From 3c4526ca2bc0d6b5bd92d93c8ef585854525b353 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Wed, 6 Jul 2022 13:13:28 -0700
Subject: [PATCH 1/9] Fixed access to non-admin pages

---
 ui/src/app/App.js | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/ui/src/app/App.js b/ui/src/app/App.js
index 20331e4e8..546241f10 100644
--- a/ui/src/app/App.js
+++ b/ui/src/app/App.js
@@ -33,6 +33,7 @@ import { SessionModal } from './core/user/SessionModal';
 import { Roles } from './admin/Roles';
 import { Groups } from './admin/Groups';
 import { BASE_PATH } from './App.constant';
+import { ProtectRoute } from './core/components/ProtectRoute';
 
 
 function App() {
@@ -81,12 +82,32 @@ function App() {
                                                     </Route>
                                                     <Route path="/dashboard" component={Dashboard} />
                                                     <Route path="/metadata/source/new" component={NewSource} />
-                                                    <Route path="/metadata/provider/new" component={NewProvider} />
-                                                    <Route path="/metadata/attributes" component={Attribute} />
-                                                    <Route path="/metadata/provider/:id/filter" component={Filter} />
+                                                    <Route path="/metadata/provider/new" render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <NewProvider />
+                                                        </ProtectRoute>
+                                                    } />
+                                                    <Route path="/metadata/attributes"  render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Attribute />
+                                                        </ProtectRoute>
+                                                    } />
+                                                    <Route path="/metadata/provider/:id/filter"  render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Filter />
+                                                        </ProtectRoute>
+                                                    } />
                                                     <Route path="/metadata/:type/:id" component={Metadata} />
-                                                    <Route path="/roles" component={Roles} />
-                                                    <Route path="/groups" component={Groups} />
+                                                    <Route path="/roles" render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Roles />
+                                                        </ProtectRoute>
+                                                    } />
+                                                    <Route path="/groups" render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Groups />
+                                                        </ProtectRoute>
+                                                    } />
                                                     <Route path="*">
                                                         <Redirect to="/dashboard" />
                                                     </Route>

From f5a59a7b73a6014fddc1b16313d5ba3991993206 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Wed, 27 Jul 2022 12:39:22 -0700
Subject: [PATCH 2/9] Fixed admin route

---
 ui/src/app/dashboard/view/Dashboard.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ui/src/app/dashboard/view/Dashboard.js b/ui/src/app/dashboard/view/Dashboard.js
index e5f145572..b1d058eaf 100644
--- a/ui/src/app/dashboard/view/Dashboard.js
+++ b/ui/src/app/dashboard/view/Dashboard.js
@@ -112,6 +112,9 @@ export function Dashboard () {
                         <ActionsTab sources={sources} users={users} reloadSources={loadSources} reloadUsers={loadUsers} />
                     </ProtectRoute>
                 } />
+                <Route exact path={`${path}/*`}>
+                    <Redirect to={`${url}/metadata/manager/resolvers`} />
+                </Route>
             </Switch></>
             }
         </div>

From 999a13bc17aeab4323f7c09ddca3d7a5cef8415b Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Wed, 27 Jul 2022 13:31:27 -0700
Subject: [PATCH 3/9] SHIBUI-2327

