Merge remote branch 'tags/2.3.4' master v2.3.4
authorTamas Frank <sitya@niif.hu>
Thu, 27 Oct 2011 18:08:54 +0000 (20:08 +0200)
committerTamas Frank <sitya@niif.hu>
Thu, 27 Oct 2011 18:08:54 +0000 (20:08 +0200)
Conflicts:
pom.xml
src/installer/resources/conf-tmpl/handler.xml
src/installer/resources/conf-tmpl/relying-party.xml

1  2 
pom.xml
src/installer/resources/conf-tmpl/handler.xml
src/installer/resources/conf-tmpl/relying-party.xml
src/installer/resources/metadata-tmpl/idp-metadata.xml
src/main/resources/schema/shibboleth-2.0-idp-profile-handler.xsd

diff --combined pom.xml
+++ b/pom.xml
@@@ -1,11 -1,18 +1,18 @@@
  <?xml version="1.0" encoding="UTF-8"?>
- <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-          
+ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
      <modelVersion>4.0.0</modelVersion>
+     <parent>
+         <groupId>net.shibboleth</groupId>
+         <artifactId>parent</artifactId>
+         <version>2</version>
+     </parent>
      <groupId>edu.internet2.middleware</groupId>
      <artifactId>shibboleth-identityprovider</artifactId>
-     <version>2.3.3</version>
+     <version>2.3.4</version>
  
      <!-- We bundle as a jar here, the installer creates the WAR -->
      <packaging>jar</packaging>
@@@ -17,9 -24,7 +24,7 @@@
      </description>
  
      <properties>
-         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-         <xerces.groupId>org.apache.xerces</xerces.groupId>
-         <xerces.version>2.10.0</xerces.version>
+         <svn.relative.location>java-shib-idp2</svn.relative.location>
      </properties>
  
      <repositories>
          <dependency>
              <groupId>edu.internet2.middleware</groupId>
              <artifactId>shibboleth-common</artifactId>
-             <version>1.3.3</version>
+             <version>1.3.4</version>
          </dependency>
  
          <!-- Provided dependencies -->
  
          <!-- Runtime dependencies -->
          <dependency>
-             <groupId>${xerces.groupId}</groupId>
-             <artifactId>xml-apis</artifactId>
-             <version>${xerces.version}</version>
-             <scope>runtime</scope>
-         </dependency>
-         <dependency>
-             <groupId>${xerces.groupId}</groupId>
-             <artifactId>xercesImpl</artifactId>
-             <version>${xerces.version}</version>
-             <scope>runtime</scope>
-         </dependency>
-         <dependency>
-             <groupId>xml-resolver</groupId>
-             <artifactId>xml-resolver</artifactId>
-             <version>1.2</version>
-             <scope>runtime</scope>
-         </dependency>
-         <dependency>
-             <groupId>xalan</groupId>
-             <artifactId>xalan</artifactId>
-             <version>2.7.1</version>
-             <scope>runtime</scope>
-         </dependency>
-         <dependency>
-             <groupId>org.apache.ant</groupId>
-             <artifactId>ant-nodeps</artifactId>
-             <version>1.7.1</version>
-             <scope>runtime</scope>
+             <groupId>org.bouncycastle</groupId>
+             <artifactId>bcprov-jdk15</artifactId>
+             <version>1.45</version>
          </dependency>
          <dependency>
              <groupId>ant-contrib</groupId>
              <scope>test</scope>
          </dependency>
          <dependency>
-             <groupId>xmlunit</groupId>
-             <artifactId>xmlunit</artifactId>
-             <version>1.0</version>
-             <scope>test</scope>
-         </dependency>
-         <dependency>
              <groupId>org.springframework</groupId>
              <artifactId>spring-test</artifactId>
              <version>2.5.6.SEC02</version>
                  </exclusion>
              </exclusions>
          </dependency>
-     </dependencies>
  
+         <!-- Managed Dependencies -->
+         <dependency>
+             <groupId>javax.servlet</groupId>
+             <artifactId>servlet-api</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>javax.servlet.jsp</groupId>
+             <artifactId>jsp-api</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xerces.groupId}</groupId>
+             <artifactId>xml-apis</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xerces.groupId}</groupId>
+             <artifactId>xercesImpl</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xerces.groupId}</groupId>
+             <artifactId>serializer</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>xml-resolver</groupId>
+             <artifactId>xml-resolver</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>${xalan.groupId}</groupId>
+             <artifactId>xalan</artifactId>
+         </dependency>
+         <dependency>
+             <groupId>xmlunit</groupId>
+             <artifactId>xmlunit</artifactId>
+         </dependency>
+     </dependencies>
 +    <distributionManagement>
 +        <repository>
 +            <id>release</id>
 +            <url>${dist.release.url}</url>
 +        </repository>
 +        <snapshotRepository>
 +            <id>snapshot</id>
 +            <url>${dist.release.url}</url>
 +        </snapshotRepository>
 +    </distributionManagement>
  
