From a350d33cae6a01d9984d652774a935dd6b920ceb Mon Sep 17 00:00:00 2001
From: Bill Smith <wsmith@unicon.net>
Date: Mon, 3 Dec 2018 14:29:34 -0700
Subject: [PATCH 01/10] [SHIBUI-1001]

Modified resolver initialization code to move shared code into a method.
PUT and POST now both behave the same way with the same error message
when there is a file not found exception.
---
 .../MetadataResolversController.java          | 34 +++++++++++--------
 .../main/resources/i18n/messages.properties   |  1 +
 .../resources/i18n/messages_en.properties     |  1 +
 3 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java
index 4593d8bbf..59fed8e93 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java
@@ -119,11 +119,9 @@ public ResponseEntity<?> create(@RequestBody MetadataResolver newResolver) throw
         MetadataResolver persistedResolver = resolverRepository.save(newResolver);
         positionOrderContainerService.appendPositionOrderForNew(persistedResolver);
 
-        //TODO: currently, the update call might explode, but the save works.. in which case, the UI never gets
-        // n valid response. This operation is not atomic. Should we return an error here?
-        if (persistedResolver.getDoInitialization()) {
-            org.opensaml.saml.metadata.resolver.MetadataResolver openSamlRepresentation = metadataResolverConverterService.convertToOpenSamlRepresentation(persistedResolver);
-            OpenSamlChainingMetadataResolverUtil.updateChainingMetadataResolver((OpenSamlChainingMetadataResolver) chainingMetadataResolver, openSamlRepresentation);
+        ResponseEntity initializationError = doResolverInitialization(persistedResolver);
+        if (initializationError != null) {
+            return initializationError;
         }
 
         return ResponseEntity.created(getResourceUriFor(persistedResolver)).body(persistedResolver);
@@ -151,15 +149,9 @@ public ResponseEntity<?> update(@PathVariable String resourceId, @RequestBody Me
 
         MetadataResolver persistedResolver = resolverRepository.save(updatedResolver);
 
-        if (persistedResolver.getDoInitialization()) {
-            org.opensaml.saml.metadata.resolver.MetadataResolver openSamlRepresentation = null;
-            try {
-                openSamlRepresentation = metadataResolverConverterService.convertToOpenSamlRepresentation(persistedResolver);
-            } catch (FileNotFoundException e) {
-                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
-                        .body(new ErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR.toString(), "label.file-doesnt-exist"));
-            }
-            OpenSamlChainingMetadataResolverUtil.updateChainingMetadataResolver((OpenSamlChainingMetadataResolver) chainingMetadataResolver, openSamlRepresentation);
+        ResponseEntity initializationError = doResolverInitialization(persistedResolver);
+        if (initializationError != null) {
+            return initializationError;
         }
 
         return ResponseEntity.ok(persistedResolver);
@@ -181,4 +173,18 @@ private static URI getResourceUriFor(MetadataResolver resolver) {
                 .build()
                 .toUri();
     }
+
+    private ResponseEntity<?> doResolverInitialization(MetadataResolver persistedResolver) throws ComponentInitializationException, ResolverException, IOException {
+        if (persistedResolver.getDoInitialization()) {
+            org.opensaml.saml.metadata.resolver.MetadataResolver openSamlRepresentation = null;
+            try {
+                openSamlRepresentation = metadataResolverConverterService.convertToOpenSamlRepresentation(persistedResolver);
+            } catch (FileNotFoundException e) {
+                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                        .body(new ErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR.toString(), "message.file-doesnt-exist"));
+            }
+            OpenSamlChainingMetadataResolverUtil.updateChainingMetadataResolver((OpenSamlChainingMetadataResolver) chainingMetadataResolver, openSamlRepresentation);
+        }
+        return null;
+    }
 }
diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties
index 31c4de9b8..672ae51f4 100644
--- a/backend/src/main/resources/i18n/messages.properties
+++ b/backend/src/main/resources/i18n/messages.properties
@@ -397,6 +397,7 @@ message.wizard-status=Step { index } of { length }
 message.entity-id-min-unique=You must add at least one entity id target and they must each be unique.
 message.required-for-scripts=Required for Scripts
 message.required-for-regex=Required for Regex
+message.file-doesnt-exist=The requested file to be processed does not exist on the server.
 
 tooltip.entity-id=Entity ID
 tooltip.service-provider-name=Service Provider Name (Dashboard Display Only)
diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties
index 01b5c18e2..c5eabc3ee 100644
--- a/backend/src/main/resources/i18n/messages_en.properties
+++ b/backend/src/main/resources/i18n/messages_en.properties
@@ -403,6 +403,7 @@ message.wizard-status=Step { index } of { length }
 message.entity-id-min-unique=You must add at least one entity id target and they must each be unique.
 message.required-for-scripts=Required for Scripts
 message.required-for-regex=Required for Regex
+message.file-doesnt-exist=The requested file to be processed does not exist on the server.
 
 tooltip.entity-id=Entity ID
 tooltip.service-provider-name=Service Provider Name (Dashboard Display Only)

