>
-            <bean id="shibboleth.SAML2HttpRedirectEncoder"
-                class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder" />
+            <bean id="shibboleth.SAML2HttpRedirectEncoder" class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder"/>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact</value>
             </key>
-            <bean id="shibboleth.SAML2HTTPArtifactEncoder"
-                class="org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml2-post-artifact-binding.vm" />
+            <bean id="shibboleth.SAML2HTTPArtifactEncoder" class="org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder">
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml2-post-artifact-binding.vm"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
             </key>
-            <bean id="shibboleth.SAML2HttpSoap11Encoder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder" />
+            <bean id="shibboleth.SAML2HttpSoap11Encoder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder"/>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
             </key>
             <bean id="shibboleth.SAML1HttpPostEncoder" class="org.opensaml.saml1.binding.encoding.HTTPPostEncoder">
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml1-post-binding.vm" />
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml1-post-binding.vm"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:profiles:artifact-01</value>
             </key>
-            <bean id="shibboleth.SAML1HttpArtifactEncoder"
-                class="org.opensaml.saml1.binding.encoding.HTTPArtifactEncoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
+            <bean id="shibboleth.SAML1HttpArtifactEncoder" class="org.opensaml.saml1.binding.encoding.HTTPArtifactEncoder">
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
             </key>
-            <bean id="shibboleth.SAML1HttpSoap11EncoderBuilder"
-                class="org.opensaml.saml1.binding.encoding.HTTPSOAP11Encoder" />
+            <bean id="shibboleth.SAML1HttpSoap11EncoderBuilder" class="org.opensaml.saml1.binding.encoding.HTTPSOAP11Encoder"/>
         </entry>
     </util:map>
 
-    <bean id="shibboleth.ServletAttributeExporter"
-          class="edu.internet2.middleware.shibboleth.common.config.service.ServletContextAttributeExporter" 
-          depends-on="shibboleth.LogbackLogging"
-          init-method="initialize" >
+    <bean id="shibboleth.ServletAttributeExporter" class="edu.internet2.middleware.shibboleth.common.config.service.ServletContextAttributeExporter" depends-on="shibboleth.LogbackLogging" init-method="initialize">
         <constructor-arg>
            <list>
                <value>shibboleth.SessionManager</value>
         </constructor-arg>
     </bean>
 
-</beans>
\ No newline at end of file
+</beans>
index 3fe2db6..2913e5f 100644 (file)
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <configuration>
     
     <!--
@@ -7,13 +6,13 @@
         Levels: OFF, ERROR, WARN, INFO, DEBUG, TRACE, ALL
     -->
     <!-- Logs IdP, but not OpenSAML, messages -->
-    <logger name="edu.internet2.middleware.shibboleth" level="INFO" />
+    <logger name="edu.internet2.middleware.shibboleth" level="INFO"/>
 
     <!-- Logs OpenSAML, but not IdP, messages -->
-    <logger name="org.opensaml" level="WARN" />
+    <logger name="org.opensaml" level="WARN"/>
     
     <!-- Logs LDAP related messages -->
-    <logger name="edu.vt.middleware.ldap" level="WARN" />
+    <logger name="edu.vt.middleware.ldap" level="WARN"/>
     
     <!-- Logs inbound and outbound protocols messages at DEBUG level -->
     <!--
     </appender>
   
     <logger name="Shibboleth-Access" level="ALL">
-        <appender-ref ref="IDP_ACCESS" />
+        <appender-ref ref="IDP_ACCESS"/>
     </logger>
     
     <logger name="Shibboleth-Audit" level="ALL">
-        <appender-ref ref="IDP_AUDIT" />
+        <appender-ref ref="IDP_AUDIT"/>
     </logger>
         
-    <logger name="org.springframework" level="OFF" />
+    <logger name="org.springframework" level="OFF"/>
     
-    <logger name="org.apache.catalina" level="ERROR" />
+    <logger name="org.apache.catalina" level="ERROR"/>
 
     <root level="ERROR">
-        <appender-ref ref="IDP_PROCESS" />
+        <appender-ref ref="IDP_PROCESS"/>
     </root>
 
-</configuration>
\ No newline at end of file
+</configuration>
index f4f3709..0086224 100644 (file)
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <!--
     This file is an EXAMPLE configuration file.
 
@@ -7,83 +6,33 @@
     particular relying party should be signed.  It also includes metadata provider and credential definitions used 
     when answering requests to a relying party.
 -->
-
-<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party"
-                   xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
-                   xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
-                   xmlns:resource="urn:mace:shibboleth:2.0:resource"
-                   xmlns:security="urn:mace:shibboleth:2.0:security"
-                   xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
-                   xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata"
-                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                   xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
-                                       urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
-                                       urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
-                                       urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd
-                                       urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
-                                       urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
-                                       urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
+<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml" xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml" xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd                                        urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd                                        urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd                                        urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd                                        urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
                                        
     <!-- ========================================== -->
     <!--      Relying Party Configurations          -->
     <!-- ========================================== -->
-    <rp:AnonymousRelyingParty provider="$IDP_ENTITY_ID$"
-                           defaultSigningCredentialRef="IdPCredential" />
+    <rp:AnonymousRelyingParty provider="$IDP_ENTITY_ID$" defaultSigningCredentialRef="IdPCredential"/>
     
-    <rp:DefaultRelyingParty provider="$IDP_ENTITY_ID$"
-                         defaultSigningCredentialRef="IdPCredential">
+    <rp:DefaultRelyingParty provider="$IDP_ENTITY_ID$" defaultSigningCredentialRef="IdPCredential">
         <!-- 
             Each attribute in these profiles configuration is set to its default value,
             that is, the values that would be in effect if those attributes were not present.
             We list them here so that people are aware of them (since they seem reluctant to 
             read the documentation).
         -->
-        <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" 
-                              includeAttributeStatement="false"
-                              assertionLifetime="PT5M"
-                              signResponses="conditional"
-                              signAssertions="never" />
+        <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
                               
-        <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
-                              assertionLifetime="PT5M"
-                              signResponses="conditional"
-                              signAssertions="never" />
+        <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
         
-        <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
-                              signResponses="conditional"
-                              signAssertions="never" />
+        <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" signAssertions="never"/>
         
-        <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" 
-                              includeAttributeStatement="true"
-                              assertionLifetime="PT5M"
-                              assertionProxyCount="0" 
-                              signResponses="never"
-                              signAssertions="always" 
-                              encryptAssertions="conditional"
-                              encryptNameIds="never" />
+        <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
 
-        <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile"
-                              includeAttributeStatement="true"
-                              assertionLifetime="PT5M"
-                              assertionProxyCount="0"
-                              signResponses="never"
-                              signAssertions="always"
-                              encryptAssertions="conditional"
-                              encryptNameIds="never" />
+        <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
 
-        <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
-                              assertionLifetime="PT5M"
-                              assertionProxyCount="0" 
-                              signResponses="conditional"
-                              signAssertions="never"
-                              encryptAssertions="conditional"
-                              encryptNameIds="never" />
+        <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="conditional" signAssertions="never" encryptAssertions="conditional" encryptNameIds="never"/>
         
-        <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
-                              signResponses="never"
-                              signAssertions="always"
-                              encryptAssertions="conditional"
-                              encryptNameIds="never"/>
+        <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
         
     </rp:DefaultRelyingParty>
         
@@ -96,7 +45,7 @@
     
        <!-- Load the IdP's own metadata.  This is necessary for artifact support. -->
         <metadata:MetadataProvider id="IdPMD" xsi:type="metadata:ResourceBackedMetadataProvider">
-            <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="$IDP_HOME$/metadata/idp-metadata.xml" />
+            <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="$IDP_HOME$/metadata/idp-metadata.xml"/>
         </metadata:MetadataProvider>
         
         <!-- Example metadata provider. -->
         engines and so you'll see some rules that reference the declared trust engines.
     -->
     <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining">
-        <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
-                              metadataProviderRef="ShibbolethMetadata" />                              
-        <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature"
-                              metadataProviderRef="ShibbolethMetadata" />
+        <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature" metadataProviderRef="ShibbolethMetadata"/>                              
+        <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature" metadataProviderRef="ShibbolethMetadata"/>
     </security:TrustEngine>
     
     <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
-        <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey"
-                              metadataProviderRef="ShibbolethMetadata" />
-        <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential"
-                              metadataProviderRef="ShibbolethMetadata" />
+        <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey" metadataProviderRef="ShibbolethMetadata"/>
+        <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential" metadataProviderRef="ShibbolethMetadata"/>
     </security:TrustEngine>
      
     <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
-        <security:Rule xsi:type="samlsec:Replay" required="false" />
+        <security:Rule xsi:type="samlsec:Replay" required="false"/>
         <security:Rule xsi:type="samlsec:IssueInstant" required="false"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
     <security:SecurityPolicy id="shibboleth.SAML1AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
-        <security:Rule xsi:type="security:MandatoryMessageAuthentication" />
+        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
     </security:SecurityPolicy>
     
     <security:SecurityPolicy id="shibboleth.SAML1ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
-        <security:Rule xsi:type="security:MandatoryMessageAuthentication" />
+        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
     </security:SecurityPolicy>
 
     <security:SecurityPolicy id="shibboleth.SAML2SSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
         <security:Rule xsi:type="samlsec:SAML2AuthnRequestsSigned"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
 
     <security:SecurityPolicy id="shibboleth.SAML2AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
-        <security:Rule xsi:type="security:MandatoryMessageAuthentication" />
+        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
     </security:SecurityPolicy>
     
     <security:SecurityPolicy id="shibboleth.SAML2ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
-        <security:Rule xsi:type="security:MandatoryMessageAuthentication" />
+        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
     </security:SecurityPolicy>
     
     <security:SecurityPolicy id="shibboleth.SAML2SLOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
-        <security:Rule xsi:type="security:MandatoryMessageAuthentication" />
+        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
     </security:SecurityPolicy>
     
-</rp:RelyingPartyGroup>
\ No newline at end of file
+</rp:RelyingPartyGroup>
index 9d8bfb9..ed1b64c 100644 (file)
@@ -1,63 +1,29 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<srv:Services xmlns:srv="urn:mace:shibboleth:2.0:services" xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp" xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority" xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver" xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd                               urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd                               urn:mace:shibboleth:2.0:attribute:authority classpath:/schema/shibboleth-2.0-attribute-authority.xsd                               urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd                               urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd                               urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd                               urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
 
-<srv:Services xmlns:srv="urn:mace:shibboleth:2.0:services"
-          xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp"
-          xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority"
-          xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver"
-          xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler"
-          xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
-          xmlns:resource="urn:mace:shibboleth:2.0:resource" 
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xsi:schemaLocation="urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd
-                              urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
-                              urn:mace:shibboleth:2.0:attribute:authority classpath:/schema/shibboleth-2.0-attribute-authority.xsd
-                              urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
-                              urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
-                              urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
-                              urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
-
-    <srv:Service id="shibboleth.AttributeResolver"
-             xsi:type="attribute-resolver:ShibbolethAttributeResolver">
-        <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-resolver.xml" xsi:type="resource:FilesystemResource" />
+    <srv:Service id="shibboleth.AttributeResolver" xsi:type="attribute-resolver:ShibbolethAttributeResolver">
+        <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-resolver.xml" xsi:type="resource:FilesystemResource"/>
     </srv:Service>
 
-    <srv:Service id="shibboleth.AttributeFilterEngine"
-             xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
-        <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-filter.xml" xsi:type="resource:FilesystemResource" />
+    <srv:Service id="shibboleth.AttributeFilterEngine" xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
+        <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-filter.xml" xsi:type="resource:FilesystemResource"/>
     </srv:Service>
     
-    <srv:Service id="shibboleth.SAML1AttributeAuthority"
-             xsi:type="attribute-authority:SAML1AttributeAuthority"
-             depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine"
-             resolver="shibboleth.AttributeResolver"
-             filter="shibboleth.AttributeFilterEngine" />
+    <srv:Service id="shibboleth.SAML1AttributeAuthority" xsi:type="attribute-authority:SAML1AttributeAuthority" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
              
-    <srv:Service id="shibboleth.SAML2AttributeAuthority"
-             xsi:type="attribute-authority:SAML2AttributeAuthority"
-             depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine"
-             resolver="shibboleth.AttributeResolver"
-             filter="shibboleth.AttributeFilterEngine" />
+    <srv:Service id="shibboleth.SAML2AttributeAuthority" xsi:type="attribute-authority:SAML2AttributeAuthority" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
 
-    <srv:Service id="shibboleth.RelyingPartyConfigurationManager"
-             xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager"
-             depends-on="shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority">
-        <srv:ConfigurationResource file="$IDP_HOME$/conf/relying-party.xml" xsi:type="resource:FilesystemResource" />
+    <srv:Service id="shibboleth.RelyingPartyConfigurationManager" xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager" depends-on="shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority">
+        <srv:ConfigurationResource file="$IDP_HOME$/conf/relying-party.xml" xsi:type="resource:FilesystemResource"/>
     </srv:Service>
 
-    <srv:Service id="shibboleth.HandlerManager"
-             depends-on="shibboleth.RelyingPartyConfigurationManager"
-             xsi:type="profile:IdPProfileHandlerManager">
-        <srv:ConfigurationResource file="$IDP_HOME$/conf/handler.xml" xsi:type="resource:FilesystemResource" />
+    <srv:Service id="shibboleth.HandlerManager" depends-on="shibboleth.RelyingPartyConfigurationManager" xsi:type="profile:IdPProfileHandlerManager">
+        <srv:ConfigurationResource file="$IDP_HOME$/conf/handler.xml" xsi:type="resource:FilesystemResource"/>
     </srv:Service>
     
     <!-- 
         A special service that exports all services upon which it depends into the ServletContext as an attribute 
         with the same name as the service's ID.
     -->
-    <srv:Service id="shibboleth.ServiceServletContextAttributeExporter"
-             depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine
-                         shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority 
-                         shibboleth.RelyingPartyConfigurationManager shibboleth.HandlerManager
-                         shibboleth.StorageService"
-             xsi:type="srv:ServletContextAttributeExporter" />
-</srv:Services>
\ No newline at end of file
+    <srv:Service id="shibboleth.ServiceServletContextAttributeExporter" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine                          shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority                           shibboleth.RelyingPartyConfigurationManager shibboleth.HandlerManager                          shibboleth.StorageService" xsi:type="srv:ServletContextAttributeExporter"/>
+</srv:Services>
index 28f7608..09464be 100644 (file)
@@ -1,8 +1,5 @@
-<EntityDescriptor entityID="$IDP_ENTITY_ID$"
-                  xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
-                  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-                  xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
-                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+<?xml version="1.0" encoding="UTF-8"?>
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="$IDP_ENTITY_ID$">
 
     <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
 
@@ -20,28 +17,20 @@ $IDP_CERTIFICATE$
             </ds:KeyInfo>
         </KeyDescriptor>
         
-        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                                   Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution" 
-                                   index="1"/>
+        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
 
-        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-                                   Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" 
-                                   index="2"/>
+        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
                                    
         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 
-        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" 
-                             Location="https://$IDP_HOSTNAME$/idp/profile/Shibboleth/SSO" />
+        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://$IDP_HOSTNAME$/idp/profile/Shibboleth/SSO"/>
         
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
-                             Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SSO" />
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SSO"/>
 
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
-                             Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST-SimpleSign/SSO" />
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST-SimpleSign/SSO"/>
         