      <build>
          <plugins>
              <plugin>
                  <groupId>org.apache.maven.plugins</groupId>
-                 <artifactId>maven-compiler-plugin</artifactId>
-                 <version>2.3.2</version>
-                 <configuration>
-                     <source>1.5</source>
-                     <target>1.5</target>
-                     <debug>true</debug>
-                 </configuration>
-             </plugin>
-             <plugin>
-                 <groupId>org.apache.maven.plugins</groupId>
-                 <artifactId>maven-assembly-plugin</artifactId>
-                 <version>2.2.1</version>
-                 <configuration>
-                     <descriptors>
-                         <descriptor>src/main/assembly/bin.xml</descriptor>
-                     </descriptors>
-                     <tarLongFileMode>gnu</tarLongFileMode>
-                 </configuration>
-                 <executions>
-                     <execution>
-                         <id>make-assembly</id>
-                         <phase>package</phase>
-                         <goals>
-                             <goal>attached</goal>
-                         </goals>
-                     </execution>
-                 </executions>
-             </plugin>
-             <plugin>
-                 <groupId>org.apache.maven.plugins</groupId>
-                 <artifactId>maven-surefire-plugin</artifactId>
-                 <version>2.8</version>
-                 <configuration>
-                     <argLine>-Xmx256m</argLine>
-                 </configuration>
-             </plugin>
-             <plugin>
-                 <groupId>org.apache.maven.plugins</groupId>
                  <artifactId>maven-jar-plugin</artifactId>
                  <version>2.3.1</version>
                  <configuration>
                      </archive>
                  </configuration>
              </plugin>
          </plugins>
      </build>
  
-     <reporting>
-         <plugins>
-             <plugin>
-                 <groupId>org.apache.maven.plugins</groupId>
-                 <artifactId>maven-javadoc-plugin</artifactId>
-                 <version>2.8</version>
-                 <configuration>
-                     <links>
-                         <link>http://java.sun.com/j2se/1.5.0/docs/api/</link>
-                         <link>http://joda-time.sourceforge.net/apidocs/</link>
-                         <link>http://static.springsource.org/spring/docs/2.0.x/api/</link>
-                     </links>
-                     <quiet>true</quiet>
-                     <author>false</author>
-                     <version>true</version>
-                     <doctitle>${project.name} ${project.version} Java API.</doctitle>
-                     <windowtitle>${project.name} ${project.version} Java API.</windowtitle>
-                     <overview>src/main/java/overview.html</overview>
-                 </configuration>
-             </plugin>
-             <plugin>
-                 <groupId>org.apache.maven.plugins</groupId>
-                 <artifactId>maven-jxr-plugin</artifactId>
-                 <version>2.2</version>
-                 <configuration>
-                     <outputDirectory>${project.reporting.outputDirectory}/xref</outputDirectory>
-                     <doctitle>${project.name} ${project.version} Code Cross-Reference</doctitle>
-                     <windowtitle>${project.name} ${project.version} Java API.</windowtitle>
-                     <javadocDir>${project.reporting.outputDirectory}/apidocs</javadocDir>
-                 </configuration>
-             </plugin>
-             <plugin>
-                 <groupId>org.apache.maven.plugins</groupId>
-                 <artifactId>maven-surefire-report-plugin</artifactId>
-                 <version>2.8.1</version>
-                 <configuration>
-                     <outputDirectory>${project.reporting.outputDirectory}/unitTest</outputDirectory>
-                     <xrefLocation>${project.reporting.outputDirectory}/xref</xrefLocation>
-                 </configuration>
-             </plugin>
-         </plugins>
-     </reporting>
      <profiles>
          <profile>
              <id>release</id>
                  <plugins>
                      <plugin>
                          <groupId>org.apache.maven.plugins</groupId>
-                         <artifactId>maven-javadoc-plugin</artifactId>
-                         <version>2.8</version>
-                         <executions>
-                             <execution>
-                                 <id>release-javadoc</id>
-                                 <phase>package</phase>
-                                 <goals>
-                                     <goal>javadoc</goal>
-                                 </goals>
-                             </execution>
-                         </executions>
-                     </plugin>
-                     <plugin>
-                         <groupId>org.apache.maven.plugins</groupId>
-                         <artifactId>maven-jxr-plugin</artifactId>
-                         <version>2.2</version>
-                         <executions>
-                             <execution>
-                                 <id>release-jxr</id>
-                                 <phase>package</phase>
-                                 <goals>
-                                     <goal>jxr</goal>
-                                 </goals>
-                             </execution>
-                         </executions>
-                     </plugin>
-                     <plugin>
-                         <groupId>org.apache.maven.plugins</groupId>
-                         <artifactId>maven-surefire-report-plugin</artifactId>
-                         <version>2.9</version>
-                         <executions>
-                             <execution>
-                                 <id>release-unitTest</id>
-                                 <phase>package</phase>
-                                 <goals>
-                                     <goal>report-only</goal>
-                                 </goals>
-                             </execution>
-                         </executions>
-                     </plugin>
-                     <plugin>
-                         <groupId>org.apache.maven.plugins</groupId>
                          <artifactId>maven-assembly-plugin</artifactId>
                          <version>2.2.1</version>
-                         <executions>
-                             <execution>
-                                 <id>make-assembly</id>
-                                 <phase>package</phase>
-                                 <goals>
-                                     <goal>attached</goal>
-                                 </goals>
-                             </execution>
-                         </executions>
-                     </plugin>
-                     <plugin>
-                         <groupId>org.apache.maven.plugins</groupId>
-                         <artifactId>maven-gpg-plugin</artifactId>
-                         <version>1.3</version>
-                         <executions>
-                             <execution>
-                                 <id>sign-artifacts</id>
-                                 <phase>verify</phase>
-                                 <goals>
-                                     <goal>sign</goal>
-                                 </goals>
-                             </execution>
-                         </executions>
+                         <configuration>
+                             <descriptors>
+                                 <descriptor>src/main/assembly/bin.xml</descriptor>
+                             </descriptors>
+                         </configuration>
                      </plugin>
                  </plugins>
              </build>
          </profile>
      </profiles>
  