From 3f14ef499128a49ecd933722b78b43c3680a344c Mon Sep 17 00:00:00 2001
From: Dmitriy Kopylenko <dima767@gmail.com>
Date: Wed, 5 Dec 2018 08:21:33 -0500
Subject: [PATCH 02/10] SHIBUI-926

---
 .../MetadataResolversController.java          | 31 +++++++------------
 .../support/RestControllersSupport.java       |  9 +++++-
 .../MetadataFileNotFoundException.java        | 14 +++++++++
 .../MetadataResolverConverterServiceImpl.java |  2 +-
 4 files changed, 34 insertions(+), 22 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/exceptions/MetadataFileNotFoundException.java

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java
index 59fed8e93..b9a7ab3f0 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java
@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
 import com.fasterxml.jackson.databind.exc.InvalidTypeIdException;
+import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException;
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver;
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolverValidationService;
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver;
@@ -105,30 +106,26 @@ public ResponseEntity<?> getOne(@PathVariable String resourceId) {
     }
 
     @PostMapping("/MetadataResolvers")
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
     public ResponseEntity<?> create(@RequestBody MetadataResolver newResolver) throws IOException, ResolverException, ComponentInitializationException {
         if (resolverRepository.findByName(newResolver.getName()) != null) {
             return ResponseEntity.status(HttpStatus.CONFLICT).build();
         }
 
         ResponseEntity<?> validationErrorResponse = validate(newResolver);
-        if(validationErrorResponse != null) {
+        if (validationErrorResponse != null) {
             return validationErrorResponse;
         }
 
         MetadataResolver persistedResolver = resolverRepository.save(newResolver);
         positionOrderContainerService.appendPositionOrderForNew(persistedResolver);
-
-        ResponseEntity initializationError = doResolverInitialization(persistedResolver);
-        if (initializationError != null) {
-            return initializationError;
-        }
+        doResolverInitialization(persistedResolver);
 
         return ResponseEntity.created(getResourceUriFor(persistedResolver)).body(persistedResolver);
     }
 
     @PutMapping("/MetadataResolvers/{resourceId}")
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
     public ResponseEntity<?> update(@PathVariable String resourceId, @RequestBody MetadataResolver updatedResolver) throws IOException, ResolverException, ComponentInitializationException {
         MetadataResolver existingResolver = resolverRepository.findByResourceId(resourceId);
         if (existingResolver == null) {
@@ -141,18 +138,13 @@ public ResponseEntity<?> update(@PathVariable String resourceId, @RequestBody Me
         }
 
         ResponseEntity<?> validationErrorResponse = validate(updatedResolver);
-        if(validationErrorResponse != null) {
+        if (validationErrorResponse != null) {
             return validationErrorResponse;
         }
 
         updatedResolver.setAudId(existingResolver.getAudId());
-
         MetadataResolver persistedResolver = resolverRepository.save(updatedResolver);
-
-        ResponseEntity initializationError = doResolverInitialization(persistedResolver);
-        if (initializationError != null) {
-            return initializationError;
-        }
+        doResolverInitialization(persistedResolver);
 
         return ResponseEntity.ok(persistedResolver);
     }
@@ -160,7 +152,7 @@ public ResponseEntity<?> update(@PathVariable String resourceId, @RequestBody Me
     @SuppressWarnings("Unchecked")
     private ResponseEntity<?> validate(MetadataResolver metadataResolver) {
         ValidationResult validationResult = metadataResolverValidationService.validateIfNecessary(metadataResolver);
-        if(!validationResult.isValid()) {
+        if (!validationResult.isValid()) {
             return ResponseEntity.badRequest().body(validationResult.getErrorMessage());
         }
         return null;
@@ -174,17 +166,16 @@ private static URI getResourceUriFor(MetadataResolver resolver) {
                 .toUri();
     }
 
-    private ResponseEntity<?> doResolverInitialization(MetadataResolver persistedResolver) throws ComponentInitializationException, ResolverException, IOException {
+    private void doResolverInitialization(MetadataResolver persistedResolver) throws
+            ComponentInitializationException, ResolverException, IOException {
         if (persistedResolver.getDoInitialization()) {
             org.opensaml.saml.metadata.resolver.MetadataResolver openSamlRepresentation = null;
             try {
                 openSamlRepresentation = metadataResolverConverterService.convertToOpenSamlRepresentation(persistedResolver);
             } catch (FileNotFoundException e) {
-                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
-                        .body(new ErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR.toString(), "message.file-doesnt-exist"));
+                throw new MetadataFileNotFoundException("message.file-doesnt-exist");
             }
             OpenSamlChainingMetadataResolverUtil.updateChainingMetadataResolver((OpenSamlChainingMetadataResolver) chainingMetadataResolver, openSamlRepresentation);
         }
-        return null;
     }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/support/RestControllersSupport.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/support/RestControllersSupport.java
index 7dc1a9abe..1adb07d6d 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/support/RestControllersSupport.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/support/RestControllersSupport.java
@@ -1,7 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller.support;
 
-import com.google.common.collect.ImmutableMap;
 import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse;
+import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException;
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -11,6 +11,7 @@
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.client.HttpClientErrorException;
 