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
-                             Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SSO" />
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SSO"/>
     </IDPSSODescriptor>
 
     <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
@@ -60,15 +49,13 @@ $IDP_CERTIFICATE$
             </ds:KeyInfo>
         </KeyDescriptor>
 
-        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" 
-                          Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/AttributeQuery" />
+        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
         
-        <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-                          Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/AttributeQuery" />
+        <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
         
         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
         <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
         
     </AttributeAuthorityDescriptor>
     
-</EntityDescriptor>    
\ No newline at end of file
+</EntityDescriptor>
index 7a598e8..20a8c01 100644 (file)
@@ -1,3 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
 <!-- Binary distribution, along with dependency jar files -->
 <assembly>
     <id>bin</id>
@@ -45,7 +46,7 @@
         <!-- Copy up our installer srcipts into the root of the package -->
         <fileSet>
             <directory>src/installer/bash</directory>
-            <outputDirectory></outputDirectory>
+            <outputDirectory/>
             <includes>
                 <include>*.sh</include>
             </includes>
@@ -54,7 +55,7 @@
         </fileSet>
         <fileSet>
             <directory>src/installer/bat</directory>
-            <outputDirectory></outputDirectory>
+            <outputDirectory/>
             <includes>
                 <include>*.bat</include>
             </includes>
         </fileSet>
     </fileSets>
     
