From fca2c7bd3202bfe14069c69c9fe258d66c026148 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Tue, 16 Oct 2018 09:13:33 -0500
Subject: [PATCH 1/2] [nojira] temp for for whitelist filter

---
 .../admin/ui/service/JPAMetadataResolverServiceImpl.groovy     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index ec11c9e43..bda84739e 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -205,7 +205,8 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                 'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata'
         ) {
             filter.retainedRoles.each {
-                markupBuilderDelegate.RetainedRole(it)
+                // TODO: fix
+                markupBuilderDelegate.RetainedRole(it.startsWith('md:') ?: "md:${it}")
             }
         }
     }

From 18ee7678b5090f217259ecdb19611caf88839405 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Tue, 16 Oct 2018 10:05:43 -0500
Subject: [PATCH 2/2] [nojira] temp for for whitelist filter

---
 .../admin/ui/service/JPAMetadataResolverServiceImpl.groovy    | 2 +-
 backend/src/test/resources/conf/533.xml                       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index bda84739e..4e6879d0f 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -206,7 +206,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         ) {
             filter.retainedRoles.each {
                 // TODO: fix
-                markupBuilderDelegate.RetainedRole(it.startsWith('md:') ?: "md:${it}")
+                markupBuilderDelegate.RetainedRole(it.startsWith('md:') ? it : "md:${it}")
             }
         }
     }
diff --git a/backend/src/test/resources/conf/533.xml b/backend/src/test/resources/conf/533.xml
index 2120be543..66cc376ef 100644
--- a/backend/src/test/resources/conf/533.xml
+++ b/backend/src/test/resources/conf/533.xml
@@ -6,7 +6,7 @@
                   xsi:type="ChainingMetadataProvider"
                   xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd">
     <MetadataFilter xsi:type="EntityRoleWhiteList" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-        <RetainedRole>role1</RetainedRole>
-        <RetainedRole>role2</RetainedRole>
+        <RetainedRole>md:role1</RetainedRole>
+        <RetainedRole>md:role2</RetainedRole>
     </MetadataFilter>
 </MetadataProvider>