+import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
 
 /**
@@ -46,4 +47,10 @@ public final ResponseEntity<ErrorResponse> handleAllOtherExceptions(Exception ex
         ErrorResponse errorResponse = new ErrorResponse("400", ex.getLocalizedMessage());
         return new ResponseEntity<>(errorResponse, HttpStatus.BAD_REQUEST);
     }
+
+    @ExceptionHandler(MetadataFileNotFoundException.class)
+    public final ResponseEntity<ErrorResponse> metadataFileNotFoundHandler(MetadataFileNotFoundException ex) {
+        ErrorResponse errorResponse = new ErrorResponse(INTERNAL_SERVER_ERROR.toString(), ex.getLocalizedMessage());
+        return new ResponseEntity<>(errorResponse, INTERNAL_SERVER_ERROR);
+    }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/exceptions/MetadataFileNotFoundException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/exceptions/MetadataFileNotFoundException.java
new file mode 100644
index 000000000..bc3dd1493
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/exceptions/MetadataFileNotFoundException.java
@@ -0,0 +1,14 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain.exceptions;
+
+/**
+ * Indicates that provided metadata file is not found. Thrown during opensaml API initialization code path, if there is
+ * such. Throwing such exception is useful in @Transactional context for atomic transaction rollbacks, etc.
+ *
+ * @author Dmitriy Kopylenko
+ */
+public class MetadataFileNotFoundException extends RuntimeException {
+
+    public MetadataFileNotFoundException(String message) {
+        super(message);
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java
index ccb77164c..8088793a9 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java
@@ -64,7 +64,7 @@ private OpenSamlFilesystemMetadataResolver convertToOpenSamlRepresentation(Files
         IndexWriter indexWriter = indexWriterService.getIndexWriter(resolver.getResourceId());
         File metadataFile = new File(resolver.getMetadataFile());
         if (resolver.getDoInitialization() && !metadataFile.exists()) {
-            throw new FileNotFoundException("No file was found on the fileysystem for provided filename: " + resolver.getMetadataFile());
+            throw new FileNotFoundException("No file was found on the file system for provided filename: " + resolver.getMetadataFile());
         }
 
         OpenSamlFilesystemMetadataResolver openSamlResolver = new OpenSamlFilesystemMetadataResolver(openSamlObjects.getParserPool(),

From 0c1304a8d16ed17f21ad5dcad6aa1697d0c8ca68 Mon Sep 17 00:00:00 2001
From: Jodie Muramoto <jmuramoto@unicon.net>
Date: Thu, 6 Dec 2018 10:50:32 -0700
Subject: [PATCH 03/10] SHIBUI-1010: Removed redundant ARIA roles and
 attributes (if button is semantic, does not need the role of button, etc.);

---
 .../resources/local-dynamic-metadata-provider.schema.json  | 2 +-
 ui/src/app/app.component.html                              | 3 +--
 .../domain/component/wizard-summary.component.html         | 6 +++---
 .../metadata/filter/container/edit-filter.component.html   | 2 +-
 .../metadata/filter/container/new-filter.component.html    | 2 +-
 .../app/metadata/manager/container/manager.component.html  | 2 +-
 .../provider/container/provider-wizard.component.html      | 5 +++--
 .../resolver/container/blank-resolver.component.html       | 2 +-
 .../resolver/container/confirm-copy.component.html         | 6 +++---
 .../resolver/container/copy-resolver.component.html        | 3 +--
 .../resolver/container/new-resolver.component.html         | 2 +-
 .../resolver/container/upload-resolver.component.html      | 2 +-
 ui/src/app/shared/autocomplete/autocomplete.component.html | 1 -
 ui/src/app/shared/component/info-icon.component.html       | 2 --
 ui/src/app/wizard/component/wizard.component.html          | 7 ++-----
 15 files changed, 20 insertions(+), 27 deletions(-)