-</assembly>
\ No newline at end of file
+</assembly>
index 421c990..ecb40c6 100644 (file)
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
-import java.io.IOException;\r
-import java.util.List;\r
-\r
-import javax.servlet.jsp.JspException;\r
-import javax.servlet.jsp.JspWriter;\r
-import javax.servlet.jsp.tagext.BodyContent;\r
-\r
-import org.opensaml.saml2.metadata.ContactPerson;\r
-import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;\r
-import org.opensaml.saml2.metadata.EmailAddress;\r
-import org.opensaml.saml2.metadata.EntityDescriptor;\r
-import org.opensaml.saml2.metadata.GivenName;\r
-import org.opensaml.saml2.metadata.SurName;\r
-import org.owasp.esapi.ESAPI;\r
-import org.owasp.esapi.Encoder;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-/** return the contactInfo for the SP or null. */\r
-public class ServiceContactTag extends ServiceTagSupport {\r
-    \r
-    /** required by checkstyle. */\r
-    private static final long serialVersionUID = -4000690571141490553L;\r
-\r
-    /** Class logger. */\r
-    private static Logger log = LoggerFactory.getLogger(ServiceContactTag.class);\r
-\r
-    /** storage for the contactType bean. */\r
-    private ContactPersonTypeEnumeration contactType = ContactPersonTypeEnumeration.SUPPORT;\r
-    \r
-    /** bean storage for the name attribute. */\r
-    private String contactName;\r
-    \r
-    /** \r
-     * Setter for the contactType bean.\r
-     * @param type in value\r
-     */\r
-    public void setContactType(String type) {\r
-        if (null == type || 0 == type.length()) {\r
-            log.warn("no parameter provided to contactType");\r
-            return;\r
-        }\r
-        if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE)) {\r
-            contactType = ContactPersonTypeEnumeration.ADMINISTRATIVE;\r
-        } else if (type.equals(ContactPersonTypeEnumeration.BILLING)) {\r
-            contactType = ContactPersonTypeEnumeration.BILLING;\r
-        } else if (type.equals(ContactPersonTypeEnumeration.OTHER)) {\r
-            contactType = ContactPersonTypeEnumeration.OTHER;\r
-        } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT)) {\r
-            contactType = ContactPersonTypeEnumeration.SUPPORT;\r
-        } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL)) {\r
-            contactType = ContactPersonTypeEnumeration.TECHNICAL;\r
-        } else {\r
-            log.warn("parameter provided to contactType:" + type + " is invalid");\r
-            return;\r
-        }\r
-    }\r
-\r
-    /**\r
-     * Set the bean.\r
-     * @param s new value\r
-     */\r
-    public void setName(String s) {\r
-        contactName = s;\r
-    }\r
-    \r
-    /**\r
-     * either return the name raw or garnshed in a hyperlink.\r
-     * @param email the email address (a url)\r
-     * @param name the name to return.\r
-     * @return either a hyperlink or a raw string\r
-     */\r
-    private String buildURL(String email, String name){\r
-        //\r
-        // We have emailAdress or null and a  non empty fullName.\r
-        //\r
-        if (null != email) {\r
-            //\r
-            // Nonempty email. Construct an href\r
-            //\r
-            if (log.isDebugEnabled()) {\r
-                log.debug("constructing hyperlink from name \"" + name+ "\" and email " + email);\r
-            }\r
-            return buildHyperLink(email, name);\r
-        } else {\r
-            Encoder esapiEncoder = ESAPI.encoder();\r
-\r
-            //\r
-            // No mail, no href\r
-            //\r
-            if (log.isDebugEnabled()) {\r
-                log.debug("no email found, using name \"" + name + "\" with no hyperlink");\r
-            }\r
-\r
-            if (null == name) {\r
-                return name;\r
-            } else {\r
-                return esapiEncoder.encodeForHTML(name);\r
-            }\r
-        }\r
-        \r
-    }\r
-    \r
-    /**\r
-     * build an appropriate string from the &ltContact&gt.\r
-     * @param contact who we are interested in.\r
-     * @return either an hyperlink or straight text or null\r
-     */\r
-     private String getStringFromContact(ContactPerson contact) {\r
-        StringBuilder fullName = new StringBuilder();\r
-        GivenName givenName = contact.getGivenName();\r
-        SurName surName = contact.getSurName();\r
-        List<EmailAddress> emails = contact.getEmailAddresses();\r
-        String emailAddress = null;\r
-\r
-        //\r
-        // grab email - of there is one\r
-        //\r
-        if (emails != null && !emails.isEmpty()) {\r
-            emailAddress = emails.get(0).getAddress();\r
-        }\r
-        \r
-        if (null != contactName) {\r
-            return buildURL(emailAddress, contactName);\r
-        }\r
-        //\r
-        // Otherwise we build it from whats in the metadata\r
-        //\r
-        if (null != givenName) {\r
-            fullName.append(givenName.getName()).append(" ");\r
-        }\r
-        if (null != surName) {\r
-            fullName.append(surName.getName()).append(" ");\r
-        }\r
-        if (0 == fullName.length()) {\r
-            if (null == emails) {\r
-                //\r
-                // No name, no email, nothing we can do\r
-                //\r
-                return null;\r
-            }\r
-            if (log.isDebugEnabled()) {\r
-                log.debug("no names found, using email address as text");\r
-            }\r
-            fullName.append(emailAddress);\r
-        }\r
-        return buildURL(emailAddress, fullName.toString());\r
-    }\r
-    \r
-    /** \r
-     * build an appropriate string from the &ltEntityDescriptor&gt.\r
-     * @return either an hyperlink or straight text or null.\r
-     */\r
-    protected String getContactFromEntity() {\r
-        \r
-        EntityDescriptor sp = getSPEntityDescriptor();\r
-        if (null == sp) {\r
-            log.debug("No relying party, nothing to display");\r
-            return null;\r
-        }\r
-\r
-        List<ContactPerson> contacts = sp.getContactPersons();\r
-        if (null == contacts) {\r
-            return null;\r
-        }\r
-        for (ContactPerson contact:contacts) {\r
-            if (contactType == contact.getType()) {\r
-                return getStringFromContact(contact);\r
-            }\r
-        } \r
-        return null;\r
-    }\r
-    \r
-    @Override\r
-    public int doEndTag() throws JspException {\r
-       \r
-        String result;\r
-        result = getContactFromEntity();\r
-        \r
-        try {\r
-            if (null == result) {\r
-                BodyContent bc = getBodyContent();\r
-                if (null != bc) {\r
-                    JspWriter ew= bc.getEnclosingWriter();\r
-                    if (ew != null) {\r
-                        bc.writeOut(ew);\r
-                    }\r
-                }\r
-            } else {\r
-                pageContext.getOut().print(result);\r
-            }\r
-        } catch (IOException e) {\r
-            log.warn("Error generating Description");\r
-            throw new JspException("EndTag", e);\r
-        }\r
-        return super.doEndTag();\r
-    }\r
-\r
-}\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.ui;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.tagext.BodyContent;
+
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml2.metadata.EmailAddress;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.GivenName;
+import org.opensaml.saml2.metadata.SurName;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** return the contactInfo for the SP or null. */
+public class ServiceContactTag extends ServiceTagSupport {
+    
+    /** required by checkstyle. */
+    private static final long serialVersionUID = -4000690571141490553L;
+
+    /** Class logger. */
+    private static Logger log = LoggerFactory.getLogger(ServiceContactTag.class);
+
+    /** storage for the contactType bean. */
+    private ContactPersonTypeEnumeration contactType = ContactPersonTypeEnumeration.SUPPORT;
+    
+    /** bean storage for the name attribute. */
+    private String contactName;
+    
+    /** 
+     * Setter for the contactType bean.
+     * @param type in value
+     */
+    public void setContactType(String type) {
+        if (null == type || 0 == type.length()) {
+            log.warn("no parameter provided to contactType");
+            return;
+        }
+        if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE)) {
+            contactType = ContactPersonTypeEnumeration.ADMINISTRATIVE;
+        } else if (type.equals(ContactPersonTypeEnumeration.BILLING)) {
+            contactType = ContactPersonTypeEnumeration.BILLING;
+        } else if (type.equals(ContactPersonTypeEnumeration.OTHER)) {
+            contactType = ContactPersonTypeEnumeration.OTHER;
+        } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT)) {
+            contactType = ContactPersonTypeEnumeration.SUPPORT;
+        } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL)) {
+            contactType = ContactPersonTypeEnumeration.TECHNICAL;
+        } else {
+            log.warn("parameter provided to contactType:" + type + " is invalid");
+            return;
+        }
+    }
+
+    /**
+     * Set the bean.
+     * @param s new value
+     */
+    public void setName(String s) {
+        contactName = s;
+    }
+    
+    /**
+     * either return the name raw or garnshed in a hyperlink.
+     * @param email the email address (a url)
+     * @param name the name to return.
+     * @return either a hyperlink or a raw string
+     */
+    private String buildURL(String email, String name){
+        //
+        // We have emailAdress or null and a  non empty fullName.
+        //
+        if (null != email) {
+            //
+            // Nonempty email. Construct an href
+            //
+            if (log.isDebugEnabled()) {
+                log.debug("constructing hyperlink from name \"" + name+ "\" and email " + email);
+            }
+            return buildHyperLink(email, name);
+        } else {
+            Encoder esapiEncoder = ESAPI.encoder();
+
+            //
+            // No mail, no href
+            //
+            if (log.isDebugEnabled()) {
+                log.debug("no email found, using name \"" + name + "\" with no hyperlink");
+            }
+
+            if (null == name) {
+                return name;
+            } else {
+                return esapiEncoder.encodeForHTML(name);
+            }
+        }
+        
+    }
+    
+    /**
+     * build an appropriate string from the &ltContact&gt.
+     * @param contact who we are interested in.
+     * @return either an hyperlink or straight text or null
+     */
+     private String getStringFromContact(ContactPerson contact) {
+        StringBuilder fullName = new StringBuilder();
+        GivenName givenName = contact.getGivenName();
+        SurName surName = contact.getSurName();
+        List<EmailAddress> emails = contact.getEmailAddresses();
+        String emailAddress = null;
+
+        //
+        // grab email - of there is one
+        //
+        if (emails != null && !emails.isEmpty()) {
+            emailAddress = emails.get(0).getAddress();
+        }
+        
+        if (null != contactName) {
+            return buildURL(emailAddress, contactName);
+        }
+        //
+        // Otherwise we build it from whats in the metadata
+        //
+        if (null != givenName) {
+            fullName.append(givenName.getName()).append(" ");
+        }
+        if (null != surName) {
+            fullName.append(surName.getName()).append(" ");
+        }
+        if (0 == fullName.length()) {
+            if (null == emails) {
+                //
+                // No name, no email, nothing we can do
+                //
+                return null;
+            }
+            if (log.isDebugEnabled()) {
+                log.debug("no names found, using email address as text");
+            }
+            fullName.append(emailAddress);
+        }
+        return buildURL(emailAddress, fullName.toString());
+    }
+    
+    /** 
+     * build an appropriate string from the &ltEntityDescriptor&gt.
+     * @return either an hyperlink or straight text or null.
+     */
+    protected String getContactFromEntity() {
+        
+        EntityDescriptor sp = getSPEntityDescriptor();
+        if (null == sp) {
+            log.debug("No relying party, nothing to display");
+            return null;
+        }
+
+        List<ContactPerson> contacts = sp.getContactPersons();
+        if (null == contacts) {
+            return null;
+        }
+        for (ContactPerson contact:contacts) {
+            if (contactType == contact.getType()) {
+                return getStringFromContact(contact);
+            }
+        } 
+        return null;
+    }
+    
+    @Override
+    public int doEndTag() throws JspException {
+       
+        String result;
+        result = getContactFromEntity();
+        
+        try {
+            if (null == result) {
+                BodyContent bc = getBodyContent();
+                if (null != bc) {
+                    JspWriter ew= bc.getEnclosingWriter();
+                    if (ew != null) {
+                        bc.writeOut(ew);
+                    }
+                }
+            } else {
+                pageContext.getOut().print(result);
+            }
+        } catch (IOException e) {
+            log.warn("Error generating Description");
+            throw new JspException("EndTag", e);
+        }
+        return super.doEndTag();
+    }
+
+}
index 361b575..7f06613 100644 (file)
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
-import java.io.IOException;\r
-import java.util.List;\r
-\r
-import javax.servlet.jsp.JspException;\r
-import javax.servlet.jsp.JspWriter;\r
-import javax.servlet.jsp.tagext.BodyContent;\r
-\r
-import org.opensaml.saml2.metadata.AttributeConsumingService;\r
-import org.opensaml.saml2.metadata.EntityDescriptor;\r
-import org.opensaml.saml2.metadata.LocalizedString;\r
-import org.opensaml.saml2.metadata.RoleDescriptor;\r
-import org.opensaml.saml2.metadata.SPSSODescriptor;\r
-import org.opensaml.saml2.metadata.ServiceDescription;\r
-import org.opensaml.samlext.saml2mdui.Description;\r
-import org.owasp.esapi.ESAPI;\r
-import org.owasp.esapi.Encoder;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-/**\r
- * Display the description from the &lt;mdui:UIInfo&gt;.\r
- * \r
- */\r
-public class ServiceDescriptionTag extends ServiceTagSupport {\r
-    \r
-    /** required by checkstyle. */\r
-    private static final long serialVersionUID = -2000941439055969537L;\r
-    /** Class logger. */\r
-    private static Logger log = LoggerFactory.getLogger(ServiceDescriptionTag.class);\r
-\r
-    /** \r
-     * look at &lt;Uiinfo&gt; if there and if so look for appropriate description.\r
-     * @return null or an appropriate description\r
-     */\r
-    private String getDescriptionFromUIInfo() {\r
-        String lang = getBrowserLanguage();\r
-\r
-        if (getSPUIInfo() != null && getSPUIInfo().getDescriptions() != null) {\r
-            for (Description desc:getSPUIInfo().getDescriptions()) {\r
-                if (log.isDebugEnabled()){\r
-                    log.debug("Found description in UIInfo, language=" + desc.getXMLLang());\r
-                }\r
-                if (desc.getXMLLang().equals(lang)) {\r
-                    //\r
-                    // Found it\r
-                    //\r
-                    if (log.isDebugEnabled()){\r
-                        log.debug("returning description from UIInfo " + desc.getName().getLocalString());\r
-                    }\r
-                    return desc.getName().getLocalString();\r
-                }\r
-            }\r
-            if (log.isDebugEnabled()){\r
-                log.debug("No valid description in UIInfo");\r
-            }            \r
-        }\r
-        return null;\r
-    }\r
-    \r
-    /**\r
-     * look for an &ltAttributeConsumeService&gt and if its there look for an appropriate description.\r
-     * @return null or an appropriate description\r
-     */\r
-    private String getDescriptionFromAttributeConsumingService() {\r
-        String lang = getBrowserLanguage();\r
-        List<RoleDescriptor> roles;\r
-        AttributeConsumingService acs = null;\r
-        EntityDescriptor sp = getSPEntityDescriptor();\r
-        \r
-        if (null == sp) {\r
-            log.debug("No relying party, nothing to display");\r
-            return null;\r
-        }\r
-\r
-        roles = sp.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME);\r
-        if (!roles.isEmpty()) {\r
-            SPSSODescriptor spssod = (SPSSODescriptor) roles.get(0);\r
-            acs = spssod.getDefaultAttributeConsumingService();\r
-        }\r
-        if (acs != null) {\r
-            for (ServiceDescription desc:acs.getDescriptions()) {\r
-                LocalizedString localDescription = desc.getDescription();\r
-                if (log.isDebugEnabled()){\r
-                    log.debug("Found name in AttributeConsumingService, language=" + localDescription.getLanguage());\r
-                }\r
-                if (localDescription.getLanguage().equals(lang)) {\r
-                    if (log.isDebugEnabled()){\r
-                        log.debug("returning name from AttributeConsumingService " + \r
-                                desc.getDescription().getLocalString());\r
-                    }\r
-                    return localDescription.getLocalString();\r
-                }\r
-            }\r
-            if (log.isDebugEnabled()){\r
-                log.debug("No description in AttributeConsumingService");\r
-            }            \r
-        }        \r
-        return null;\r
-    }\r
-\r
-    @Override\r
-    public int doEndTag() throws JspException {\r
-       \r
-        Encoder esapiEncoder = ESAPI.encoder();\r
-        String result;\r
-        //\r
-        // UIInfoirst\r
-        //\r
-        result = getDescriptionFromUIInfo();\r
-        \r
-        if (result == null) {\r
-            //\r
-            // Then AttributeCOnsumingService\r
-            //\r
-            result = getDescriptionFromAttributeConsumingService();\r
-        }\r
-\r
-        try {\r
-            if (null == result) {\r
-                BodyContent bc = getBodyContent();\r
-                if (null != bc) {\r
-                    JspWriter ew= bc.getEnclosingWriter();\r
-                    if (ew != null) {\r
-                        bc.writeOut(ew);\r
-                    }\r
-                }\r
-            } else {\r
-                result = esapiEncoder.encodeForHTML(result);\r
-                pageContext.getOut().print(result);\r
-            }\r
-        } catch (IOException e) {\r
-            log.warn("Error generating Description");\r
-            throw new JspException("EndTag", e);\r
-        }\r
-        return super.doEndTag();\r
-    }\r
-}\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.ui;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.tagext.BodyContent;
+
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceDescription;
+import org.opensaml.samlext.saml2mdui.Description;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Display the description from the &lt;mdui:UIInfo&gt;.
+ * 
+ */
+public class ServiceDescriptionTag extends ServiceTagSupport {
+    
+    /** required by checkstyle. */
+    private static final long serialVersionUID = -2000941439055969537L;
+    /** Class logger. */
+    private static Logger log = LoggerFactory.getLogger(ServiceDescriptionTag.class);
+
+    /** 
+     * look at &lt;Uiinfo&gt; if there and if so look for appropriate description.
+     * @return null or an appropriate description
+     */
+    private String getDescriptionFromUIInfo() {
+        String lang = getBrowserLanguage();
+
+        if (getSPUIInfo() != null && getSPUIInfo().getDescriptions() != null) {
+            for (Description desc:getSPUIInfo().getDescriptions()) {
+                if (log.isDebugEnabled()){
+                    log.debug("Found description in UIInfo, language=" + desc.getXMLLang());
+                }
+                if (desc.getXMLLang().equals(lang)) {
+                    //
+                    // Found it
+                    //
+                    if (log.isDebugEnabled()){
+                        log.debug("returning description from UIInfo " + desc.getName().getLocalString());
+                    }
+                    return desc.getName().getLocalString();
+                }
+            }
+            if (log.isDebugEnabled()){
+                log.debug("No valid description in UIInfo");
+            }            
+        }
+        return null;
+    }
+    
+    /**
+     * look for an &ltAttributeConsumeService&gt and if its there look for an appropriate description.
+     * @return null or an appropriate description
+     */
+    private String getDescriptionFromAttributeConsumingService() {
+        String lang = getBrowserLanguage();
+        List<RoleDescriptor> roles;
+        AttributeConsumingService acs = null;
+        EntityDescriptor sp = getSPEntityDescriptor();
+        
+        if (null == sp) {
+            log.debug("No relying party, nothing to display");
+            return null;
+        }
+
+        roles = sp.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+        if (!roles.isEmpty()) {
+            SPSSODescriptor spssod = (SPSSODescriptor) roles.get(0);
+            acs = spssod.getDefaultAttributeConsumingService();
+        }
+        if (acs != null) {
+            for (ServiceDescription desc:acs.getDescriptions()) {
+                LocalizedString localDescription = desc.getDescription();
+                if (log.isDebugEnabled()){
+                    log.debug("Found name in AttributeConsumingService, language=" + localDescription.getLanguage());
+                }
+                if (localDescription.getLanguage().equals(lang)) {
+                    if (log.isDebugEnabled()){
+                        log.debug("returning name from AttributeConsumingService " + 
+                                desc.getDescription().getLocalString());
+                    }
+                    return localDescription.getLocalString();
+                }
+            }
+            if (log.isDebugEnabled()){
+                log.debug("No description in AttributeConsumingService");
+            }            
+        }        
+        return null;
+    }
+
+    @Override
+    public int doEndTag() throws JspException {
+       
+        Encoder esapiEncoder = ESAPI.encoder();
+        String result;
+        //
+        // UIInfoirst
+        //
+        result = getDescriptionFromUIInfo();
+        
+        if (result == null) {
+            //
+            // Then AttributeCOnsumingService
+            //
+            result = getDescriptionFromAttributeConsumingService();
+        }
+
+        try {
+            if (null == result) {
+                BodyContent bc = getBodyContent();
+                if (null != bc) {
+                    JspWriter ew= bc.getEnclosingWriter();
+                    if (ew != null) {
+                        bc.writeOut(ew);
+                    }
+                }
+            } else {
+                result = esapiEncoder.encodeForHTML(result);
+                pageContext.getOut().print(result);
+            }
+        } catch (IOException e) {
+            log.warn("Error generating Description");
+            throw new JspException("EndTag", e);
+        }
+        return super.doEndTag();
+    }
+}
index 4e1ff21..25a303f 100644 (file)
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
-import java.io.IOException;\r
-\r
-import javax.servlet.jsp.JspException;\r
-import javax.servlet.jsp.JspWriter;\r
-import javax.servlet.jsp.tagext.BodyContent;\r
-\r
-import org.opensaml.samlext.saml2mdui.InformationURL;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-/**Service InformationURL - directly from the metadata if present.*/\r
-public class ServiceInformationURLTag extends ServiceTagSupport {\r
-    \r
-    /** check style requires the serialVersionUID.*/\r
-    private static final long serialVersionUID = 5601822745575892676L;\r
-    /** Class logger. */\r
-    private static Logger log = LoggerFactory.getLogger(ServiceInformationURLTag.class);\r
-\r
-    /** Bean storage for the link text attribute. */\r
-    private static String linkText;\r
-\r
-    /** Bean setter  for the link text attribute.\r
-     * @param text the link text to put in\r
-     */\r
-    public void setLinkText(String text) {\r
-        linkText = text;\r
-    }\r
-    \r
-    /**\r
-     * look for the &lt;InformationURL&gt; in the &lt;UIInfo&gt;.\r
-     * @return null or an appropriate string.\r
-     */\r
-    private String getInformationURLFromUIIinfo() {\r
-        String lang = getBrowserLanguage();\r
-\r
-        if (getSPUIInfo() != null && getSPUIInfo().getInformationURLs() != null) {\r
-            for (InformationURL infoURL:getSPUIInfo().getInformationURLs()) {\r