Adding missing libraries and needed marshalling configuration for using pac4j


Former-commit-id: 43adf94c105deac73f3993f3e6feb0b47e3096d5
---
 .../resources/modified-saml2-assertion-config.xml  | 14 +++++++++++++-
 pac4j-module/build.gradle                          |  3 +++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/resources/modified-saml2-assertion-config.xml b/backend/src/main/resources/modified-saml2-assertion-config.xml
index 2f09fa77b..3349e4558 100644
--- a/backend/src/main/resources/modified-saml2-assertion-config.xml
+++ b/backend/src/main/resources/modified-saml2-assertion-config.xml
@@ -230,7 +230,19 @@
             <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
             <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
         </ObjectProvider>
- 
+
+        <ObjectProvider qualifiedName="saml2:Issuer">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
+        <ObjectProvider qualifiedName="saml2:IssuerType">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
         <!-- OneTimeUse -->
         <ObjectProvider qualifiedName="saml2:OneTimeUse">
             <BuilderClass className="org.opensaml.saml.saml2.core.impl.OneTimeUseBuilder"/>
diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle
index 6a1295758..4080df12a 100644
--- a/pac4j-module/build.gradle
+++ b/pac4j-module/build.gradle
@@ -46,8 +46,11 @@ dependencies {
         exclude group: 'org.opensaml'
         exclude group: 'commons-collections'
     }
+    // But we do need this opensaml lib that wasn't provided
+    implementation "org.opensaml:opensaml-storage-impl:${project.'opensamlVersion'}"
     compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}"
 
+
     testCompile project(':backend')
     testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}"
 

From cf6e0b66a8613c15af0808da1307f6a540f44d87 Mon Sep 17 00:00:00 2001
From: Jj! <jsjohnson@unicon.net>
Date: Fri, 29 Jul 2022 16:21:52 -0500
Subject: [PATCH 4/9] [SHIBUI-2327] add provider configuration for signatures
 implement method for X509

Former-commit-id: 9f30396346908bdbc0740a2d4b6aa1ffdbd1e518
---
 .../shibboleth/admin/ui/domain/X509Data.java  |   4 +-
 .../main/resources/jpa-signature-config.xml   | 268 ++++++++++++++++++
 2 files changed, 271 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java
index e875932cd..7afd88814 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java
@@ -19,6 +19,7 @@
 import javax.xml.namespace.QName;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -74,10 +75,11 @@ public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X50
         this.xmlObjects.add(x509Certificate);
     }
 
+    // TODO: might need to really implement this
     @Nonnull
     @Override
     public List<X509CRL> getX509CRLs() {
-        return null;
+        return Collections.EMPTY_LIST;
     }
 