diff --git a/backend/src/main/resources/local-dynamic-metadata-provider.schema.json b/backend/src/main/resources/local-dynamic-metadata-provider.schema.json
index bb98b8b67..c76434258 100644
--- a/backend/src/main/resources/local-dynamic-metadata-provider.schema.json
+++ b/backend/src/main/resources/local-dynamic-metadata-provider.schema.json
@@ -9,7 +9,7 @@
     "properties": {
         "name": {
             "title": "label.metadata-provider-name-display-only",
-            "description": "tooltip.metadata-provider-name",
+            "description": "tooltip.metadata-provider-name-display-only",
             "type": "string",
             "widget": {
                 "id": "string",
diff --git a/ui/src/app/app.component.html b/ui/src/app/app.component.html
index f09ae298a..b7adb997b 100644
--- a/ui/src/app/app.component.html
+++ b/ui/src/app/app.component.html
@@ -14,7 +14,6 @@
                 <button
                     class="btn btn-outline-primary btn-sm"
                     id="addNewDropdown"
-                    role="button"
                     aria-haspopup="true"
                     aria-expanded="false"
                     ngbDropdownToggle>
@@ -57,7 +56,7 @@
         </ul>
     </div>
 </nav>
-<main role="main">
+<main>
     <router-outlet></router-outlet>
     <notification-list></notification-list>
 </main>
diff --git a/ui/src/app/metadata/domain/component/wizard-summary.component.html b/ui/src/app/metadata/domain/component/wizard-summary.component.html
index e1f578180..e7ea5dbf6 100644
--- a/ui/src/app/metadata/domain/component/wizard-summary.component.html
+++ b/ui/src/app/metadata/domain/component/wizard-summary.component.html
@@ -1,12 +1,12 @@
 <div class="row">
     <div class="col-xl-6 col-xs-12" *ngFor="let sections of columns">
-        <section class="px-3" *ngFor="let section of sections; let i = index;" role="list">
-            <button (click)="gotoPage(section.id)" class="tag tag-success tag-sm my-4 text-left" [attr.aria-label]="section.label | translate" role="button">
+        <section class="px-3" *ngFor="let section of sections; let i = index;">
+            <button (click)="gotoPage(section.id)" class="tag tag-success tag-sm my-4 text-left" [attr.aria-label]="section.label | translate">
                 <span class="index">{{ section.pageNumber }}</span>
                 <translate-i18n [key]="section.label">{{ section.label }}</translate-i18n>
             </button>
             <ng-container *ngFor="let prop of section.properties">
-                <summary-property [property]="prop" role="listitem"></summary-property>
+                <summary-property [property]="prop"></summary-property>
             </ng-container>
         </section>
     </div>
diff --git a/ui/src/app/metadata/filter/container/edit-filter.component.html b/ui/src/app/metadata/filter/container/edit-filter.component.html
index e42137ebf..a7771dbef 100644
--- a/ui/src/app/metadata/filter/container/edit-filter.component.html
+++ b/ui/src/app/metadata/filter/container/edit-filter.component.html
@@ -1,4 +1,4 @@
-<div class="container-fluid p-3" role="main">
+<div class="container-fluid p-3" role="section">
     <section class="section">
         <div class="section-header bg-info p-2 text-white">
             <div class="row justify-content-between">
diff --git a/ui/src/app/metadata/filter/container/new-filter.component.html b/ui/src/app/metadata/filter/container/new-filter.component.html
index e56dc4634..08633e938 100644
--- a/ui/src/app/metadata/filter/container/new-filter.component.html
+++ b/ui/src/app/metadata/filter/container/new-filter.component.html
@@ -1,4 +1,4 @@
-<div class="container-fluid p-3" role="main">
+<div class="container-fluid p-3" role="section">
     <section class="section">
         <div class="section-header bg-info p-2 text-white">
             <div class="row justify-content-between">
diff --git a/ui/src/app/metadata/manager/container/manager.component.html b/ui/src/app/metadata/manager/container/manager.component.html
index 2c354d7e3..7803d47e5 100644
--- a/ui/src/app/metadata/manager/container/manager.component.html
+++ b/ui/src/app/metadata/manager/container/manager.component.html
@@ -1,4 +1,4 @@
-<div class="container-fluid p-3" role="main">
+<div class="container-fluid p-3" role="section">
     <ul class="nav nav-tabs">
         <li class="nav-item">
             <a class="nav-link" [routerLink]="['./', 'resolvers']" routerLinkActive="active" translate="label.metadata-sources">Metadata Sources</a>
diff --git a/ui/src/app/metadata/provider/container/provider-wizard.component.html b/ui/src/app/metadata/provider/container/provider-wizard.component.html
index b1027711b..366bb70d5 100644
--- a/ui/src/app/metadata/provider/container/provider-wizard.component.html
+++ b/ui/src/app/metadata/provider/container/provider-wizard.component.html
@@ -7,11 +7,12 @@
         </div>
     </div>
     <div class="section-body p-4 border border-top-0 border-info">
-        <div class="container-fluid p-3" role="main">
+        <div class="container-fluid p-3">
             <wizard
                 (onNext)="next()"
                 (onPrevious)="previous()"
-                (onSave)="save()"></wizard>
+                (onSave)="save()"
+                role="navigation"></wizard>
             <hr />
             <div class="row">
                 <div class="col col-xl-6 col-lg-9 col-xs-12">
diff --git a/ui/src/app/metadata/resolver/container/blank-resolver.component.html b/ui/src/app/metadata/resolver/container/blank-resolver.component.html
index 5229f61f1..70ee5fa19 100644
--- a/ui/src/app/metadata/resolver/container/blank-resolver.component.html
+++ b/ui/src/app/metadata/resolver/container/blank-resolver.component.html
@@ -9,7 +9,7 @@ <h3 class="tag tag-primary">
                     </h3>
                 </li>
                 <li class="nav-item">
-                    <button class="nav-link next btn clearfix" (click)="next()" [disabled]="providerForm.invalid" aria-label="Next: Step 2, Organization information" role="button">
+                    <button class="nav-link next btn clearfix" (click)="next()" [disabled]="providerForm.invalid" aria-label="Next: Step 2, Organization information">
                         <span class="label pull-left">
                             2.
                             <translate-i18n key="label.org-info">Organization Information</translate-i18n>
diff --git a/ui/src/app/metadata/resolver/container/confirm-copy.component.html b/ui/src/app/metadata/resolver/container/confirm-copy.component.html
index 1259dc568..808f4f3a8 100644
--- a/ui/src/app/metadata/resolver/container/confirm-copy.component.html
+++ b/ui/src/app/metadata/resolver/container/confirm-copy.component.html
@@ -1,4 +1,4 @@
-<div class="container-fluid p-3" role="main">
+<div class="container-fluid p-3" role="section">
     <section class="section" aria-label="Add a new metadata source - how are you adding the metadata information?" tabindex="0">
         <div class="section-header bg-info p-2 text-white">
             <div class="row justify-content-between">
@@ -10,7 +10,7 @@