-                if (log.isDebugEnabled()){\r
-                    log.debug("Found InformationURL in UIInfo, language=" + infoURL.getXMLLang());\r
-                }\r
-                if (infoURL.getXMLLang().equals(lang)) {\r
-                    //\r
-                    // Found it\r
-                    //\r
-                    if (log.isDebugEnabled()){\r
-                        log.debug("returning URL from UIInfo " + infoURL.getURI().getLocalString());\r
-                    }\r
-                    return infoURL.getURI().getLocalString();\r
-                }\r
-            }\r
-            if (log.isDebugEnabled()){\r
-                log.debug("No relevant InformationURL in UIInfo");\r
-            }                       \r
-        }\r
-        return null;\r
-    }\r
-    @Override\r
-\r
-    public int doEndTag() throws JspException {\r
-       \r
-        String infoURL = getInformationURLFromUIIinfo();\r
-        \r
-        try {\r
-            if (null == infoURL) {\r
-                BodyContent bc = getBodyContent();\r
-                if (null != bc) {\r
-                    JspWriter ew= bc.getEnclosingWriter();\r
-                    if (ew != null) {\r
-                        bc.writeOut(ew);\r
-                    }\r
-                }\r
-            } else {\r
-                pageContext.getOut().print(buildHyperLink(infoURL, linkText));\r
-            }\r
-        } catch (IOException e) {\r
-            log.warn("Error generating Description");\r
-            throw new JspException("EndTag", e);\r
-        }\r
-        return super.doEndTag();\r
-    }\r
-\r
-\r
-}\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.ui;
+
+import java.io.IOException;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.tagext.BodyContent;
+
+import org.opensaml.samlext.saml2mdui.InformationURL;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**Service InformationURL - directly from the metadata if present.*/
+public class ServiceInformationURLTag extends ServiceTagSupport {
+    
+    /** check style requires the serialVersionUID.*/
+    private static final long serialVersionUID = 5601822745575892676L;
+    /** Class logger. */
+    private static Logger log = LoggerFactory.getLogger(ServiceInformationURLTag.class);
+
+    /** Bean storage for the link text attribute. */
+    private static String linkText;
+
+    /** Bean setter  for the link text attribute.
+     * @param text the link text to put in
+     */
+    public void setLinkText(String text) {
+        linkText = text;
+    }
+    
+    /**
+     * look for the &lt;InformationURL&gt; in the &lt;UIInfo&gt;.
+     * @return null or an appropriate string.
+     */
+    private String getInformationURLFromUIIinfo() {
+        String lang = getBrowserLanguage();
+
+        if (getSPUIInfo() != null && getSPUIInfo().getInformationURLs() != null) {
+            for (InformationURL infoURL:getSPUIInfo().getInformationURLs()) {
+                if (log.isDebugEnabled()){
+                    log.debug("Found InformationURL in UIInfo, language=" + infoURL.getXMLLang());
+                }
+                if (infoURL.getXMLLang().equals(lang)) {
+                    //
+                    // Found it
+                    //
+                    if (log.isDebugEnabled()){
+                        log.debug("returning URL from UIInfo " + infoURL.getURI().getLocalString());
+                    }
+                    return infoURL.getURI().getLocalString();
+                }
+            }
+            if (log.isDebugEnabled()){
+                log.debug("No relevant InformationURL in UIInfo");
+            }                       
+        }
+        return null;
+    }
+    @Override
+
+    public int doEndTag() throws JspException {
+       
+        String infoURL = getInformationURLFromUIIinfo();
+        
+        try {
+            if (null == infoURL) {
+                BodyContent bc = getBodyContent();
+                if (null != bc) {
+                    JspWriter ew= bc.getEnclosingWriter();
+                    if (ew != null) {
+                        bc.writeOut(ew);
+                    }
+                }
+            } else {
+                pageContext.getOut().print(buildHyperLink(infoURL, linkText));
+            }
+        } catch (IOException e) {
+            log.warn("Error generating Description");
+            throw new JspException("EndTag", e);
+        }
+        return super.doEndTag();
+    }
+
+
+}
index 9e46478..80758ed 100644 (file)
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
-import java.io.IOException;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-\r
-import javax.servlet.jsp.JspException;\r
-import javax.servlet.jsp.JspWriter;\r
-import javax.servlet.jsp.tagext.BodyContent;\r
-\r
-import org.opensaml.samlext.saml2mdui.Logo;\r
-import org.owasp.esapi.ESAPI;\r
-import org.owasp.esapi.Encoder;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-/**Logo for the SP.*/\r
-public class ServiceLogoTag extends ServiceTagSupport {\r
-\r
-    /**\r
-     * checkstyle control.\r
-     */\r
-    private static final long serialVersionUID = 6451849117572923712L;\r
-    /** Class logger. */\r
-    private static Logger log = LoggerFactory.getLogger(ServiceLogoTag.class);\r
-    /** what to emit if the jsp has nothing. */\r
-    private static final String DEFAULT_VALUE = "";\r
-    /** what to emit as alt txt if all else fails. */\r
-    private static final String DEFAULT_ALT_TXT = "SP Logo";\r
-\r
-    /** Bean storage. Size constraint X */\r
-    private int minWidth;\r
-    /** Bean storage. Size constraint X */\r
-    private int maxWidth = Integer.MAX_VALUE;\r
-    /** Bean storage. Size constraint Y */\r
-    private int minHeight;\r
-    /** Bean storage.  Size constraint Y */\r
-    private int maxHeight = Integer.MAX_VALUE;\r
-    /** Bean storage.  alt text */\r
-    private String altTxt;\r
-\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setMaxWidth(Integer value) {\r
-        maxWidth = value.intValue();\r
-    }\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setMinWidth(Integer value) {\r
-        minWidth = value.intValue();\r
-    }\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setMinHeight(Integer value) {\r
-        minHeight = value.intValue();\r
-    }\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setMaxHeight(Integer value) {\r
-        maxHeight = value.intValue();\r
-    }\r
-\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setAlt(String value) {\r
-        altTxt = value;\r
-    }\r
-\r
-    /**\r
-     * Whether the provided logo fits inside the constraints.\r
-     * @param logo the logo\r
-     * @return whether it fits the provided max and mins\r
-     */\r
-    private boolean logoFits(Logo logo) {\r
-        return logo.getHeight() <= maxHeight && logo.getHeight() >= minHeight &&\r
-               logo.getWidth() <= maxWidth && logo.getWidth() >= minWidth;\r
-    }\r
-    \r
-    /**\r
-     * get an appropriate Logo from UIInfo.\r
-     * @return the URL for a logo\r
-     */\r
-    private String getLogoFromUIInfo() {\r
-        String lang = getBrowserLanguage();\r
-\r
-        if (getSPUIInfo() != null && getSPUIInfo().getDescriptions() != null) {\r
-            for (Logo logo:getSPUIInfo().getLogos()) {\r
-                if (log.isDebugEnabled()){\r
-                    log.debug("Found logo in UIInfo, language=" + logo.getXMLLang() + \r
-                            " width=" + logo.getWidth() + " height=" +logo.getHeight());\r
-                }\r
-                if (null != logo.getXMLLang() && !logo.getXMLLang().equals(lang)) {\r
-                    //\r
-                    // there is a language and its now what we want\r
-                    continue;\r
-                }\r
-                if (!logoFits(logo)) {\r
-                    //\r
-                    // size out of range\r
-                    //\r
-                    continue;\r
-                }\r
-                //\r
-                // Found it\r
-                //\r
-                if (log.isDebugEnabled()) {\r
-                    log.debug("returning logo from UIInfo " + logo.getURL());\r
-                }\r
-                return logo.getURL();\r
-            }\r
-            if (log.isDebugEnabled()){\r
-                log.debug("No appropriate logo in UIInfo");\r
-            }            \r
-        }\r
-        return null;\r
-    }\r
-    \r
-    /** Find what the user specified for alt txt.\r
-     * @return the text required\r
-     */\r
-    private String getAltText() {\r
-        \r
-        //\r
-        // First see what the user tried\r
-        //\r
-        String value = altTxt;\r
-        if (null != value && 0 != value.length()) {\r
-            return value;\r
-        }\r
-        \r
-        //\r
-        // Try the request\r
-        //\r
-        value = getServiceName();\r
-        if (null != value && 0 != value.length()) {\r
-            return value;\r
-        }\r
-        \r
-        return DEFAULT_ALT_TXT;\r
-    }\r
-\r
-    /**\r
-     * Given the url build an appropriate &lta href=...\r
-     * @return the contrcuted hyperlink or null\r
-     */\r
-    private String getHyperlink() {\r
-        String url = getLogoFromUIInfo();\r
-        String encodedURL;\r
-        StringBuilder sb;\r
-        Encoder esapiEncoder = ESAPI.encoder();\r
-        \r
-        if (null == url) {\r
-            return null;\r
-        }\r
-        \r
-        try {\r
-            URI theUrl = new URI(url);\r
-            String scheme = theUrl.getScheme();\r
-    \r
-            if (!"http".equals(scheme) && !"https".equals(scheme) && !"mailto".equals(scheme)) {\r
-                log.warn("The logo URL " + url + " contained an invalid scheme");\r
-                return null;\r
-            }\r
-        } catch (URISyntaxException e) {\r
-            //\r
-            // Could not encode\r
-            //\r
-            log.warn("The logo URL " + url + " was not a URL " + e.toString());\r
-            return null;\r
-        }\r
-        \r
-        \r
-        encodedURL = esapiEncoder.encodeForHTMLAttribute(url);\r
-\r
-        sb = new StringBuilder("<img src=\"");\r
-        sb.append(encodedURL).append('"');\r
-        sb.append("alt=").append(getAltText()).append('"');\r
-        addClassAndId(sb);\r
-        sb.append("/>");\r
-        return sb.toString();\r
-    }\r
-    \r
-    @Override\r
-    public int doEndTag() throws JspException {\r
-       \r
-        String result = getHyperlink();\r
-        \r
-        try {\r
-            if (null == result) {\r
-                BodyContent bc = getBodyContent();\r
-                boolean written = false;\r
-                if (null != bc) {\r
-                    JspWriter ew= bc.getEnclosingWriter();\r
-                    if (ew != null) {\r
-                        bc.writeOut(ew);\r
-                        written = true;\r
-                    }\r
-                }\r
-                if (!written) {\r
-                    //\r
-                    // No value provided put in our own hardwired default\r
-                    //\r
-                    pageContext.getOut().print(DEFAULT_VALUE);\r
-                }\r
-            } else {\r
-                pageContext.getOut().print(result);\r
-            }\r
-        } catch (IOException e) {\r
-            log.warn("Error generating Description");\r
-            throw new JspException("EndTag", e);\r
-        }\r
-        return super.doEndTag();\r
-    }\r
-}\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.ui;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.tagext.BodyContent;
+
+import org.opensaml.samlext.saml2mdui.Logo;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**Logo for the SP.*/
+public class ServiceLogoTag extends ServiceTagSupport {
+
+    /**
+     * checkstyle control.
+     */
+    private static final long serialVersionUID = 6451849117572923712L;
+    /** Class logger. */
+    private static Logger log = LoggerFactory.getLogger(ServiceLogoTag.class);
+    /** what to emit if the jsp has nothing. */
+    private static final String DEFAULT_VALUE = "";
+    /** what to emit as alt txt if all else fails. */
+    private static final String DEFAULT_ALT_TXT = "SP Logo";
+
+    /** Bean storage. Size constraint X */
+    private int minWidth;
+    /** Bean storage. Size constraint X */
+    private int maxWidth = Integer.MAX_VALUE;
+    /** Bean storage. Size constraint Y */
+    private int minHeight;
+    /** Bean storage.  Size constraint Y */
+    private int maxHeight = Integer.MAX_VALUE;
+    /** Bean storage.  alt text */
+    private String altTxt;
+
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setMaxWidth(Integer value) {
+        maxWidth = value.intValue();
+    }
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setMinWidth(Integer value) {
+        minWidth = value.intValue();
+    }
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setMinHeight(Integer value) {
+        minHeight = value.intValue();
+    }
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setMaxHeight(Integer value) {
+        maxHeight = value.intValue();
+    }
+
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setAlt(String value) {
+        altTxt = value;
+    }
+
+    /**
+     * Whether the provided logo fits inside the constraints.
+     * @param logo the logo
+     * @return whether it fits the provided max and mins
+     */
+    private boolean logoFits(Logo logo) {
+        return logo.getHeight() <= maxHeight && logo.getHeight() >= minHeight &&
+               logo.getWidth() <= maxWidth && logo.getWidth() >= minWidth;
+    }
+    
+    /**
+     * get an appropriate Logo from UIInfo.
+     * @return the URL for a logo
+     */
+    private String getLogoFromUIInfo() {
+        String lang = getBrowserLanguage();
+
+        if (getSPUIInfo() != null && getSPUIInfo().getDescriptions() != null) {
+            for (Logo logo:getSPUIInfo().getLogos()) {
+                if (log.isDebugEnabled()){
+                    log.debug("Found logo in UIInfo, language=" + logo.getXMLLang() + 
+                            " width=" + logo.getWidth() + " height=" +logo.getHeight());
+                }
+                if (null != logo.getXMLLang() && !logo.getXMLLang().equals(lang)) {
+                    //
+                    // there is a language and its now what we want
+                    continue;
+                }
+                if (!logoFits(logo)) {
+                    //
+                    // size out of range
+                    //
+                    continue;
+                }
+                //
+                // Found it
+                //
+                if (log.isDebugEnabled()) {
+                    log.debug("returning logo from UIInfo " + logo.getURL());
+                }
+                return logo.getURL();
+            }
+            if (log.isDebugEnabled()){
+                log.debug("No appropriate logo in UIInfo");
+            }            
+        }
+        return null;
+    }
+    
+    /** Find what the user specified for alt txt.
+     * @return the text required
+     */
+    private String getAltText() {
+        
+        //
+        // First see what the user tried
+        //
+        String value = altTxt;
+        if (null != value && 0 != value.length()) {
+            return value;
+        }
+        
+        //
+        // Try the request
+        //
+        value = getServiceName();
+        if (null != value && 0 != value.length()) {
+            return value;
+        }
+        
+        return DEFAULT_ALT_TXT;
+    }
+
+    /**
+     * Given the url build an appropriate &lta href=...
+     * @return the contrcuted hyperlink or null
+     */
+    private String getHyperlink() {
+        String url = getLogoFromUIInfo();
+        String encodedURL;
+        StringBuilder sb;
+        Encoder esapiEncoder = ESAPI.encoder();
+        
+        if (null == url) {
+            return null;
+        }
+        
+        try {
+            URI theUrl = new URI(url);
+            String scheme = theUrl.getScheme();
+    
+            if (!"http".equals(scheme) && !"https".equals(scheme) && !"mailto".equals(scheme)) {
+                log.warn("The logo URL " + url + " contained an invalid scheme");
+                return null;
+            }
+        } catch (URISyntaxException e) {
+            //
+            // Could not encode
+            //
+            log.warn("The logo URL " + url + " was not a URL " + e.toString());
+            return null;
+        }
+        
+        
+        encodedURL = esapiEncoder.encodeForHTMLAttribute(url);
+
+        sb = new StringBuilder("<img src=\"");
+        sb.append(encodedURL).append('"');
+        sb.append("alt=").append(getAltText()).append('"');
+        addClassAndId(sb);
+        sb.append("/>");
+        return sb.toString();
+    }
+    
+    @Override
+    public int doEndTag() throws JspException {
+       
+        String result = getHyperlink();
+        
+        try {
+            if (null == result) {
+                BodyContent bc = getBodyContent();
+                boolean written = false;
+                if (null != bc) {
+                    JspWriter ew= bc.getEnclosingWriter();
+                    if (ew != null) {
+                        bc.writeOut(ew);
+                        written = true;
+                    }
+                }
+                if (!written) {
+                    //
+                    // No value provided put in our own hardwired default
+                    //
+                    pageContext.getOut().print(DEFAULT_VALUE);
+                }
+            } else {
+                pageContext.getOut().print(result);
+            }
+        } catch (IOException e) {
+            log.warn("Error generating Description");
+            throw new JspException("EndTag", e);
+        }
+        return super.doEndTag();
+    }
+}
index b9d937e..3b56d42 100644 (file)
@@ -1,83 +1,83 @@
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
-import java.io.IOException;\r
-\r
-import javax.servlet.jsp.JspException;\r
-import javax.servlet.jsp.JspWriter;\r
-import javax.servlet.jsp.tagext.BodyContent;\r
-\r
-import org.owasp.esapi.ESAPI;\r
-import org.owasp.esapi.Encoder;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-\r
-/**\r
- * Display the serviceName.\r
- * \r
- * This is taken in order\r
- *  1) From the mdui\r
- *  2) AttributeConsumeService\r
- *  3) HostName from the EntityId\r
- *  4) EntityId.\r
- */\r
-public class ServiceNameTag extends ServiceTagSupport {\r
-\r
-    /** checkstyle requires one of these. */\r
-    private static final long serialVersionUID = 8883158293402992407L;\r
-    /** Class logger. */\r
-    private static Logger log = LoggerFactory.getLogger(ServiceNameTag.class);\r
-    \r
-    /** what to emit if the jsp has nothing. */\r
-    private static final String DEFAULT_VALUE = "Unspecified Service Provider";\r
-\r
-    @Override\r
-    public int doStartTag() throws JspException {\r
-       \r
-        try {\r
-            String rawServiceName = getServiceName();\r
-            \r
-            Encoder esapiEncoder = ESAPI.encoder();\r
-            \r
-            String serviceName = esapiEncoder.encodeForHTML(rawServiceName);\r
-            \r
-            if (null == serviceName) {\r
-                BodyContent bc = getBodyContent();\r
-                boolean written = false;\r
-                if (null != bc) {\r
-                    JspWriter ew= bc.getEnclosingWriter();\r
-                    if (ew != null) {\r
-                        bc.writeOut(ew);\r
-                        written = true;\r
-                    }\r
-                }\r
-                if (!written) {\r
-                    pageContext.getOut().print(DEFAULT_VALUE);\r
-                }\r
-            } else {\r
-                pageContext.getOut().print(serviceName);\r
-            }\r
-        } catch (IOException e) {\r
-            log.warn("Error generating name");\r
-            throw new JspException("StartTag", e);\r
-        }\r
-        return super.doStartTag();\r
-    }\r
-}\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.ui;
+
+import java.io.IOException;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.tagext.BodyContent;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Display the serviceName.
+ * 
+ * This is taken in order
+ *  1) From the mdui
+ *  2) AttributeConsumeService
+ *  3) HostName from the EntityId
+ *  4) EntityId.
+ */
+public class ServiceNameTag extends ServiceTagSupport {
+
+    /** checkstyle requires one of these. */
+    private static final long serialVersionUID = 8883158293402992407L;
+    /** Class logger. */
+    private static Logger log = LoggerFactory.getLogger(ServiceNameTag.class);
+    
+    /** what to emit if the jsp has nothing. */
+    private static final String DEFAULT_VALUE = "Unspecified Service Provider";
+
+    @Override
+    public int doStartTag() throws JspException {
+       
+        try {
+            String rawServiceName = getServiceName();
+            
+            Encoder esapiEncoder = ESAPI.encoder();
+            
+            String serviceName = esapiEncoder.encodeForHTML(rawServiceName);
+            
+            if (null == serviceName) {
+                BodyContent bc = getBodyContent();
+                boolean written = false;
+                if (null != bc) {
+                    JspWriter ew= bc.getEnclosingWriter();
+                    if (ew != null) {
+                        bc.writeOut(ew);
+                        written = true;
+                    }
+                }
+                if (!written) {
+                    pageContext.getOut().print(DEFAULT_VALUE);
+                }
+            } else {
+                pageContext.getOut().print(serviceName);
+            }
+        } catch (IOException e) {
+            log.warn("Error generating name");
+            throw new JspException("StartTag", e);
+        }
+        return super.doStartTag();
+    }
+}
index ecb1335..68334ac 100644 (file)
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
-import java.io.IOException;\r
-\r
-import javax.servlet.jsp.JspException;\r
-import javax.servlet.jsp.JspWriter;\r
-import javax.servlet.jsp.tagext.BodyContent;\r
-\r
-import org.opensaml.samlext.saml2mdui.PrivacyStatementURL;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-/** Service PrivacyURL - directly from the metadata if present.*/\r
-public class ServicePrivacyURLTag extends ServiceTagSupport {\r
-\r
-    /** checkstyle needs serial version UID. */\r
-    private static final long serialVersionUID = 1706444251504545781L;\r
-    \r
-    /** Class logger. */\r
-    private static Logger log = LoggerFactory.getLogger(ServicePrivacyURLTag.class);\r
-\r
-    /** Bean storage for the link text attribute. */\r
-    private static String linkText;\r
-    \r
-    /** Bean setter  for the link text attribute.\r
-     * @param text the link text to put in\r
-     */\r
-    public void setLinkText(String text) {\r
-        linkText = text;\r
-    }\r
-    \r
-    /**\r
-     * look for the &lt;PrivacyURL&gt; in the &lt;UIInfo&gt;.\r
-     * @return null or an appropriate string.\r
-     */\r
-    private String getPrivacyURLFromUIIinfo() {\r
-        String lang = getBrowserLanguage();\r
-\r
-        if (getSPUIInfo() != null && getSPUIInfo().getPrivacyStatementURLs() != null) {\r
-            for (PrivacyStatementURL privacyURL:getSPUIInfo().getPrivacyStatementURLs()) {\r
-                if (log.isDebugEnabled()){\r
-                    log.debug("Found PrivacyStatementURL in UIInfo, language=" + privacyURL.getXMLLang());\r
-                }\r
-                if (privacyURL.getXMLLang().equals(lang)) {\r
-                    //\r
-                    // Found it\r
-                    //\r
-                    if (log.isDebugEnabled()){\r
-                        log.debug("returning URL from UIInfo " + privacyURL.getURI().getLocalString());\r
-                    }\r
-                    return privacyURL.getURI().getLocalString();\r
-                }\r
-            }\r
-            if (log.isDebugEnabled()){\r
-                log.debug("No relevant PrivacyStatementURL in UIInfo");\r
-            }                       \r
-        }\r
-        return null;\r
-    }\r
-    \r
-    @Override\r
-\r
-    public int doEndTag() throws JspException {\r
-       \r
-        String privacyURL = getPrivacyURLFromUIIinfo();\r
-        \r
-        try {\r
-            if (null == privacyURL) {\r
-                BodyContent bc = getBodyContent();\r
-                if (null != bc) {\r
-                    JspWriter ew= bc.getEnclosingWriter();\r
-                    if (ew != null) {\r
-                        bc.writeOut(ew);\r
-                    }\r
-                }\r
-            } else {\r
-                pageContext.getOut().print(buildHyperLink(privacyURL, linkText));\r
-            }\r
-        } catch (IOException e) {\r
-            log.warn("Error generating Description");\r