 +    <!-- Project Metadata -->
 +    <url>http://shibboleth.internet2.edu/</url>
 +
 +    <inceptionYear>2006</inceptionYear>
 +
 +    <licenses>
 +        <license>
 +            <name>Apache 2</name>
 +            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
 +            <distribution>repo</distribution>
 +        </license>
 +    </licenses>
 +
 +    <organization>
 +        <name>Internet2</name>
 +        <url>http://www.internet2.edu/</url>
 +    </organization>
 +
 +    <issueManagement>
 +        <system>JIRA</system>
 +        <url>http://bugs.internet2.edu/</url>
 +    </issueManagement>
 +
 +    <mailingLists>
 +        <mailingList>
 +            <name>Shibboleth Announce</name>
 +            <subscribe>http://shibboleth.internet2.edu/support.html#lists</subscribe>
 +            <unsubscribe>http://shibboleth.internet2.edu/support.html#lists</unsubscribe>
 +            <post>shibboleth-announce@internet2.edu</post>
 +            <archive>https://mail.internet2.edu/wws/arc/shibboleth-announce</archive>
 +        </mailingList>
 +        <mailingList>
 +            <name>Shibboleth Users</name>
 +            <subscribe>http://shibboleth.internet2.edu/support.html#lists</subscribe>
 +            <unsubscribe>http://shibboleth.internet2.edu/support.html#lists</unsubscribe>
 +            <post>shibboleth-users@internet2.edu</post>
 +            <archive>https://mail.internet2.edu/wws/arc/shibboleth-users</archive>
 +        </mailingList>
 +        <mailingList>
 +            <name>Shibboleth Development</name>
 +            <subscribe>http://shibboleth.internet2.edu/support.html#lists</subscribe>
 +            <unsubscribe>http://shibboleth.internet2.edu/support.html#lists</unsubscribe>
 +            <post>shibboleth-dev@internet2.edu</post>
 +            <archive>https://mail.internet2.edu/wws/arc/shibboleth-dev</archive>
 +        </mailingList>
 +    </mailingLists>
 +
 +    <scm>
 +        <connection>scm:svn:https://svn.middleware.georgetown.edu/java-idp/</connection>
 +        <developerConnection>scm:svn:https://svn.middleware.georgetown.edu/java-idp/</developerConnection>
 +        <tag>HEAD</tag>
 +        <url>http://svn.middleware.georgetown.edu/view/?root=java-idp</url>
 +    </scm>
 +
 +    <developers>
 +        <developer>
 +            <id>cantor</id>
 +            <name>Scott Cantor</name>
 +            <organization>The Ohio State University</organization>
 +            <organizationUrl>http://www.osu.edu/</organizationUrl>
 +            <roles>
 +                <role>developer</role>
 +            </roles>
 +            <timezone>-5</timezone>
 +        </developer>
 +        <developer>
 +            <id>ndk</id>
 +            <name>Nate Klingenstein</name>
 +            <organization>Internet2</organization>
 +            <organizationUrl>http://www.internet2.edu/</organizationUrl>
 +            <roles>
 +                <role>documentation</role>
 +            </roles>
 +            <timezone>-7</timezone>
 +        </developer>
 +        <developer>
 +            <id>lajoie</id>
 +            <name>Chad La Joie</name>
 +            <organization>Itumi, LLC</organization>
 +            <organizationUrl>http://www.itumi.biz/</organizationUrl>
 +            <roles>
 +                <role>developer</role>
 +                <role>documentation</role>
 +            </roles>
 +            <timezone>-5</timezone>
 +        </developer>
 +        <developer>
 +            <id>wnorris</id>
 +            <name>Will Norris</name>
 +            <organization>Google, Inc.</organization>
 +            <organizationUrl>http://www.google.com/</organizationUrl>
 +            <roles>
 +                <role>developer</role>
 +            </roles>
 +            <timezone>-8</timezone>
 +        </developer>
 +        <developer>
 +            <id>rdw</id>
 +            <name>Rod Widdowson</name>
 +            <organization>University of Edinburgh</organization>
 +            <organizationUrl>http://www.ed.ac.uk/</organizationUrl>
 +            <roles>
 +                <role>developer</role>
 +            </roles>
 +            <timezone>0</timezone>
 +        </developer>
 +    </developers>
  </project>
@@@ -1,5 -1,7 +1,7 @@@
  <?xml version="1.0" encoding="UTF-8"?>
- <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
+ <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+                         xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
  