         <div class="section-body p-4 border border-top-0 border-info">
             <ul class="nav nav-wizard m-3">
                 <li class="nav-item">
-                    <button class="nav-link previous btn clearfix" role="button" [routerLink]="['../']">
+                    <button class="nav-link previous btn clearfix" [routerLink]="['../']">
                         <span class="direction pull-left">
                             <i class="fa fa-fw fa-arrow-circle-left d-block fa-2x"></i>
                             <translate-i18n key="action.back">Back</translate-i18n>
@@ -27,7 +27,7 @@ <h3 class="tag tag-primary">
                     </h3>
                 </li>
                 <li class="nav-item">
-                    <button class="nav-link save btn" aria-label="Save" role="button" (click)="onSave(resolver)" [disabled]="saving$ | async">
+                    <button class="nav-link save btn" aria-label="Save" (click)="onSave(resolver)" [disabled]="saving$ | async">
                         <span class="label pull-left" translate="action.save">Save</span>
                         <span class="direction pull-right">
                             <i class="fa fa-fw next d-block fa-2x"
diff --git a/ui/src/app/metadata/resolver/container/copy-resolver.component.html b/ui/src/app/metadata/resolver/container/copy-resolver.component.html
index acbbd1908..58fd5bffe 100644
--- a/ui/src/app/metadata/resolver/container/copy-resolver.component.html
+++ b/ui/src/app/metadata/resolver/container/copy-resolver.component.html
@@ -9,8 +9,7 @@ <h3 class="tag tag-primary">
                     </h3>
                 </li>
                 <li class="nav-item">
-                    <button class="nav-link next btn clearfix" (click)="next()" [disabled]="providerForm.invalid" aria-label="Next: Step 2, Organization information"
-                        role="button">
+                    <button class="nav-link next btn clearfix" (click)="next()" [disabled]="providerForm.invalid" aria-label="Next: Step 2, Organization information">
                         <span class="label pull-left" translate="label.finish-summary-validation">
                             Finished!
                         </span>
diff --git a/ui/src/app/metadata/resolver/container/new-resolver.component.html b/ui/src/app/metadata/resolver/container/new-resolver.component.html
index efaea7239..b20b15c51 100644
--- a/ui/src/app/metadata/resolver/container/new-resolver.component.html
+++ b/ui/src/app/metadata/resolver/container/new-resolver.component.html
@@ -1,4 +1,4 @@
-<div class="container-fluid p-3" role="main">
+<div class="container-fluid p-3" role="section">
     <section class="section" aria-label="Add a new metadata source - how are you adding the metadata information?" tabindex="0">
         <div class="section-header bg-info p-2 text-white">
             <div class="row justify-content-between">
diff --git a/ui/src/app/metadata/resolver/container/upload-resolver.component.html b/ui/src/app/metadata/resolver/container/upload-resolver.component.html
index 8bae4bc0d..dcd14a93e 100644
--- a/ui/src/app/metadata/resolver/container/upload-resolver.component.html
+++ b/ui/src/app/metadata/resolver/container/upload-resolver.component.html
@@ -9,7 +9,7 @@ <h3 class="tag tag-primary">
                     </h3>
                 </li>
                 <li class="nav-item">
-                    <button class="nav-link next btn clearfix" (click)="save()" [disabled]="providerForm.invalid" aria-label="Save metadata resolver" role="button">
+                    <button class="nav-link next btn clearfix" (click)="save()" [disabled]="providerForm.invalid" aria-label="Save metadata resolver">
                         <span class="label pull-left" translate="action.save">
                             Save
                         </span>
diff --git a/ui/src/app/shared/autocomplete/autocomplete.component.html b/ui/src/app/shared/autocomplete/autocomplete.component.html
index 1af9bbe9e..d928a4c88 100644
--- a/ui/src/app/shared/autocomplete/autocomplete.component.html
+++ b/ui/src/app/shared/autocomplete/autocomplete.component.html
@@ -9,7 +9,6 @@
             class="form-control"
             autoComplete="off"
             type="text"
-            role="textbox"
             [attr.aria-activedescendant]="activeDescendant"
             [placeholder]="placeholder"
             attr.aria-owns="{{ id }}__listbox"
diff --git a/ui/src/app/shared/component/info-icon.component.html b/ui/src/app/shared/component/info-icon.component.html
index f73d5e0eb..62ec8195b 100644
--- a/ui/src/app/shared/component/info-icon.component.html
+++ b/ui/src/app/shared/component/info-icon.component.html
@@ -7,8 +7,6 @@
     [ngbPopover]="tooltipContent"
     [triggers]="triggers"
     [placement]="placement"
-    [attr.aria-flowto]="id"
-    role="tooltip"
     container="body">
     <i class="fa fa-fw fa-info-circle text-primary fa-lg"></i>
     <span class="sr-only" translate="tooltip.instruction"></span>
diff --git a/ui/src/app/wizard/component/wizard.component.html b/ui/src/app/wizard/component/wizard.component.html
index c3612bec2..2ab0dee60 100644
--- a/ui/src/app/wizard/component/wizard.component.html
+++ b/ui/src/app/wizard/component/wizard.component.html
@@ -1,8 +1,7 @@
 <nav *ngIf="(current$ | async) && (index$ | async)">
     <ul class="nav nav-wizard">
         <li class="nav-item" *ngIf="(previous$ | async)">
-            <button class="nav-link previous btn clearfix" (click)="onPrevious.emit(previousPage.index)" [disabled]="disabled$ | async"
-                [attr.aria-label]="previousPage.path" role="button">
+            <button class="nav-link previous btn clearfix" (click)="onPrevious.emit(previousPage.index)" [disabled]="disabled$ | async" [attr.aria-label]="previousPage.path">
                 <span class="direction pull-left">
                     <i class="fa fa-fw fa-arrow-circle-left d-block fa-2x"></i>
                     <translate-i18n key="action.back">Back</translate-i18n>
@@ -28,8 +27,7 @@ <h3 class="tag tag-primary">
             </h3>
         </li>
         <li class="nav-item" *ngIf="(next$ | async)">
-            <button class="nav-link next btn clearfix" (click)="onNext.emit(nextPage.index)" [disabled]="disabled$ | async" [attr.aria-label]="nextPage.path"
-                role="button">
+            <button class="nav-link next btn clearfix" (click)="onNext.emit(nextPage.index)" [disabled]="disabled$ | async" [attr.aria-label]="nextPage.path">
                 <span class="label pull-left">
                     <ng-container *ngIf="(next$ | async).index">{{ (next$ | async).index }}. </ng-container>
                     {{ (next$ | async).label | translate }}
@@ -43,7 +41,6 @@ <h3 class="tag tag-primary">
         <li class="nav-item" *ngIf="(last$ | async)">
             <button class="nav-link save btn"
                 aria-label="Save"
-                role="button"
                 [disabled]="disabled$ | async"
                 (click)="onSave.emit()">
                 <span class="label pull-left" translate="action.save">