-            throw new JspException("EndTag", e);\r
-        }\r
-        return super.doEndTag();\r
-    }\r
-\r
-}\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.ui;
+
+import java.io.IOException;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.tagext.BodyContent;
+
+import org.opensaml.samlext.saml2mdui.PrivacyStatementURL;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** Service PrivacyURL - directly from the metadata if present.*/
+public class ServicePrivacyURLTag extends ServiceTagSupport {
+
+    /** checkstyle needs serial version UID. */
+    private static final long serialVersionUID = 1706444251504545781L;
+    
+    /** Class logger. */
+    private static Logger log = LoggerFactory.getLogger(ServicePrivacyURLTag.class);
+
+    /** Bean storage for the link text attribute. */
+    private static String linkText;
+    
+    /** Bean setter  for the link text attribute.
+     * @param text the link text to put in
+     */
+    public void setLinkText(String text) {
+        linkText = text;
+    }
+    
+    /**
+     * look for the &lt;PrivacyURL&gt; in the &lt;UIInfo&gt;.
+     * @return null or an appropriate string.
+     */
+    private String getPrivacyURLFromUIIinfo() {
+        String lang = getBrowserLanguage();
+
+        if (getSPUIInfo() != null && getSPUIInfo().getPrivacyStatementURLs() != null) {
+            for (PrivacyStatementURL privacyURL:getSPUIInfo().getPrivacyStatementURLs()) {
+                if (log.isDebugEnabled()){
+                    log.debug("Found PrivacyStatementURL in UIInfo, language=" + privacyURL.getXMLLang());
+                }
+                if (privacyURL.getXMLLang().equals(lang)) {
+                    //
+                    // Found it
+                    //
+                    if (log.isDebugEnabled()){
+                        log.debug("returning URL from UIInfo " + privacyURL.getURI().getLocalString());
+                    }
+                    return privacyURL.getURI().getLocalString();
+                }
+            }
+            if (log.isDebugEnabled()){
+                log.debug("No relevant PrivacyStatementURL in UIInfo");
+            }                       
+        }
+        return null;
+    }
+    
+    @Override
+
+    public int doEndTag() throws JspException {
+       
+        String privacyURL = getPrivacyURLFromUIIinfo();
+        
+        try {
+            if (null == privacyURL) {
+                BodyContent bc = getBodyContent();
+                if (null != bc) {
+                    JspWriter ew= bc.getEnclosingWriter();
+                    if (ew != null) {
+                        bc.writeOut(ew);
+                    }
+                }
+            } else {
+                pageContext.getOut().print(buildHyperLink(privacyURL, linkText));
+            }
+        } catch (IOException e) {
+            log.warn("Error generating Description");
+            throw new JspException("EndTag", e);
+        }
+        return super.doEndTag();
+    }
+
+}
index b92e673..a08f2d2 100644 (file)
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.util.List;\r
-\r
-import javax.servlet.ServletContext;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.jsp.tagext.BodyTagSupport;\r
-\r
-import org.opensaml.saml2.common.Extensions;\r
-import org.opensaml.saml2.metadata.AttributeConsumingService;\r
-import org.opensaml.saml2.metadata.EntityDescriptor;\r
-import org.opensaml.saml2.metadata.LocalizedString;\r
-import org.opensaml.saml2.metadata.RoleDescriptor;\r
-import org.opensaml.saml2.metadata.SPSSODescriptor;\r
-import org.opensaml.saml2.metadata.ServiceName;\r
-import org.opensaml.samlext.saml2mdui.DisplayName;\r
-import org.opensaml.samlext.saml2mdui.UIInfo;\r
-import org.opensaml.xml.XMLObject;\r
-import org.owasp.esapi.ESAPI;\r
-import org.owasp.esapi.Encoder;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfigurationManager;\r
-import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;\r
-import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;\r
-\r
-\r
-/**\r
- * Display the serviceName.\r
- * \r
- * This is taken in order\r
- *  1) From the mdui\r
- *  2) AttributeConsumeService\r
- *  3) HostName from the EntityId\r
- *  4) EntityId.\r
- */\r
-public class ServiceTagSupport extends BodyTagSupport{\r
-\r
-    /**\r
-     * checkstyle requires this serialization info.\r
-     */\r
-    private static final long serialVersionUID = 7988646597267865255L;\r
-    \r
-    /** Class logger. */\r
-    private static Logger log = LoggerFactory.getLogger(ServiceTagSupport.class);\r
-\r
-    /** Bean storage. class reference*/\r
-    private String cssClass;\r
-    /** Bean storage. id reference*/\r
-    private String cssId;\r
-    /** Bean storage. style reference*/\r
-    private String cssStyle;\r
-\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setCssClass(String value) {\r
-        cssClass = value;\r
-    }\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setCssId(String value) {\r
-        cssId = value;\r
-    }\r
-\r
-    /** Bean setter.\r
-     * @param value what to set\r
-     */\r
-    public void setCssStyle(String value) {\r
-        cssStyle = value;\r
-    }\r
-\r
-    /**\r
-     * Add the class and Id if present.\r
-     * @param sb the stringbuilder to asdd to.\r
-     */\r
-    protected void addClassAndId(StringBuilder sb) {\r
-        if (cssClass != null) {\r
-            sb.append(" class=\"").append(cssClass).append('"');\r
-        }\r
-        if (cssId != null) {\r
-            sb.append(" id=\"").append(cssId).append('"');\r
-        }\r
-        if (cssStyle != null) {\r
-            sb.append(" style=\"").append(cssStyle).append('"');\r
-        }\r
-    }\r
-    \r
-    /**\r
-     * build a hyperlink from the parameters.\r
-     * @param url the URL\r
-     * @param text what to embed\r
-     * @return the hyperlink.\r
-     */\r
-    protected String buildHyperLink(String url, String text) {\r
-        String encodedUrl;\r
-        Encoder esapiEncoder = ESAPI.encoder();\r
-       \r
-        try {\r
-            URI theUrl = new URI(url);\r
-            String scheme = theUrl.getScheme();\r
-\r
-            if (!"http".equals(scheme) && !"https".equals(scheme) && !"mailto".equals(scheme)) {\r
-                log.warn("The URL " + url + " contained an invalid scheme");\r
-                return "";\r
-            }\r
-            encodedUrl = esapiEncoder.encodeForHTMLAttribute(url);\r
-        } catch (URISyntaxException e) {\r
-            // \r
-            // It wasn't an URI.\r
-            //\r
-            log.warn("The URL " + url + " was invalid: " + e.toString());\r
-            return "";\r
-        }\r
-        \r
-        StringBuilder sb = new StringBuilder("<a href=\"");\r
-        sb.append(encodedUrl).append('"');\r
-        addClassAndId(sb);\r
-        sb.append(">").append(text).append("</a>");\r
-        return sb.toString();\r
-    }\r
-    \r
-    /**\r
-     * Get the EntityDescriptor for the relying party.\r
-     * @return the SPs EntityDescriptor\r
-     */\r
-    protected EntityDescriptor getSPEntityDescriptor() {\r
-        LoginContext loginContext;\r
-        HttpServletRequest request;\r
-        ServletContext application;\r
-        RelyingPartyConfigurationManager rpConfigMngr;\r
-        EntityDescriptor spEntity;\r
-        \r
-        //\r
-        // Populate up those things that jsp gives us.\r
-        //\r
-        request = (HttpServletRequest) pageContext.getRequest();\r
-        application = pageContext.getServletContext();\r
-        \r
-        if (request == null || application == null) {\r
-           return null;\r
-        }\r
-        //\r
-        // grab the login context and the RP config mgr.\r
-        //\r
-        loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),\r
-                application, request);\r
-        rpConfigMngr = HttpServletHelper.getRelyingPartyConfigurationManager(application);\r
-        if (loginContext == null || rpConfigMngr == null) {\r
-            return null;\r
-        }\r
-        spEntity = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(), rpConfigMngr);\r
-\r
-        return spEntity;\r
-    }\r
-    /**\r
-     * Traverse the SP's EntityDescriptor and pick out the UIInfo.\r
-     * @return the first UIInfo for the SP.\r
-     */\r
-    protected UIInfo getSPUIInfo() {\r
-        EntityDescriptor spEntity = getSPEntityDescriptor();\r
-        Extensions exts;\r
-        \r
-        if (null == spEntity) {\r
-            //\r
-            // all done\r
-            //\r
-            return null;\r
-        }\r
-\r
-        for (RoleDescriptor role:spEntity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME)) {\r
-            exts = role.getExtensions();\r
-            if (exts != null) {\r
-                for (XMLObject object:exts.getOrderedChildren()) {\r
-                    if (object instanceof UIInfo) {\r
-                        return (UIInfo) object;\r
-                    }\r
-                }\r
-            }\r
-        }\r
-        return null;\r
-    }\r
-            \r
-    /**\r
-     * Pluck the language from the browser.\r
-     * @return the two letter language\r
-     */\r
-    protected String getBrowserLanguage() {\r
-        HttpServletRequest request;\r
-        request = (HttpServletRequest) pageContext.getRequest();\r
-        \r
-        return request.getLocale().getLanguage();\r
-    }\r
-    /**\r
-     * If the entityId can look like a host return that otherwise the string.\r
-     * @return either the host or the entityId.\r
-     */\r
-    private String getNameFromEntityId() {\r
-        EntityDescriptor sp = getSPEntityDescriptor();\r
-        \r
-        if (null == sp) {\r
-            log.debug("No relying party, nothing to display");\r
-            return null;\r
-        }\r
-\r
-        try {\r
-            URI entityId = new URI(sp.getEntityID());\r
-            String scheme = entityId.getScheme();\r
-\r
-            if ("http".equals(scheme) || "https".equals(scheme)) {\r
-                return entityId.getHost(); \r
-            }\r
-        } catch (URISyntaxException e) {\r
-            // \r
-            // It wasn't an URI.  return full entityId.\r
-            //\r
-            return sp.getEntityID();\r
-        }\r
-        //\r
-        // not a URL return full entityID\r
-        //\r
-        return sp.getEntityID();\r
-    }\r
-    \r
-    /** \r
-     * look at &lt;Uiinfo&gt; if there and if so look for appropriate name.\r
-     * @return null or an appropriate name\r
-     */\r
-    private String getNameFromUIInfo() {\r
-        String lang = getBrowserLanguage();\r
-\r
-        if (getSPUIInfo() != null) {\r
-            for (DisplayName name:getSPUIInfo().getDisplayNames()) {\r
-                if (log.isDebugEnabled()){\r
-                    log.debug("Found name in UIInfo, language=" + name.getXMLLang());\r
-                }\r
-                if (name.getXMLLang().equals(lang)) {\r
-                    //\r
-                    // Found it\r
-                    //\r
-                    if (log.isDebugEnabled()){\r
-                        log.debug("returning name from UIInfo " + name.getName().getLocalString());\r
-                    }\r
-                    return name.getName().getLocalString();\r
-                }\r
-            }\r
-            if (log.isDebugEnabled()){\r
-                log.debug("No name in UIInfo");\r
-            }            \r
-        }\r
-        return null;\r
-    }\r
-\r
-    /**\r
-     * look for an &ltAttributeConsumeService&gt and if its there look for an appropriate name.\r
-     * @return null or an appropriate name\r
-     */\r
-    private String getNameFromAttributeConsumingService(){\r
-        String lang = getBrowserLanguage();\r
-        List<RoleDescriptor> roles;\r
-        AttributeConsumingService acs = null;\r
-        EntityDescriptor sp = getSPEntityDescriptor();\r
-        \r
-        if (null == sp) {\r
-            log.warn("No relying party, nothing to display");\r
-            return null;\r
-        }\r
-\r
-        roles = sp.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME);\r
-        if (!roles.isEmpty()) {\r
-            SPSSODescriptor spssod = (SPSSODescriptor) roles.get(0);\r
-            acs = spssod.getDefaultAttributeConsumingService();\r
-        }\r
-        if (acs != null) {\r
-            for (ServiceName name:acs.getNames()) {\r
-                LocalizedString localName = name.getName();\r
-                if (log.isDebugEnabled()){\r
-                    log.debug("Found name in AttributeConsumingService, language=" + localName.getLanguage());\r
-                }\r
-                if (localName.getLanguage().equals(lang)) {\r
-                    if (log.isDebugEnabled()){\r
-                        log.debug("returning name from AttributeConsumingService " + name.getName().getLocalString());\r
-                    }\r
-                    return localName.getLocalString();\r
-                }\r
-            }\r
-            if (log.isDebugEnabled()){\r
-                log.debug("No name in AttributeConsumingService");\r
-            }            \r
-        }        \r
-        return null;\r
-    }\r
-    \r
-    /**\r
-     * Get the identifier for the service name as per the rules above.\r
-     * @return something sensible for display.\r
-     */\r
-    protected String getServiceName() {\r
-        String result;\r
-        //\r
-        // First look for MDUI\r
-        //\r
-        if (getSPEntityDescriptor() == null) {\r
-            log.debug("No relying party, nothing to display");\r
-            return null;\r
-        }\r
-        //\r
-        // Look at <UIInfo>\r
-        //\r
-        result = getNameFromUIInfo();\r
-        if (result != null) {\r
-            return result;\r
-        }\r
-        \r
-        //\r
-        // Otherwise <AttributeConsumingService>\r
-        //\r
-        result = getNameFromAttributeConsumingService();\r
-        if (result != null) {\r
-            return result;\r
-        }\r
-        \r
-        //\r
-        // Or look at the entityName\r
-        //\r
-        return getNameFromEntityId();\r
-    }\r
-    \r
-\r
-}\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.ui;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.List;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.jsp.tagext.BodyTagSupport;
+
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.samlext.saml2mdui.DisplayName;
+import org.opensaml.samlext.saml2mdui.UIInfo;
+import org.opensaml.xml.XMLObject;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfigurationManager;
+import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
+import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
+
+
+/**
+ * Display the serviceName.
+ * 
+ * This is taken in order
+ *  1) From the mdui
+ *  2) AttributeConsumeService
+ *  3) HostName from the EntityId
+ *  4) EntityId.
+ */
+public class ServiceTagSupport extends BodyTagSupport{
+
+    /**
+     * checkstyle requires this serialization info.
+     */
+    private static final long serialVersionUID = 7988646597267865255L;
+    
+    /** Class logger. */
+    private static Logger log = LoggerFactory.getLogger(ServiceTagSupport.class);
+
+    /** Bean storage. class reference*/
+    private String cssClass;
+    /** Bean storage. id reference*/
+    private String cssId;
+    /** Bean storage. style reference*/
+    private String cssStyle;
+
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setCssClass(String value) {
+        cssClass = value;
+    }
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setCssId(String value) {
+        cssId = value;
+    }
+
+    /** Bean setter.
+     * @param value what to set
+     */
+    public void setCssStyle(String value) {
+        cssStyle = value;
+    }
+
+    /**
+     * Add the class and Id if present.
+     * @param sb the stringbuilder to asdd to.
+     */
+    protected void addClassAndId(StringBuilder sb) {
+        if (cssClass != null) {
+            sb.append(" class=\"").append(cssClass).append('"');
+        }
+        if (cssId != null) {
+            sb.append(" id=\"").append(cssId).append('"');
+        }
+        if (cssStyle != null) {
+            sb.append(" style=\"").append(cssStyle).append('"');
+        }
+    }
+    
+    /**
+     * build a hyperlink from the parameters.
+     * @param url the URL
+     * @param text what to embed
+     * @return the hyperlink.
+     */
+    protected String buildHyperLink(String url, String text) {
+        String encodedUrl;
+        Encoder esapiEncoder = ESAPI.encoder();
+       
+        try {
+            URI theUrl = new URI(url);
+            String scheme = theUrl.getScheme();
+
+            if (!"http".equals(scheme) && !"https".equals(scheme) && !"mailto".equals(scheme)) {
+                log.warn("The URL " + url + " contained an invalid scheme");
+                return "";
+            }
+            encodedUrl = esapiEncoder.encodeForHTMLAttribute(url);
+        } catch (URISyntaxException e) {
+            // 
+            // It wasn't an URI.
+            //
+            log.warn("The URL " + url + " was invalid: " + e.toString());
+            return "";
+        }
+        
+        StringBuilder sb = new StringBuilder("<a href=\"");
+        sb.append(encodedUrl).append('"');
+        addClassAndId(sb);
+        sb.append(">").append(text).append("</a>");
+        return sb.toString();
+    }
+    
+    /**
+     * Get the EntityDescriptor for the relying party.
+     * @return the SPs EntityDescriptor
+     */
+    protected EntityDescriptor getSPEntityDescriptor() {
+        LoginContext loginContext;
+        HttpServletRequest request;
+        ServletContext application;
+        RelyingPartyConfigurationManager rpConfigMngr;
+        EntityDescriptor spEntity;
+        
+        //
+        // Populate up those things that jsp gives us.
+        //
+        request = (HttpServletRequest) pageContext.getRequest();
+        application = pageContext.getServletContext();
+        
+        if (request == null || application == null) {
+           return null;
+        }
+        //
+        // grab the login context and the RP config mgr.
+        //
+        loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
+                application, request);
+        rpConfigMngr = HttpServletHelper.getRelyingPartyConfigurationManager(application);
+        if (loginContext == null || rpConfigMngr == null) {
+            return null;
+        }
+        spEntity = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(), rpConfigMngr);
+
+        return spEntity;
+    }
+    /**
+     * Traverse the SP's EntityDescriptor and pick out the UIInfo.
+     * @return the first UIInfo for the SP.
+     */
+    protected UIInfo getSPUIInfo() {
+        EntityDescriptor spEntity = getSPEntityDescriptor();
+        Extensions exts;
+        
+        if (null == spEntity) {
+            //
+            // all done
+            //
+            return null;
+        }
+
+        for (RoleDescriptor role:spEntity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME)) {
+            exts = role.getExtensions();
+            if (exts != null) {
+                for (XMLObject object:exts.getOrderedChildren()) {
+                    if (object instanceof UIInfo) {
+                        return (UIInfo) object;
+                    }
+                }
+            }
+        }
+        return null;
+    }
+            
+    /**
+     * Pluck the language from the browser.
+     * @return the two letter language
+     */
+    protected String getBrowserLanguage() {
+        HttpServletRequest request;
+        request = (HttpServletRequest) pageContext.getRequest();
+        
+        return request.getLocale().getLanguage();
+    }
+    /**
+     * If the entityId can look like a host return that otherwise the string.
+     * @return either the host or the entityId.
+     */
+    private String getNameFromEntityId() {
+        EntityDescriptor sp = getSPEntityDescriptor();
+        
+        if (null == sp) {
+            log.debug("No relying party, nothing to display");
+            return null;
+        }
+
+        try {
+            URI entityId = new URI(sp.getEntityID());
+            String scheme = entityId.getScheme();
+
+            if ("http".equals(scheme) || "https".equals(scheme)) {
+                return entityId.getHost(); 
+            }
+        } catch (URISyntaxException e) {
+            // 
+            // It wasn't an URI.  return full entityId.
+            //
+            return sp.getEntityID();
+        }
+        //
+        // not a URL return full entityID
+        //
+        return sp.getEntityID();
+    }
+    
+    /** 
+     * look at &lt;Uiinfo&gt; if there and if so look for appropriate name.
+     * @return null or an appropriate name
+     */
+    private String getNameFromUIInfo() {
+        String lang = getBrowserLanguage();
+
+        if (getSPUIInfo() != null) {
+            for (DisplayName name:getSPUIInfo().getDisplayNames()) {
+                if (log.isDebugEnabled()){
+                    log.debug("Found name in UIInfo, language=" + name.getXMLLang());
+                }
+                if (name.getXMLLang().equals(lang)) {
+                    //
+                    // Found it
+                    //
+                    if (log.isDebugEnabled()){
+                        log.debug("returning name from UIInfo " + name.getName().getLocalString());
+                    }
+                    return name.getName().getLocalString();
+                }
+            }
+            if (log.isDebugEnabled()){
+                log.debug("No name in UIInfo");
+            }            
+        }
+        return null;
+    }
+
+    /**
+     * look for an &ltAttributeConsumeService&gt and if its there look for an appropriate name.
+     * @return null or an appropriate name
+     */
+    private String getNameFromAttributeConsumingService(){
+        String lang = getBrowserLanguage();
+        List<RoleDescriptor> roles;
+        AttributeConsumingService acs = null;
+        EntityDescriptor sp = getSPEntityDescriptor();
+        
+        if (null == sp) {
+            log.warn("No relying party, nothing to display");
+            return null;
+        }
+
+        roles = sp.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+        if (!roles.isEmpty()) {
+            SPSSODescriptor spssod = (SPSSODescriptor) roles.get(0);
+            acs = spssod.getDefaultAttributeConsumingService();
+        }
+        if (acs != null) {
+            for (ServiceName name:acs.getNames()) {
+                LocalizedString localName = name.getName();
+                if (log.isDebugEnabled()){
+                    log.debug("Found name in AttributeConsumingService, language=" + localName.getLanguage());
+                }
+                if (localName.getLanguage().equals(lang)) {
+                    if (log.isDebugEnabled()){
+                        log.debug("returning name from AttributeConsumingService " + name.getName().getLocalString());
+                    }
+                    return localName.getLocalString();
+                }
+            }
+            if (log.isDebugEnabled()){
+                log.debug("No name in AttributeConsumingService");
+            }            
+        }        
+        return null;
+    }
+    
+    /**
+     * Get the identifier for the service name as per the rules above.
+     * @return something sensible for display.
+     */
+    protected String getServiceName() {
+        String result;
+        //
+        // First look for MDUI
+        //
+        if (getSPEntityDescriptor() == null) {
+            log.debug("No relying party, nothing to display");
+            return null;
+        }
+        //
+        // Look at <UIInfo>
+        //
+        result = getNameFromUIInfo();
+        if (result != null) {
+            return result;
+        }
+        
+        //
+        // Otherwise <AttributeConsumingService>
+        //
+        result = getNameFromAttributeConsumingService();
+        if (result != null) {
+            return result;
+        }
+        
+        //
+        // Or look at the entityName
+        //
+        return getNameFromEntityId();
+    }
+    
+
+}
index 9af447e..5600c35 100644 (file)
@@ -1,24 +1,24 @@
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-/**\r
- * UI package for the Shibboleth IdP.\r
- * \r
- * This package contains the taglibs used in displaying the login page (and other stuff) to the user.\r
- */\r
-package edu.internet2.middleware.shibboleth.idp.ui;\r
-\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * UI package for the Shibboleth IdP.
+ * 
+ * This package contains the taglibs used in displaying the login page (and other stuff) to the user.
+ */
+package edu.internet2.middleware.shibboleth.idp.ui;
+
index a549e09..89a104d 100644 (file)
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <ehcache updateCheck="false" monitoring="off" dynamicConfig="false">
 