     @Nonnull
diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml
index 0a6696db5..22f00e04b 100644
--- a/backend/src/main/resources/jpa-signature-config.xml
+++ b/backend/src/main/resources/jpa-signature-config.xml
@@ -39,6 +39,274 @@
             <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DataMarshaller"/>
             <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DataUnmarshaller"/>
         </ObjectProvider>
+
+        <!-- Jj! -->
+
+        <!-- CryptoBinary type -->
+        <ObjectProvider qualifiedName="ds:CryptoBinary">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- DigestMethod -->
+        <ObjectProvider qualifiedName="ds:DigestMethod">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DigestMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- DSAKeyValue -->
+        <ObjectProvider qualifiedName="ds:DSAKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Exponent -->
+        <ObjectProvider qualifiedName="ds:Exponent">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ExponentBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- G -->
+        <ObjectProvider qualifiedName="ds:G">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.GBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- J -->
+        <ObjectProvider qualifiedName="ds:J">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.JBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- KeyValue -->
+        <ObjectProvider qualifiedName="ds:KeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.KeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- MgmtData -->
+        <ObjectProvider qualifiedName="ds:MgmtData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.MgmtDataBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Modulus -->
+        <ObjectProvider qualifiedName="ds:Modulus">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ModulusBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- P -->
+        <ObjectProvider qualifiedName="ds:P">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PgenCounter -->
+        <ObjectProvider qualifiedName="ds:PgenCounter">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PgenCounterBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPData -->
+        <ObjectProvider qualifiedName="ds:PGPData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPDataBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.PGPDataMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.PGPDataUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPKeyID -->
+        <ObjectProvider qualifiedName="ds:PGPKeyID">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPKeyIDBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPKeyPacket -->
+        <ObjectProvider qualifiedName="ds:PGPKeyPacket">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPKeyPacketBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Q -->
+        <ObjectProvider qualifiedName="ds:Q">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.QBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- RetrievalMethod -->
+        <ObjectProvider qualifiedName="ds:RetrievalMethod">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- RSAKeyValue -->
+        <ObjectProvider qualifiedName="ds:RSAKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Seed -->
+        <ObjectProvider qualifiedName="ds:Seed">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SeedBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Signature -->
+        <ObjectProvider qualifiedName="ds:Signature">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SignatureBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureUnmarshaller"/>
+        </ObjectProvider>
+        <ObjectProvider qualifiedName="ds:SignatureType">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SignatureBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- SPKIData -->
+        <ObjectProvider qualifiedName="ds:SPKIData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SPKIDataBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SPKIDataMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SPKIDataUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- SPKISexp -->
+        <ObjectProvider qualifiedName="ds:SPKISexp">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SPKISexpBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Transform -->
+        <ObjectProvider qualifiedName="ds:Transform">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.TransformBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Transforms -->
+        <ObjectProvider qualifiedName="ds:Transforms">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.TransformsBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformsMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformsUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- XPath -->
+        <ObjectProvider qualifiedName="ds:XPath">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.XPathBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509CRL -->
+        <ObjectProvider qualifiedName="ds:X509CRL">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509CRLBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509IssuerName -->
+        <ObjectProvider qualifiedName="ds:X509IssuerName">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509IssuerNameBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509IssuerSerial -->
+        <ObjectProvider qualifiedName="ds:X509IssuerSerial">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SerialNumber -->
+        <ObjectProvider qualifiedName="ds:X509SerialNumber">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SKI -->
+        <ObjectProvider qualifiedName="ds:X509SKI">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SKIBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SubjectName -->
+        <ObjectProvider qualifiedName="ds:X509SubjectName">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Y -->
+        <ObjectProvider qualifiedName="ds:Y">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.YBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- 1.1 Stuff -->
+
+        <!-- DEREncodedKeyValue -->
+        <ObjectProvider qualifiedName="ds11:DEREncodedKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- ECKeyValue -->
+        <ObjectProvider qualifiedName="ds11:ECKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- KeyInfoReference -->
+        <ObjectProvider qualifiedName="ds11:KeyInfoReference">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- NamedCurve -->
+        <ObjectProvider qualifiedName="ds11:NamedCurve">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.NamedCurveBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.NamedCurveMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.NamedCurveUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PublicKey -->
+        <ObjectProvider qualifiedName="ds11:PublicKey">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PublicKeyBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509Digest -->
+        <ObjectProvider qualifiedName="ds11:X509Digest">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509DigestBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DigestMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DigestUnmarshaller"/>
+        </ObjectProvider>
         
     </ObjectProviders>
     

From dd301d6acc2ad934152ee6e87ca6843545d870bb Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 29 Jul 2022 15:56:56 -0700
Subject: [PATCH 5/9] SHIBUI-2327

Commented out block of builder-marshaller-unmarshaller that was causing conflict with testing


Former-commit-id: 604297a47a8ecaaaf718e839f2e9e1c3b925f886
---
 backend/src/main/resources/jpa-signature-config.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml
index 22f00e04b..9a8da32e8 100644
--- a/backend/src/main/resources/jpa-signature-config.xml
+++ b/backend/src/main/resources/jpa-signature-config.xml
@@ -250,12 +250,12 @@
             <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
         </ObjectProvider>
 
-        <!-- X509SubjectName -->
+        <!-- X509SubjectName : CONFLICT/BREAKING to add this
         <ObjectProvider qualifiedName="ds:X509SubjectName">
             <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder"/>
             <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
             <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
-        </ObjectProvider>
+        </ObjectProvider>-->
 
         <!-- Y -->
         <ObjectProvider qualifiedName="ds:Y">
@@ -310,4 +310,4 @@
         
     </ObjectProviders>
     
-</XMLTooling>
+</XMLTooling>
\ No newline at end of file

From 417e0e40de160e85d5f932e89270a150e050c1e7 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Mon, 1 Aug 2022 12:27:39 -0700
Subject: [PATCH 6/9] SHIBUI-2327