From 6cd8cddbce34c238f0228dc41260c62732d82f21 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Fri, 7 Dec 2018 15:45:28 -0600
Subject: [PATCH 04/10] [SHIBUI-984] initial work

---
 .../JPAMetadataResolverServiceImpl.groovy     | 45 +++++++++++++++
 .../CoreShibUiConfiguration.java              |  2 +-
 .../ui/configuration/ShibUIConfiguration.java | 20 +++++++
 ...JPAMetadataResolverServiceImplTests.groovy | 57 +++++++++++++++++++
 backend/src/test/resources/conf/984-2.xml     | 33 +++++++++++
 backend/src/test/resources/conf/984.xml       | 33 +++++++++++
 .../resources/metadata/984-3-expected.xml     | 20 +++++++
 backend/src/test/resources/metadata/984-3.xml | 23 ++++++++
 8 files changed, 232 insertions(+), 1 deletion(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ShibUIConfiguration.java
 create mode 100644 backend/src/test/resources/conf/984-2.xml
 create mode 100644 backend/src/test/resources/conf/984.xml
 create mode 100644 backend/src/test/resources/metadata/984-3-expected.xml
 create mode 100644 backend/src/test/resources/metadata/984-3.xml

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index c444bd214..48a74d793 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.service
 
 import com.google.common.base.Predicate
+import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteListFilter
@@ -52,6 +53,9 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
     @Autowired
     private MetadataResolversPositionOrderContainerService resolversPositionOrderContainerService
 
+    @Autowired
+    private ShibUIConfiguration shibUIConfiguration
+
     // TODO: enhance
     @Override
     void reloadFilters(String metadataResolverResourceId) {
@@ -64,6 +68,13 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
 
             List<MetadataFilter> metadataFilters = new ArrayList<>()
 