-    <defaultCache eternal="false" maxElementsInMemory="10000" memoryStoreEvictionPolicy="LRU"
-        overflowToDisk="false" />
+    <defaultCache eternal="false" maxElementsInMemory="10000" memoryStoreEvictionPolicy="LRU" overflowToDisk="false"/>
 
-</ehcache>
\ No newline at end of file
+</ehcache>
index 63b1d78..c1fc259 100644 (file)
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <!-- Basic configuration used until the IdP can load the real configuration -->
 <configuration>
 
@@ -11,7 +10,7 @@
   </appender>
 
   <root level="warn">
-    <appender-ref ref="STDOUT" />
+    <appender-ref ref="STDOUT"/>
   </root>
   
-</configuration>
\ No newline at end of file
+</configuration>
index 1d8cb72..18c811a 100644 (file)
@@ -1,13 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services" targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" elementFormDefault="qualified">
 
-<xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-    xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
-    elementFormDefault="qualified">
+    <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd"/>
 
-    <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
-
-    <xsd:import namespace="urn:mace:shibboleth:2.0:services"
-        schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
+    <xsd:import namespace="urn:mace:shibboleth:2.0:services" schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd"/>
 
     <xsd:annotation>
         <xsd:documentation>
@@ -20,7 +16,7 @@
             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="service:ReloadableServiceType" />
+            <xsd:extension base="service:ReloadableServiceType"/>
         </xsd:complexContent>
     </xsd:complexType>
 
@@ -30,9 +26,9 @@
         </xsd:annotation>
         <xsd:complexType>
             <xsd:sequence>
-                <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
-                <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
-                <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0" maxOccurs="unbounded" />
+                <xsd:element name="ErrorHandler" type="ErrorHandlerType"/>
+                <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded"/>
+                <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0" maxOccurs="unbounded"/>
             </xsd:sequence>
         </xsd:complexType>
     </xsd:element>
@@ -42,7 +38,7 @@
             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="RequestURIMappedProfileHandlerType" />
+            <xsd:extension base="RequestURIMappedProfileHandlerType"/>
         </xsd:complexContent>
     </xsd:complexType>
 
             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="SAML2ProfileHandler" />
+            <xsd:extension base="SAML2ProfileHandler"/>
         </xsd:complexContent>
     </xsd:complexType>
 
             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="SAMLProfileHandler" />
+            <xsd:extension base="SAMLProfileHandler"/>
         </xsd:complexContent>
     </xsd:complexType>
 
             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="SAML1ProfileHandler" />
+            <xsd:extension base="SAML1ProfileHandler"/>
         </xsd:complexContent>
     </xsd:complexType>
 
             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="SAMLProfileHandler" />
+            <xsd:extension base="SAMLProfileHandler"/>
         </xsd:complexContent>
     </xsd:complexType>
 
                         </xsd:documentation>
                     </xsd:annotation>
                     <xsd:simpleType>
-                        <xsd:list itemType="xsd:anyURI" />
+                        <xsd:list itemType="xsd:anyURI"/>
                     </xsd:simpleType>
                 </xsd:attribute>
             </xsd:extension>
             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="ShibbolethProfileHandlerType" />
+            <xsd:extension base="ShibbolethProfileHandlerType"/>
         </xsd:complexContent>
     </xsd:complexType>
 
         </xsd:attribute>
     </xsd:complexType>
 
-</xsd:schema>
\ No newline at end of file
+</xsd:schema>
index 2c214e9..c1973d2 100644 (file)
@@ -1,7 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
 
     <display-name>Shibboleth Identity Provider</display-name>
 
     <!-- <login-config> <auth-method>FORM</auth-method> <realm-name>IdP Password Authentication</realm-name> <form-login-config> 
         <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-error.jsp</form-error-page> </form-login-config> </login-config> -->
 
-</web-app>
\ No newline at end of file
+</web-app>
index 1cc1b3c..665ac25 100644 (file)
@@ -1,37 +1,37 @@
-/*\r
- * Licensed to the University Corporation for Advanced Internet Development, Inc.\r
- * under one or more contributor license agreements.  See the NOTICE file\r
- * distributed with this work for additional information regarding\r
- * copyright ownership. The ASF licenses this file to You under the Apache \r
- * License, Version 2.0 (the "License"); you may not use this file except in \r
- * compliance with the License.  You may obtain a copy of the License at\r
- *\r
- *    http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-package edu.internet2.middleware.shibboleth.idp;\r
-\r
-import org.opensaml.DefaultBootstrap;\r
-import org.opensaml.xml.ConfigurationException;\r
-\r
-/**\r
- * Extension to the SAML test bootstrap process which sets up configuration for testing purposes.\r
- */\r
-public class ShibTestBootstrap extends DefaultBootstrap {\r
-\r
-    /** List of XMLTooling configuration files with test configuration. */\r
-    private static String[] testConfigs = { "/shibboleth-saml-ext-config.xml", };\r
-\r
-    /** {@inheritDoc} */\r
-    public static synchronized void bootstrap() throws ConfigurationException {\r
-        DefaultBootstrap.bootstrap();\r
-\r
-        initializeXMLTooling(testConfigs);\r
-    }\r
+/*
+ * Licensed to the University Corporation for Advanced Internet Development, Inc.
+ * under one or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
+ * License, Version 2.0 (the "License"); you may not use this file except in 
+ * compliance with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp;
+
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.ConfigurationException;
+
+/**
+ * Extension to the SAML test bootstrap process which sets up configuration for testing purposes.
+ */
+public class ShibTestBootstrap extends DefaultBootstrap {
+
+    /** List of XMLTooling configuration files with test configuration. */
+    private static String[] testConfigs = { "/shibboleth-saml-ext-config.xml", };
+
+    /** {@inheritDoc} */
+    public static synchronized void bootstrap() throws ConfigurationException {
+        DefaultBootstrap.bootstrap();
+
+        initializeXMLTooling(testConfigs);
+    }
 }
\ No newline at end of file
index d3752f4..9e75f87 100644 (file)
@@ -1,23 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
-<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp"
-                            xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
-                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                            xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
-                                                urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd
-                                                urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
+<AttributeFilterPolicyGroup xmlns="urn:mace:shibboleth:2.0:afp" xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="ShibbolethFilterPolicy" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd                                                 urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd                                                 urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
 
     <AttributeFilterPolicy id="releaseToAnyone">
-        <PolicyRequirementRule xsi:type="basic:ANY" />
+        <PolicyRequirementRule xsi:type="basic:ANY"/>
         
         <AttributeRule attributeID="principalName">
-            <PermitValueRule xsi:type="basic:ANY" />
+            <PermitValueRule xsi:type="basic:ANY"/>
         </AttributeRule>
         
         <AttributeRule attributeID="eduPersonEntitlement">
-            <PermitValueRule xsi:type="basic:ANY" />
+            <PermitValueRule xsi:type="basic:ANY"/>
         </AttributeRule>
         
     </AttributeFilterPolicy>
     
-</AttributeFilterPolicyGroup>
\ No newline at end of file
+</AttributeFilterPolicyGroup>
index 1b8fb4d..28cadd6 100644 (file)
@@ -1,38 +1,23 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
-<AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
-                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
-                   xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
-                   xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security"
-                   xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
-                                       urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
-                                       urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
-                                       urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
-                                       urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
-                                       urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
+<AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd                                        urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd                                        urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd                                        urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd                                        urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
 
     <!-- ========================================== -->
     <!--      Attribute Definitions                 -->
     <!-- ========================================== -->
     