Correcting security filter to work properly using the pac4j settup


Former-commit-id: 621969d3e32f6a8756d245b8675781de5e9d1459
---
 .../src/main/java/net/unicon/shibui/pac4j/WebSecurity.java | 7 +++++--
 testbed/authentication/docker-compose.yml                  | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
index a67bf4a96..884569ac7 100644
--- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
+++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -5,7 +5,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EmailService;
-import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+import org.pac4j.core.authorization.authorizer.DefaultAuthorizers;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.matching.matcher.Matcher;
 import org.pac4j.springframework.security.web.CallbackFilter;
@@ -26,6 +26,8 @@
 import javax.servlet.Filter;
 import java.util.Optional;
 
+import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+
 @Configuration
 @AutoConfigureOrder(-1)
 @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
@@ -62,7 +64,8 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe
         protected void configure(HttpSecurity http) throws Exception {
             http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll();
 
-            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME);
+            // adding the authorizor bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker
+            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED);
 
             // add filter based on auth type 
             http.antMatcher("/**").addFilterBefore(getFilter(config, pac4jConfigurationProperties.getTypeOfAuth()), BasicAuthenticationFilter.class);
diff --git a/testbed/authentication/docker-compose.yml b/testbed/authentication/docker-compose.yml
index 884042c4a..42b12cb6a 100644
--- a/testbed/authentication/docker-compose.yml
+++ b/testbed/authentication/docker-compose.yml
@@ -20,7 +20,7 @@ services:
       - "8080:8080"
       - "443:443"
       - "8443:8443"
-#      - "8000:8000"
+      - "9090:9090"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../reverse-proxy/:/configuration/
@@ -72,6 +72,7 @@ services:
       - ./shibui/application.yml:/application.yml
     ports:
       - "8000:8000"
+#      - "9090:9090"
     entrypoint: ["/usr/bin/java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000", "-jar", "app.war"]
 networks:
   reverse-proxy:

From a1e016035cca43dbd26245056113371c7efb2e4f Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Mon, 1 Aug 2022 14:16:55 -0700
Subject: [PATCH 7/9]  [Gradle Release Plugin] - pre tag commit:  '1.11.1'.

Former-commit-id: 616fd4b5b7a1a2e90ee09d9394a1c16835fcec47
---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index 7efe1ae08..a834b2548 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 name=shibui
 group=edu.internet2.tier.shibboleth.admin.ui
-version=1.12.0-SNAPSHOT
+version=1.11.1
 
 ### library versions ###
 commonsCollections4Version=4.4

From e95f2a2d714d62cc718bec044bebccb3f638e121 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Mon, 1 Aug 2022 14:37:46 -0700
Subject: [PATCH 8/9] NOJIRA Reverting version to fix release

Former-commit-id: 204b894bb6eb214f403279feed77f8575653787f
---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index a834b2548..f5fa06b55 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 name=shibui
 group=edu.internet2.tier.shibboleth.admin.ui
-version=1.11.1
+version=1.11.0-SNAPSHOT
 
 ### library versions ###
 commonsCollections4Version=4.4

From 9c375eb97d7f66f379ad769506e473dfccc4bb05 Mon Sep 17 00:00:00 2001
From: Charles Hasegawa <chasegawa@unicon.net>
Date: Mon, 1 Aug 2022 22:53:09 +0000
Subject: [PATCH 9/9] gradle.properties edited online with Bitbucket -
 correcting version number

Former-commit-id: 487dbb46c5199f64ddf7c88b5470f69bf6e466ee
---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index f5fa06b55..7efe1ae08 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 name=shibui
 group=edu.internet2.tier.shibboleth.admin.ui
-version=1.11.0-SNAPSHOT
+version=1.12.0-SNAPSHOT
 
 ### library versions ###
 commonsCollections4Version=4.4