      <!-- Error Handler -->
      <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
          <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
      </ph:ProfileHandler>    
  
-     <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post                                                  urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
+     <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post
+                                                    urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
          <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
      </ph:ProfileHandler>
      
-     <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+     <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
          <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
      </ph:ProfileHandler>
      
-     <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+     <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
          <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
      </ph:ProfileHandler>
      
-     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
          <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
      </ph:ProfileHandler>
  
-     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
          <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
      </ph:ProfileHandler>
  
-     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
          <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
      </ph:ProfileHandler>
  
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
 +        <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
 +        <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +
 +    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
 +                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
 +                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
 +        <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
 +    </ph:ProfileHandler>
 +    
-     <ph:ProfileHandler xsi:type="ph:SAML2SSO"
-                     inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
-                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
-                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
-     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
          <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
      </ph:ProfileHandler>
  
-     <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+     <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
          <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
      </ph:ProfileHandler>
  
-     <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+     <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
          <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
      </ph:ProfileHandler>
      
-     <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+     <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
+                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
          <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
      </ph:ProfileHandler>
      
      <!-- Login Handlers -->
--    <ph:LoginHandler xsi:type="ph:RemoteUser">
++    <!-- <ph:LoginHandler xsi:type="ph:RemoteUser">
          <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
--    </ph:LoginHandler>
++    </ph:LoginHandler>-->
      
      <!-- Login handler that delegates the act of authentication to an external system. -->
      <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
      </ph:LoginHandler>
      -->
      
--    <!--  Username/password login handler -->
--    <!-- 
++    <!--  Username/password login handler -->   
      <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                    jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
          <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
      </ph:LoginHandler>
--    -->
++    
      
      <!-- 
          Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
@@@ -6,7 -6,17 +6,17 @@@
      particular relying party should be signed.  It also includes metadata provider and credential definitions used 
      when answering requests to a relying party.
  -->
- <rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml" xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml" xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd                                        urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd                                        urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd                                        urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd                                        urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
+ <rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml" 
+                       xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" 
+                       xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml" 
+                       xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+                       xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
+                                           urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
+                                           urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
+                                           urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd 
+                                           urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
+                                           urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
+                                           urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
                                         