+            // set up namespace protection
+            if (shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0) {
+                def target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
+                target.attributeFilter = new ScriptedPredicate(new EvaluableScript(protectedNamespaceScript()))
+                metadataFilters.add(target)
+            }
+
             for (edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter metadataFilter : jpaMetadataResolver.getMetadataFilters()) {
                 if (metadataFilter instanceof EntityAttributesFilter) {
                     EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) metadataFilter
@@ -104,6 +115,21 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
+    private String protectedNamespaceScript() {
+        return """(function (attribute) {
+                "use strict";
+                var namespaces = [${shibUIConfiguration.protectedAttributeNamespaces.collect({"\"${it}\""}).join(', ')}];
+                // check the parameter
+                if (attribute === null) { return true; }
+                for (var i in namespaces) {
+                    if (attribute.getName().startsWith(namespaces[i])) {
+                        return false;
+                    }
+                }
+                return true;
+            }(input));"""
+    }
+
     private class ScriptedPredicate extends net.shibboleth.utilities.java.support.logic.ScriptedPredicate<EntityDescriptor> {
         protected ScriptedPredicate(@Nonnull EvaluableScript theScript) {
             super(theScript)
@@ -133,9 +159,18 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                         if ((mr.type != 'BaseMetadataResolver') && (mr.enabled)) {
                             constructXmlNodeForResolver(mr, delegate) {
                                 //TODO: enhance
+                                def didNamespaceProtectionFilter = !(shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0)
                                 mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter ->
+                                    if (filter instanceof EntityAttributesFilter && !didNamespaceProtectionFilter) {
+                                        constructXmlNodeForEntityAttributeNamespaceProtection(delegate)
+                                        didNamespaceProtectionFilter = true
+                                    }
                                     constructXmlNodeForFilter(filter, delegate)
                                 }
+                                if (!didNamespaceProtectionFilter) {
+                                    constructXmlNodeForEntityAttributeNamespaceProtection(delegate)
+                                    didNamespaceProtectionFilter = true
+                                }
                             }
                         }
                 }
@@ -144,6 +179,16 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
+    void constructXmlNodeForEntityAttributeNamespaceProtection(def markupBuilderDelegate) {
+        markupBuilderDelegate.MetadataFilter('xsi:type': 'EntityAttributes') {
+            AttributeFilterScript() {
+                Script() {
+                    mkp.yieldUnescaped("\n<![CDATA[\n${protectedNamespaceScript()}\n]]>\n")
+                }
+            }
+        }
+    }
+
     void constructXmlNodeForFilter(SignatureValidationFilter filter, def markupBuilderDelegate) {
         if(filter.xmlShouldBeGenerated()) {
             markupBuilderDelegate.MetadataFilter(id: filter.name,
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
index fc1e0e8b4..fb60112f2 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -47,7 +47,7 @@
 import javax.servlet.http.HttpServletRequest;
 
 @Configuration
-@EnableConfigurationProperties(CustomPropertiesConfiguration.class)
+@EnableConfigurationProperties({CustomPropertiesConfiguration.class, ShibUIConfiguration.class})
 public class CoreShibUiConfiguration {
     private static final Logger logger = LoggerFactory.getLogger(CoreShibUiConfiguration.class);
 
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ShibUIConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ShibUIConfiguration.java
new file mode 100644
index 000000000..953ed2119
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ShibUIConfiguration.java
@@ -0,0 +1,20 @@
+package edu.internet2.tier.shibboleth.admin.ui.configuration;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+
+@Configuration
+@ConfigurationProperties(prefix = "shibui")
+@Getter
+@Setter
+public class ShibUIConfiguration {
+    /**
+     * A list of namespaces that should be excluded from incoming metadata. This is used to prevent third party metadata
+     * sources from using attributes that they might not have the rights to use.
+     */
+    private List<String> protectedAttributeNamespaces;
+}
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
index 1e2e61b3c..7184270c3 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
@@ -5,6 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.configuration.Internationalization
 import edu.internet2.tier.shibboleth.admin.ui.configuration.MetadataResolverConverterConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter
@@ -42,7 +43,14 @@ import org.springframework.test.annotation.DirtiesContext
 import org.springframework.test.context.ContextConfiguration
 import org.xmlunit.builder.DiffBuilder
 import org.xmlunit.builder.Input
+import spock.lang.Ignore
 import spock.lang.Specification
+import spock.lang.Unroll
+
+import javax.xml.transform.OutputKeys
+import javax.xml.transform.TransformerFactory
+import javax.xml.transform.dom.DOMSource
+import javax.xml.transform.stream.StreamResult
 
 import static edu.internet2.tier.shibboleth.admin.ui.util.TestHelpers.generatedXmlIsTheSameAsExpectedXml
 
@@ -74,6 +82,9 @@ class JPAMetadataResolverServiceImplTests extends Specification {
     @Autowired
     MetadataResolverConverterService mdrConverterService
 
+    @Autowired
+    ShibUIConfiguration shibUIConfiguration
+
     TestObjectGenerator testObjectGenerator
 
     DOMBuilder domBuilder
@@ -349,6 +360,52 @@ class JPAMetadataResolverServiceImplTests extends Specification {
         generatedXmlIsTheSameAsExpectedXml('/conf/704.3.xml', domBuilder.parseText(writer.toString()))
     }
 
