Merge remote branch 'tags/2.3.4' master v2.3.4
authorTamas Frank <sitya@niif.hu>
Thu, 27 Oct 2011 18:08:54 +0000 (20:08 +0200)
committerTamas Frank <sitya@niif.hu>
Thu, 27 Oct 2011 18:08:54 +0000 (20:08 +0200)
Conflicts:
pom.xml
src/installer/resources/conf-tmpl/handler.xml
src/installer/resources/conf-tmpl/relying-party.xml

1  2 
pom.xml
src/installer/resources/conf-tmpl/handler.xml
src/installer/resources/conf-tmpl/relying-party.xml
src/installer/resources/metadata-tmpl/idp-metadata.xml
src/main/resources/schema/shibboleth-2.0-idp-profile-handler.xsd

diff --cc pom.xml
+++ b/pom.xml
                  </exclusion>
              </exclusions>
          </dependency>
-     </dependencies>
  
+         <!-- Managed Dependencies -->
+         <dependency>
+             <groupId>javax.servlet</groupId>
+             <artifactId>servlet-api</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>javax.servlet.jsp</groupId>
+             <artifactId>jsp-api</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xerces.groupId}</groupId>
+             <artifactId>xml-apis</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xerces.groupId}</groupId>
+             <artifactId>xercesImpl</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xerces.groupId}</groupId>
+             <artifactId>serializer</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>xml-resolver</groupId>
+             <artifactId>xml-resolver</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xalan.groupId}</groupId>
+             <artifactId>xalan</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>xmlunit</groupId>
+             <artifactId>xmlunit</artifactId>
+         </dependency>
+     </dependencies>
 +    <distributionManagement>
 +        <repository>
 +            <id>release</id>
 +            <url>${dist.release.url}</url>
 +        </repository>
 +        <snapshotRepository>
 +            <id>snapshot</id>
 +            <url>${dist.release.url}</url>
 +        </snapshotRepository>
 +    </distributionManagement>
  
      <build>
          <plugins>
          <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
      </ph:ProfileHandler>
  
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
 +        <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
 +        <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
 +        <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +    
-     <ph:ProfileHandler xsi:type="ph:SAML2SSO"
-                     inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
-                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
-                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
-     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
          <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
      </ph:ProfileHandler>
  
@@@ -82,9 -79,9 +97,9 @@@
      </ph:ProfileHandler>
      
      <!-- Login Handlers -->
--    <ph:LoginHandler xsi:type="ph:RemoteUser">
++    <!-- <ph:LoginHandler xsi:type="ph:RemoteUser">
          <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
--    </ph:LoginHandler>
++    </ph:LoginHandler>-->
      
      <!-- Login handler that delegates the act of authentication to an external system. -->
      <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
      </ph:LoginHandler>
      -->
      
--    <!--  Username/password login handler -->
--    <!-- 
++    <!--  Username/password login handler -->   
      <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                    jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
          <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
      </ph:LoginHandler>
--    -->
++    
      
      <!-- 
          Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
              We list them here so that people are aware of them (since they seem reluctant to 
              read the documentation).
          -->
-         <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" 
+                                  assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
                                
-         <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M" 
+                                  signResponses="conditional" signAssertions="never"/>
          
-         <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" signAssertions="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" 
+                                  signAssertions="never"/>
          
-         <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" 
+                                  assertionLifetime="PT5M" assertionProxyCount="0" 
+                                  signResponses="never" signAssertions="always" 
+                                  encryptAssertions="conditional" encryptNameIds="never"/>
  
-         <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true" 
+                                  assertionLifetime="PT5M" assertionProxyCount="0" 
+                                  signResponses="never" signAssertions="always" 
+                                  encryptAssertions="conditional" encryptNameIds="never"/>
  
-         <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="conditional" signAssertions="never" encryptAssertions="conditional" encryptNameIds="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
+                                  assertionLifetime="PT5M" assertionProxyCount="0" 
+                                  signResponses="conditional" signAssertions="never" 
+                                  encryptAssertions="conditional" encryptNameIds="never"/>
          
          <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
 -                                 signResponses="never" signAssertions="always" 
 -                                 encryptAssertions="conditional" encryptNameIds="never"/>
 +                              signResponses="never"
 +                              signAssertions="always"
 +                              encryptAssertions="conditional"
 +                              encryptNameIds="never"/>
 +
 +        <rp:ProfileConfiguration xsi:type="saml:SAML2LogoutRequestProfile"
 +                              signResponses="always"
 +                              signAssertions="never"
 +                              encryptAssertions="never"
-                               encryptNameIds="conditional" />
-         <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
++                              encryptNameIds="never"
++                            frontChannelResponseTimeout="20000"
++                              backChannelConnectionPoolTimeout="2000"
++                              backChannelConnectionTimeout="2000"
++                              backChannelResponseTimeout="5000"  />
          
      </rp:DefaultRelyingParty>
          
@@@ -71,8 -58,4 +71,4 @@@ $IDP_CERTIFICATE
          
      </AttributeAuthorityDescriptor>
      
- <<<<<<< HEAD
 -</EntityDescriptor>
 +</EntityDescriptor>    
- =======
- </EntityDescriptor>
- >>>>>>> master