      <!-- ========================================== -->
      <!--      Relying Party Configurations          -->
              We list them here so that people are aware of them (since they seem reluctant to 
              read the documentation).
          -->
-         <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" 
+                                  assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
                                
-         <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M" 
+                                  signResponses="conditional" signAssertions="never"/>
          
-         <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" signAssertions="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" 
+                                  signAssertions="never"/>
          
-         <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" 
+                                  assertionLifetime="PT5M" assertionProxyCount="0" 
+                                  signResponses="never" signAssertions="always" 
+                                  encryptAssertions="conditional" encryptNameIds="never"/>
  
-         <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true" 
+                                  assertionLifetime="PT5M" assertionProxyCount="0" 
+                                  signResponses="never" signAssertions="always" 
+                                  encryptAssertions="conditional" encryptNameIds="never"/>
  
-         <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="conditional" signAssertions="never" encryptAssertions="conditional" encryptNameIds="never"/>
+         <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
+                                  assertionLifetime="PT5M" assertionProxyCount="0" 
+                                  signResponses="conditional" signAssertions="never" 
+                                  encryptAssertions="conditional" encryptNameIds="never"/>
          
          <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
 -                                 signResponses="never" signAssertions="always" 
 -                                 encryptAssertions="conditional" encryptNameIds="never"/>
 +                              signResponses="never"
 +                              signAssertions="always"
 +                              encryptAssertions="conditional"
 +                              encryptNameIds="never"/>
 +
 +        <rp:ProfileConfiguration xsi:type="saml:SAML2LogoutRequestProfile"
 +                              signResponses="always"
 +                              signAssertions="never"
 +                              encryptAssertions="never"
-                               encryptNameIds="conditional" />
-         <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
++                              encryptNameIds="never"
++                            frontChannelResponseTimeout="20000"
++                              backChannelConnectionPoolTimeout="2000"
++                              backChannelConnectionTimeout="2000"
++                              backChannelResponseTimeout="5000"  />
          
      </rp:DefaultRelyingParty>
          
@@@ -19,20 -19,7 +19,20 @@@ $IDP_CERTIFICATE
          
          <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
  
 -        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
 +        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
 +                                   Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/ArtifactResolution" 
 +                                   index="2"/>
 +        
 +        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
 +                             Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SLO" 
 +                             ResponseLocation="https://$IDP_HOSTNAME$/idp/profile/SAML2/Redirect/SLO"/>
 +        
 +        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
 +                             Location="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SLO" 
 +                             ResponseLocation="https://$IDP_HOSTNAME$/idp/profile/SAML2/POST/SLO"/>
 +        
 +        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
 +                             Location="https://$IDP_HOSTNAME$:8443/idp/profile/SAML2/SOAP/SLO" />
                                     
          <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
          <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
@@@ -71,8 -58,4 +71,4 @@@ $IDP_CERTIFICATE
          
      </AttributeAuthorityDescriptor>
      
- <<<<<<< HEAD
 -</EntityDescriptor>
 +</EntityDescriptor>    
- =======
- </EntityDescriptor>
- >>>>>>> master
          </xsd:complexContent>
      </xsd:complexType>
  
 +    <xsd:complexType name="SAML2SLO">
 +        <xsd:annotation>
 +            <xsd:documentation>Configuration type for SAML 2 SLO profile handlers.</xsd:documentation>
 +        </xsd:annotation>
 +        <xsd:complexContent>
 +            <xsd:extension base="SAML2ProfileHandler" />
 +        </xsd:complexContent>
 +    </xsd:complexType>
 +
      <xsd:complexType name="SAML2ECP">
          <xsd:annotation>
              <xsd:documentation>Configuration type for ECP SAML 2 SSO profile handlers.</xsd:documentation>
                          </xsd:documentation>
                      </xsd:annotation>
                  </xsd:attribute>
+                 <xsd:attribute name="supportsForcedAuthentication" type="xsd:boolean">
+                     <xsd:annotation>
+                         <xsd:documentation>
+                             Indicates whether the external authentication supports force re-authentication.
+                         </xsd:documentation>
+                     </xsd:annotation>
+                 </xsd:attribute>
+                 <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean">
+                     <xsd:annotation>
+                         <xsd:documentation>
+                             Indicates whether the external authentication supports passive authentication.
+                         </xsd:documentation>
+                     </xsd:annotation>
+                 </xsd:attribute>
              </xsd:extension>
          </xsd:complexContent>
      </xsd:complexType>