     <!-- Release the Principal as an attribute and encode it as the SAML 1 and 2 name IDs -->
-    <resolver:AttributeDefinition id="principalName" xsi:type="PrincipalName" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
-        <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-                                   nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+    <resolver:AttributeDefinition xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="principalName" xsi:type="PrincipalName">
+        <resolver:AttributeEncoder xmlns="urn:mace:shibboleth:2.0:attribute:encoder" xsi:type="SAML1StringNameIdentifier" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
 
-        <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-                                   nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+        <resolver:AttributeEncoder xmlns="urn:mace:shibboleth:2.0:attribute:encoder" xsi:type="SAML2StringNameID" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
     </resolver:AttributeDefinition>
     
-    <resolver:AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="eduPersonEntitlement">
-        <resolver:Dependency ref="staticAttributes" />
+    <resolver:AttributeDefinition xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="eduPersonEntitlement" xsi:type="Simple" sourceAttributeID="eduPersonEntitlement">
+        <resolver:Dependency ref="staticAttributes"/>
 
-        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
+        <resolver:AttributeEncoder xmlns="urn:mace:shibboleth:2.0:attribute:encoder" xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement"/>
 
-        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
+        <resolver:AttributeEncoder xmlns="urn:mace:shibboleth:2.0:attribute:encoder" xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement"/>
     </resolver:AttributeDefinition>
     
     
@@ -41,7 +26,7 @@
     <!-- ========================================== -->
     
     <!-- Example Static Connector -->
-    <resolver:DataConnector id="staticAttributes" xsi:type="Static" xmlns="urn:mace:shibboleth:2.0:resolver:dc">
+    <resolver:DataConnector xmlns="urn:mace:shibboleth:2.0:resolver:dc" id="staticAttributes" xsi:type="Static">
         <Attribute id="eduPersonAffiliation">
             <Value>member</Value>
         </Attribute>
@@ -54,8 +39,6 @@
     <!-- ========================================== -->
     <!--      Principal Connectors                  -->
     <!-- ========================================== -->
-    <resolver:PrincipalConnector xsi:type="Direct" xmlns="urn:mace:shibboleth:2.0:resolver:pc"
-                                 id="samlUnspecDirect"
-                                 nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+    <resolver:PrincipalConnector xmlns="urn:mace:shibboleth:2.0:resolver:pc" xsi:type="Direct" id="samlUnspecDirect" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
 
-</AttributeResolver>
\ No newline at end of file
+</AttributeResolver>
index b4c722d..d1e2000 100644 (file)
@@ -1,57 +1,37 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
 
-<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler"
-                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                     xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
-
-    <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />
+    <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp"/>
 
     <ProfileHandler xsi:type="Status">
         <RequestPath>/status</RequestPath>
     </ProfileHandler>
 
-    <ProfileHandler xsi:type="ShibbolethSSO"
-                    inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post 
-                                                urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
+    <ProfileHandler xsi:type="ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post                                                  urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
         <RequestPath>/shibboleth/SSO</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML1AttributeQuery" 
-                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+    <ProfileHandler xsi:type="SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
         <RequestPath>/saml1/SOAP/AttributeQuery</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML1ArtifactResolution" 
-                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+    <ProfileHandler xsi:type="SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
         <RequestPath>/saml1/SOAP/ArtifactResolution</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML2SSO" 
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ProfileHandler xsi:type="SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <RequestPath>/saml2/POST/SSO</RequestPath>
     </ProfileHandler>
 
-    <ProfileHandler xsi:type="SAML2SSO" 
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ProfileHandler xsi:type="SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <RequestPath>/saml2/Redirect/SSO</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML2AttributeQuery"
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ProfileHandler xsi:type="SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <RequestPath>/saml2/SOAP/AttributeQuery</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML2ArtifactResolution" 
-                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ProfileHandler xsi:type="SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <RequestPath>/saml2/SOAP/ArtifactResolution</RequestPath>
     </ProfileHandler>
     
@@ -59,9 +39,8 @@
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
     </LoginHandler>
     
-    <LoginHandler xsi:type="UsernamePassword" 
-                           jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
+    <LoginHandler xsi:type="UsernamePassword" jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
     </LoginHandler>
 
-</ProfileHandlerGroup>
\ No newline at end of file
+</ProfileHandlerGroup>
index 7db0dc1..2098076 100644 (file)
@@ -1,30 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd                            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
 
     <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
-        <constructor-arg value="true" type="boolean" />
+        <constructor-arg value="true" type="boolean"/>
     </bean>
     
     <!-- Nothing ever checks the type of this object and the logging config is loaded from the classpath for the test suite. -->
-    <bean id="shibboleth.LogbackLogging" class="java.lang.Object" depends-on="shibboleth.TaskTimer" />
+    <bean id="shibboleth.LogbackLogging" class="java.lang.Object" depends-on="shibboleth.TaskTimer"/>
     
     <!-- Spring configuration file that bootstraps OpenSAML -->
     <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean" depends-on="shibboleth.LogbackLogging">
         <constructor-arg>
             <list>
                 <bean id="shibMetadataExtensions" class="org.opensaml.util.resource.ClasspathResource">
-                    <constructor-arg value="/shibboleth-saml-ext-config.xml" />
+                    <constructor-arg value="/shibboleth-saml-ext-config.xml"/>
                 </bean>
             </list>
         </constructor-arg>
     </bean>
 
     <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg value="SHA1PRNG" />
+        <constructor-arg value="SHA1PRNG"/>
     </bean>
 
     <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" depends-on="shibboleth.LogbackLogging">
         </property>
     </bean>
 
-    <bean id="shibboleth.TemplateEngine"
-        class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine"
-        depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.VelocityEngine" />
+    <bean id="shibboleth.TemplateEngine" class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine" depends-on="shibboleth.LogbackLogging">
+        <constructor-arg ref="shibboleth.VelocityEngine"/>
     </bean>
 
     <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool" depends-on="shibboleth.LogbackLogging">
-        <property name="maxPoolSize" value="100" />
-        <property name="createBuildersAtPoolLimit" value="true" />
-        <property name="coalescing" value="true" />
-        <property name="ignoreComments" value="true" />
-        <property name="ignoreElementContentWhitespace" value="true" />
-        <property name="namespaceAware" value="true" />
+        <property name="maxPoolSize" value="100"/>
+        <property name="createBuildersAtPoolLimit" value="true"/>
+        <property name="coalescing" value="true"/>
+        <property name="ignoreComments" value="true"/>
+        <property name="ignoreElementContentWhitespace" value="true"/>
+        <property name="namespaceAware" value="true"/>
         <property name="builderAttributes">
             <map>
                 <entry>
                     <key>
                         <value>http://apache.org/xml/properties/security-manager</value>
                     </key>
-                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager" />
+                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager"/>
                 </entry>
             </map>
         </property>
         </property>
     </bean>
 
-    <bean id="shibboleth.StorageService" class="edu.internet2.middleware.shibboleth.common.util.EventingMapBasedStorageService" depends-on="shibboleth.LogbackLogging" />
+    <bean id="shibboleth.StorageService" class="edu.internet2.middleware.shibboleth.common.util.EventingMapBasedStorageService" depends-on="shibboleth.LogbackLogging"/>
 
     <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.TaskTimer" />
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg value="600000" type="long" />
+        <constructor-arg ref="shibboleth.TaskTimer"/>
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg value="600000" type="long"/>
     </bean>
 
-    <bean id="shibboleth.SessionManager"
-          class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl"
-          depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg value="1800000" type="long" />
+    <bean id="shibboleth.SessionManager" class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl" depends-on="shibboleth.LogbackLogging">
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg value="1800000" type="long"/>
     </bean>
 
     <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.ParserPool" />
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg type="long" value="300000" />
+        <constructor-arg ref="shibboleth.ParserPool"/>
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg type="long" value="300000"/>
     </bean>
     
     <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache" depends-on="shibboleth.LogbackLogging">
-        <constructor-arg ref="shibboleth.StorageService" />
-        <constructor-arg type="long" value="300000" />
+        <constructor-arg ref="shibboleth.StorageService"/>
+        <constructor-arg type="long" value="300000"/>
     </bean>
 
     <util:map id="shibboleth.MessageDecoders">
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostSimpleSignDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostDecoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
             </key>
-            <bean id="shibboleth.SAML2HttpRedirectDecoder"
-                class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+            <bean id="shibboleth.SAML2HttpRedirectDecoder" class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder">
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
             </key>
-            <bean id="shibboleth.SAML2HttpSoap11Decoder"
-                class="org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder">
-                <constructor-arg ref="shibboleth.ParserPool" />
+            <bean id="shibboleth.SAML2HttpSoap11Decoder" class="org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder">
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
             </key>
             <bean id="shibboleth.SAML1HttpPostDecoder" class="org.opensaml.saml1.binding.decoding.HTTPPostDecoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
-                <constructor-arg ref="shibboleth.ParserPool" />
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
             </key>
-            <bean id="shibboleth.SAML1HttpSoap11Decoder"
-                class="org.opensaml.saml1.binding.decoding.HTTPSOAP11Decoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
-                <constructor-arg ref="shibboleth.ParserPool" />
+            <bean id="shibboleth.SAML1HttpSoap11Decoder" class="org.opensaml.saml1.binding.decoding.HTTPSOAP11Decoder">
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
+                <constructor-arg ref="shibboleth.ParserPool"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:mace:shibboleth:1.0:profiles:AuthnRequest</value>
             </key>
-            <bean id="shibboleth.ShibbolethSSODecoder"
-                class="edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder">
+            <bean id="shibboleth.ShibbolethSSODecoder" class="edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder">
             </bean>
         </entry>
     </util:map>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostSimpleSignEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder">
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml2-post-simplesign-binding.vm" />
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml2-post-simplesign-binding.vm"/>
             </bean>
         </entry>
         <entry>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
             </key>
             <bean id="shibboleth.SAML2HttpPostEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostEncoder">
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml2-post-binding.vm" />
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml2-post-binding.vm"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
             </key>
-            <bean id="shibboleth.SAML2HttpRedirectEncoder"
-                class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder" />
+            <bean id="shibboleth.SAML2HttpRedirectEncoder" class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder"/>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact</value>
             </key>
-            <bean id="shibboleth.SAML2HTTPArtifactEncoder"
-                class="org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml2-post-artifact-binding.vm" />
+            <bean id="shibboleth.SAML2HTTPArtifactEncoder" class="org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder">
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml2-post-artifact-binding.vm"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
             </key>
-            <bean id="shibboleth.SAML2HttpSoap11Encoder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder" />
+            <bean id="shibboleth.SAML2HttpSoap11Encoder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder"/>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
             </key>
             <bean id="shibboleth.SAML1HttpPostEncoder" class="org.opensaml.saml1.binding.encoding.HTTPPostEncoder">
-                <constructor-arg ref="shibboleth.VelocityEngine" />
-                <constructor-arg value="/templates/saml1-post-binding.vm" />
+                <constructor-arg ref="shibboleth.VelocityEngine"/>
+                <constructor-arg value="/templates/saml1-post-binding.vm"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:profiles:artifact-01</value>
             </key>
-            <bean id="shibboleth.SAML1HttpArtifactEncoder"
-                class="org.opensaml.saml1.binding.encoding.HTTPArtifactEncoder">
-                <constructor-arg ref="shibboleth.ArtifactMap" />
+            <bean id="shibboleth.SAML1HttpArtifactEncoder" class="org.opensaml.saml1.binding.encoding.HTTPArtifactEncoder">
+                <constructor-arg ref="shibboleth.ArtifactMap"/>
             </bean>
         </entry>
         <entry>
             <key>
                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
             </key>
-            <bean id="shibboleth.SAML1HttpSoap11EncoderBuilder"
-                class="org.opensaml.saml1.binding.encoding.HTTPSOAP11Encoder" />
+            <bean id="shibboleth.SAML1HttpSoap11EncoderBuilder" class="org.opensaml.saml1.binding.encoding.HTTPSOAP11Encoder"/>
         </entry>
     </util:map>
 
-    <bean id="shibboleth.ServletAttributeExporter"
-          class="edu.internet2.middleware.shibboleth.common.config.service.ServletContextAttributeExporter" 
-          depends-on="shibboleth.LogbackLogging"
-          init-method="initialize" >
+    <bean id="shibboleth.ServletAttributeExporter" class="edu.internet2.middleware.shibboleth.common.config.service.ServletContextAttributeExporter" depends-on="shibboleth.LogbackLogging" init-method="initialize">
         <constructor-arg>
            <list>
                <value>shibboleth.SessionManager</value>
         </constructor-arg>
     </bean>
 
-</beans>
\ No newline at end of file
+</beans>
index a3fd33d..1a90bbe 100644 (file)
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <!--
     This file is an EXAMPLE configuration file.
 
@@ -7,73 +6,31 @@
     particular relying party should be signed.  It also includes metadata provider and credential definitions used 
     when answering requests to a relying party.
 -->
-
-<RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
-                   xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
-                   xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
-                   xmlns:resource="urn:mace:shibboleth:2.0:resource"
-                   xmlns:security="urn:mace:shibboleth:2.0:security"
-                   xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
-                   xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata"
-                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                   xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
-                                       urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
-                                       urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
-                                       urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd
-                                       urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
-                                       urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
-                                       urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
+<RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml" xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml" xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd                                        urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd                                        urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd                                        urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd                                        urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
                                        
     <!-- ========================================== -->
     <!--      Relying Party Configurations          -->
     <!-- ========================================== -->
-    <AnonymousRelyingParty provider="urn:example.org:idp1" />
+    <AnonymousRelyingParty provider="urn:example.org:idp1"/>
     
-    <DefaultRelyingParty provider="urn:example.org:idp1"
-                         defaultSigningCredentialRef="IdPCredential">
+    <DefaultRelyingParty provider="urn:example.org:idp1" defaultSigningCredentialRef="IdPCredential">
         <!-- 
             Each attribute in these profiles configuration is set to its default value,
             that is, the values that would be in effect if those attributes were not present.
             We list them here so that people are aware of them (since they seem reluctant to 
             read the documentation).
         -->
-        <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" 
-                              includeAttributeStatement="false"
-                              assertionLifetime="300000"
-                              signResponses="conditional"
-                              signAssertions="never" />
+        <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" assertionLifetime="300000" signResponses="conditional" signAssertions="never"/>
                               
-        <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
-                              assertionLifetime="300000"
-                              signResponses="conditional"
-                              signAssertions="never" />
+        <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="300000" signResponses="conditional" signAssertions="never"/>
         
-        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
-                              signResponses="conditional"
-                              signAssertions="never" />
+        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" signAssertions="never"/>
         
-        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" 
-                              includeAttributeStatement="true"
-                              assertionLifetime="300000"
-                              assertionProxyCount="0" 
-                              signResponses="conditional"
-                              signAssertions="never" 
-                              encryptAssertions="never"
-                              encryptNameIds="never" />
+        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" assertionLifetime="300000" assertionProxyCount="0" signResponses="conditional" signAssertions="never" encryptAssertions="never" encryptNameIds="never"/>
         
-        <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
-                              assertionLifetime="300000"
-                              assertionProxyCount="0" 
-                              signResponses="conditional"
-                              signAssertions="never"
-                              encryptAssertions="never"
-                              encryptNameIds="never" />
+        <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" assertionLifetime="300000" assertionProxyCount="0" signResponses="conditional" signAssertions="never" encryptAssertions="never" encryptNameIds="never"/>
         
-        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
-                              signResponses="conditional"
-                              signAssertions="never"
-                              encryptAssertions="never"
-                              encryptNameIds="never"/>
+        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" signResponses="conditional" signAssertions="never" encryptAssertions="never" encryptNameIds="never"/>
         
     </DefaultRelyingParty>
         
     <!--      Metadata Configuration                -->
     <!-- ========================================== -->
     <!-- MetadataProvider the combining other MetadataProviders -->
-    <MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
+    <MetadataProvider xmlns="urn:mace:shibboleth:2.0:metadata" id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider">
     
-        <MetadataProvider id="InlineMD" xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
-            <EntitiesDescriptor Name="urn:example.org" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+        <MetadataProvider id="InlineMD" xsi:type="InlineMetadataProvider">
+            <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" Name="urn:example.org">
                 <EntityDescriptor entityID="urn:example.org:idp1">
                     <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
                         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
                         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://example.org/myIdP"/>
-                        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/myIdP" />
+                        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/myIdP"/>
                     </IDPSSODescriptor>
                     <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
                         <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://example.org/myIdP"/>
                         <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
                         <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://example.org/mySP" index="0"/>
                         <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://example.org/mySP" index="0"/>
-                        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/mySP" index="0" />
-                        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.org/mySP" index="0" />
+                        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/mySP" index="0"/>
+                        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.org/mySP" index="0"/>
                     </SPSSODescriptor>
                 </EntityDescriptor>
             </EntitiesDescriptor>
@@ -187,17 +144,13 @@ XgzhuIUs3/APMhrOA5PehradspPhnYA0TZKxHISiyp2gFMQkPunm+tUfRw==
         engines and so you'll see some rules that reference the declared trust engines.
     -->
     <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining">
-        <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
-                              metadataProviderRef="ShibbolethMetadata" />                              
-        <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature"
-                              metadataProviderRef="ShibbolethMetadata" />
+        <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature" metadataProviderRef="ShibbolethMetadata"/>                              
+        <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature" metadataProviderRef="ShibbolethMetadata"/>
     </security:TrustEngine>
     
     <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
-        <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey"
-                              metadataProviderRef="ShibbolethMetadata" />
-        <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential"
-                              metadataProviderRef="ShibbolethMetadata" />
+        <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey" metadataProviderRef="ShibbolethMetadata"/>
+        <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential" metadataProviderRef="ShibbolethMetadata"/>
     </security:TrustEngine>
      
     <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
@@ -208,16 +161,16 @@ XgzhuIUs3/APMhrOA5PehradspPhnYA0TZKxHISiyp2gFMQkPunm+tUfRw==
     <security:SecurityPolicy id="shibboleth.SAML1AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
     
     <security:SecurityPolicy id="shibboleth.SAML1ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
 
@@ -225,41 +178,41 @@ XgzhuIUs3/APMhrOA5PehradspPhnYA0TZKxHISiyp2gFMQkPunm+tUfRw==
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
         <security:Rule xsi:type="samlsec:SAML2AuthnRequestsSigned"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
 
     <security:SecurityPolicy id="shibboleth.SAML2AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
     
     <security:SecurityPolicy id="shibboleth.SAML2ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
     
     <security:SecurityPolicy id="shibboleth.SAML2SLOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
+        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>
     
-</RelyingPartyGroup>
\ No newline at end of file
+</RelyingPartyGroup>
index 3411d15..646ea85 100644 (file)
@@ -1,64 +1,30 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
-<Services xmlns="urn:mace:shibboleth:2.0:services"
-          xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp"
-          xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority"
-          xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver"
-          xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler"
-          xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
-          xmlns:resource="urn:mace:shibboleth:2.0:resource" 
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xsi:schemaLocation="urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd
-                              urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
-                              urn:mace:shibboleth:2.0:attribute:authority classpath:/schema/shibboleth-2.0-attribute-authority.xsd
-                              urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
-                              urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
-                              urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
-                              urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
+<Services xmlns="urn:mace:shibboleth:2.0:services" xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp" xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority" xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver" xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd                               urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd                               urn:mace:shibboleth:2.0:attribute:authority classpath:/schema/shibboleth-2.0-attribute-authority.xsd                               urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd                               urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd                               urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd                               urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
                               
-    <Service id="shibboleth.AttributeResolver"
-             xsi:type="attribute-resolver:ShibbolethAttributeResolver">
-        <ConfigurationResource file="/data/conf1/attribute-resolver.xml" xsi:type="resource:ClasspathResource" />
+    <Service id="shibboleth.AttributeResolver" xsi:type="attribute-resolver:ShibbolethAttributeResolver">
+        <ConfigurationResource file="/data/conf1/attribute-resolver.xml" xsi:type="resource:ClasspathResource"/>
     </Service>
 
-    <Service id="shibboleth.AttributeFilterEngine"
-             xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
-        <ConfigurationResource file="/data/conf1/attribute-filter.xml" xsi:type="resource:ClasspathResource" />
+    <Service id="shibboleth.AttributeFilterEngine" xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
+        <ConfigurationResource file="/data/conf1/attribute-filter.xml" xsi:type="resource:ClasspathResource"/>
     </Service>
     
-    <Service id="shibboleth.SAML1AttributeAuthority"
-             xsi:type="attribute-authority:SAML1AttributeAuthority"
-             depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine"
-             resolver="shibboleth.AttributeResolver"
-             filter="shibboleth.AttributeFilterEngine" />
+    <Service id="shibboleth.SAML1AttributeAuthority" xsi:type="attribute-authority:SAML1AttributeAuthority" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
              
-    <Service id="shibboleth.SAML2AttributeAuthority"
-             xsi:type="attribute-authority:SAML2AttributeAuthority"
-             depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine"
-             resolver="shibboleth.AttributeResolver"
-             filter="shibboleth.AttributeFilterEngine" />
+    <Service id="shibboleth.SAML2AttributeAuthority" xsi:type="attribute-authority:SAML2AttributeAuthority" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
 
-    <Service id="shibboleth.RelyingPartyConfigurationManager"
-             xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager"
-             depends-on="shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority">
-        <ConfigurationResource file="/data/conf1/relying-party.xml" xsi:type="resource:ClasspathResource" />
+    <Service id="shibboleth.RelyingPartyConfigurationManager" xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager" depends-on="shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority">
+        <ConfigurationResource file="/data/conf1/relying-party.xml" xsi:type="resource:ClasspathResource"/>
     </Service>
 
-    <Service id="shibboleth.HandlerManager"
-             depends-on="shibboleth.RelyingPartyConfigurationManager"
-             xsi:type="profile:IdPProfileHandlerManager">
-        <ConfigurationResource file="/data/conf1/handler.xml" xsi:type="resource:ClasspathResource" />
+    <Service id="shibboleth.HandlerManager" depends-on="shibboleth.RelyingPartyConfigurationManager" xsi:type="profile:IdPProfileHandlerManager">
+        <ConfigurationResource file="/data/conf1/handler.xml" xsi:type="resource:ClasspathResource"/>
     </Service>
     
     <!-- 
         A special service that exports all services upon which it depends into the ServletContext as an attribute 
         with the same name as the service's ID.
     -->
-    <Service id="shibboleth.ServiceServletContextAttributeExporter"
-             depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine
-                         shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority 
-                         shibboleth.RelyingPartyConfigurationManager shibboleth.HandlerManager
-                         shibboleth.StorageService"
-             xsi:type="ServletContextAttributeExporter" />
+    <Service id="shibboleth.ServiceServletContextAttributeExporter" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine                          shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority                           shibboleth.RelyingPartyConfigurationManager shibboleth.HandlerManager                          shibboleth.StorageService" xsi:type="ServletContextAttributeExporter"/>
 
-</Services>
\ No newline at end of file
+</Services>
index 061191b..206d767 100644 (file)
@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <configuration>
 
-    <logger name="edu.internet2.middleware.shibboleth" level="DEBUG" />
+    <logger name="edu.internet2.middleware.shibboleth" level="DEBUG"/>
 
-    <logger name="org.opensaml" level="WARN" />
+    <logger name="org.opensaml" level="WARN"/>
 
     <!--
         <logger name="PROTOCOL_MESSAGE" level="DEBUG" />
@@ -17,8 +16,8 @@
         </encoder>
     </appender>
 
-    <root level="WARN" >
-        <appender-ref ref="STDOUT" />
+    <root level="WARN">
+        <appender-ref ref="STDOUT"/>
     </root>
 
-</configuration>
\ No newline at end of file
+</configuration>
index ca8c830..4f6866c 100755 (executable)
@@ -1,49 +1,49 @@
-@echo off\r
-setlocal\r
-\r
-REM We need a JVM\r
-if not defined JAVA_HOME  (\r
-  echo Error: JAVA_HOME is not defined.\r
-  exit /b\r
-)\r
-\r
-if not defined JAVACMD (\r
-  set JAVACMD="%JAVA_HOME%\bin\java.exe"\r
-)\r
-\r
-if not exist %JAVACMD% (\r
-  echo Error: JAVA_HOME is not defined correctly.\r
-  echo Cannot execute %JAVACMD%\r
-  exit /b\r
-)\r
-\r
-if defined CLASSPATH (\r
-  set LOCALCLASSPATH=%CLASSPATH%\r
-)\r
-\r
-if not defined IDP_HOME  (\r
-  echo Error: IDP_HOME is not defined.\r
-  exit /b\r
-)\r
-\r
-if not exist "%IDP_HOME%" (\r
-  echo Error: IDP_HOME is not defined correctly.\r
-  exit /b\r
-)\r
-\r
-REM add in the dependency .jar files \r
-for %%i in ("%IDP_HOME%\lib\*.jar") do (\r
-       call "%IDP_HOME%\bin\cpappend.bat" %%i\r
-)\r
-\r
-if exist %JAVA_HOME%\lib\tools.jar (\r
-    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\tools.jar\r
-)\r
-\r
-if exist %JAVA_HOME%\lib\classes.zip (\r
-    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\classes.zip\r
-)\r
-\r
-REM Go to it !\r
-\r
+@echo off
+setlocal
+
+REM We need a JVM
+if not defined JAVA_HOME  (
+  echo Error: JAVA_HOME is not defined.
+  exit /b
+)
+
+if not defined JAVACMD (
+  set JAVACMD="%JAVA_HOME%\bin\java.exe"
+)
+
+if not exist %JAVACMD% (
+  echo Error: JAVA_HOME is not defined correctly.
+  echo Cannot execute %JAVACMD%
+  exit /b
+)
+
+if defined CLASSPATH (
+  set LOCALCLASSPATH=%CLASSPATH%
+)
+
+if not defined IDP_HOME  (
+  echo Error: IDP_HOME is not defined.
+  exit /b
+)
+
+if not exist "%IDP_HOME%" (
+  echo Error: IDP_HOME is not defined correctly.
+  exit /b
+)
+
+REM add in the dependency .jar files 
+for %%i in ("%IDP_HOME%\lib\*.jar") do (
+       call "%IDP_HOME%\bin\cpappend.bat" %%i
+)
+
+if exist %JAVA_HOME%\lib\tools.jar (
+    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\tools.jar
+)
+
+if exist %JAVA_HOME%\lib\classes.zip (
+    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\classes.zip
+)
+
+REM Go to it !
+
 %JAVACMD% -cp "%LOCALCLASSPATH%" -Djava.endorsed.dirs="%~dp0/../lib/endorsed" edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI %*
\ No newline at end of file
index 5e7ef33..bafe139 100755 (executable)
@@ -1,17 +1,17 @@
-rem ---------------------------------------------------------------------------\r
-rem Append to CLASSPATH\r
-rem ---------------------------------------------------------------------------\r
-\r
-rem Process the first argument\r
-if ""%1"" == """" goto end\r
-set LOCALCLASSPATH=%LOCALCLASSPATH%;%1\r
-shift\r
-\r
-rem Process the remaining arguments\r
-:setArgs\r
-if ""%1"" == """" goto doneSetArgs\r
-set LOCALCLASSPATH=%LOCALCLASSPATH% %1\r
-shift\r
-goto setArgs\r
-:doneSetArgs\r
-:end\r
+rem ---------------------------------------------------------------------------
+rem Append to CLASSPATH
+rem ---------------------------------------------------------------------------
+
+rem Process the first argument
+if ""%1"" == """" goto end
+set LOCALCLASSPATH=%LOCALCLASSPATH%;%1
+shift
+
+rem Process the remaining arguments
+:setArgs
+if ""%1"" == """" goto doneSetArgs
+set LOCALCLASSPATH=%LOCALCLASSPATH% %1
+shift
+goto setArgs
+:doneSetArgs
+:end
index 162dfa3..0469919 100755 (executable)
@@ -1,44 +1,44 @@
-@echo off\r
-setlocal\r
-\r
-REM We need a JVM\r
-if not defined JAVA_HOME  (\r
-  echo Error: JAVA_HOME is not defined.\r
-  exit /b\r
-)\r
-\r
-if not defined JAVACMD (\r
-  set JAVACMD="%JAVA_HOME%\bin\java.exe"\r
-)\r
-\r
-if not exist %JAVACMD% (\r
-  echo Error: JAVA_HOME is not defined correctly.\r
-  echo Cannot execute %JAVACMD%\r
-  exit /b\r
-)\r
-\r
-if defined CLASSPATH (\r
-  set LOCALCLASSPATH=%CLASSPATH%\r
-)\r
-\r
-if not exist "%IDP_HOME%" (\r
-  echo Error: IDP_HOME is not defined correctly.\r
-  exit /b\r
-)\r
-\r
-REM add in the dependency .jar files \r
-for %%i in ("%IDP_HOME%\lib\*.jar") do (\r
-    call "%IDP_HOME%\bin\cpappend.bat" %%i\r
-)\r
-\r
-if exist %JAVA_HOME%\lib\tools.jar (\r
-    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\tools.jar\r
-)\r
-\r
-if exist %JAVA_HOME%\lib\classes.zip (\r
-    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\classes.zip\r
-)\r
-\r
-REM Go to it !\r
-\r
-%JAVACMD% -cp "%LOCALCLASSPATH%" edu.internet2.middleware.shibboleth.idp.Version\r
+@echo off
+setlocal
+
+REM We need a JVM
+if not defined JAVA_HOME  (
+  echo Error: JAVA_HOME is not defined.
+  exit /b
+)
+
+if not defined JAVACMD (
+  set JAVACMD="%JAVA_HOME%\bin\java.exe"
+)
+
+if not exist %JAVACMD% (
+  echo Error: JAVA_HOME is not defined correctly.
+  echo Cannot execute %JAVACMD%
+  exit /b
+)
+
+if defined CLASSPATH (
+  set LOCALCLASSPATH=%CLASSPATH%
+)
+
+if not exist "%IDP_HOME%" (
+  echo Error: IDP_HOME is not defined correctly.
+  exit /b
+)
+
+REM add in the dependency .jar files 
+for %%i in ("%IDP_HOME%\lib\*.jar") do (
+    call "%IDP_HOME%\bin\cpappend.bat" %%i
+)
+
+if exist %JAVA_HOME%\lib\tools.jar (
+    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\tools.jar
+)
+
+if exist %JAVA_HOME%\lib\classes.zip (
+    set LOCALCLASSPATH=%LOCALCLASSPATH%;%JAVA_HOME%\lib\classes.zip
+)
+
+REM Go to it !
+
+%JAVACMD% -cp "%LOCALCLASSPATH%" edu.internet2.middleware.shibboleth.idp.Version