+    @Unroll
+    @DirtiesContext(methodMode = DirtiesContext.MethodMode.AFTER_METHOD)
+    def 'test namespace protection [#namespaces]'() {
+        setup:
+        shibUIConfiguration.protectedAttributeNamespaces = namespaces
+        def resolver = new DynamicHttpMetadataResolver().with {
+            it.xmlId = 'DynamicHttpMetadataResolver'
+            it.metadataRequestURLConstructionScheme = new MetadataQueryProtocolScheme().with {
+                it.content = 'http://mdq-beta.incommon.org/global'
+                it
+            }
+            it
+        }
+        metadataResolverRepository.save(resolver)
+
+        expect:
+        generatedXmlIsTheSameAsExpectedXml(filename, metadataResolverService.generateConfiguration())
+
+        where:
+        namespaces | filename
+        ['http://shibboleth.net/ns/profiles'] | '/conf/984.xml'
+        ['http://shibboleth.net/ns/profiles', 'http://scaldingspoon.com/iam'] | '/conf/984-2.xml'
+    }
+
+    @Ignore('there is a bug in org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter.applyFilter')
+    def 'test namespace protection internal filtering'() {
+        setup:
+        shibUIConfiguration.protectedAttributeNamespaces = ['http://shibboleth.net/ns/profiles']
+        def resolver = new edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver().with {
+            it.resourceId = 'testme984'
+            it.name = 'testme984'
+            it.classpathMetadataResource = new ClasspathMetadataResource('metadata/984-3.xml')
+            it
+        }
+        def x = metadataResolverRepository.save(resolver)
+        ((OpenSamlChainingMetadataResolver)metadataResolver).resolvers.add(mdrConverterService.convertToOpenSamlRepresentation(x))
+
+        when:
+        metadataResolverService.reloadFilters('testme984')
+        def ed = metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion('http://test.scaldingspoon.org/test1')))
+        def x2 = openSamlObjects.marshalToXmlString(ed)
+
+        then:
+        !DiffBuilder.compare(Input.fromStream(this.class.getResourceAsStream('/metadata/984-3-expected.xml'))).withTest(Input.fromString(openSamlObjects.marshalToXmlString(ed))).ignoreComments().ignoreWhitespace().build().hasDifferences()
+    }
+
     static genXmlSnippet(MarkupBuilder xml, Closure xmlNodeGenerator) {
         xml.MetadataProvider('id': 'ShibbolethMetadata',
                 'xmlns': 'urn:mace:shibboleth:2.0:metadata',
diff --git a/backend/src/test/resources/conf/984-2.xml b/backend/src/test/resources/conf/984-2.xml
new file mode 100644
index 000000000..0c5749f10
--- /dev/null
+++ b/backend/src/test/resources/conf/984-2.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<MetadataProvider xmlns="urn:mace:shibboleth:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                  id="ShibbolethMetadata"
+                  xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"
+                  xsi:type="ChainingMetadataProvider">
+    <MetadataProvider backgroundInitializationFromCacheDelay="PT2S" cleanupTaskInterval="PT30M"
+                      connectionRequestTimeout="PT5S" connectionTimeout="PT5S" id="DynamicHttpMetadataResolver"
+                      maxCacheDuration="PT8H" maxConnectionsPerRoute="100" maxConnectionsTotal="100"
+                      maxIdleEntityData="PT8H" minCacheDuration="PT10M" refreshDelayFactor="0.75"
+                      removeIdleEntityData="true" socketTimeout="PT5S" xsi:type="DynamicHttpMetadataProvider">
+        <MetadataQueryProtocol>http://mdq-beta.incommon.org/global</MetadataQueryProtocol>
+        <MetadataFilter xsi:type="EntityAttributes">
+            <AttributeFilterScript>
+                <Script>
+                    <![CDATA[
+            (function (attribute) {
+                "use strict";
+                var namespaces = ["http://shibboleth.net/ns/profiles", "http://scaldingspoon.com/iam"];
+                // check the parameter
+                if (attribute === null) { return true; }
+                for (var i in namespaces) {
+                    if (attribute.getName().startsWith(namespaces[i])) {
+                        return false;
+                    }
+                }
+                return true;
+            }(input));
+]]>
+                </Script>
+            </AttributeFilterScript>
+        </MetadataFilter>
+    </MetadataProvider>
+</MetadataProvider>
diff --git a/backend/src/test/resources/conf/984.xml b/backend/src/test/resources/conf/984.xml
new file mode 100644
index 000000000..5974aa861
--- /dev/null
+++ b/backend/src/test/resources/conf/984.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<MetadataProvider xmlns="urn:mace:shibboleth:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                  id="ShibbolethMetadata"
+                  xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"
+                  xsi:type="ChainingMetadataProvider">
+    <MetadataProvider backgroundInitializationFromCacheDelay="PT2S" cleanupTaskInterval="PT30M"
+                      connectionRequestTimeout="PT5S" connectionTimeout="PT5S" id="DynamicHttpMetadataResolver"
+                      maxCacheDuration="PT8H" maxConnectionsPerRoute="100" maxConnectionsTotal="100"
+                      maxIdleEntityData="PT8H" minCacheDuration="PT10M" refreshDelayFactor="0.75"
+                      removeIdleEntityData="true" socketTimeout="PT5S" xsi:type="DynamicHttpMetadataProvider">
+        <MetadataQueryProtocol>http://mdq-beta.incommon.org/global</MetadataQueryProtocol>
+        <MetadataFilter xsi:type="EntityAttributes">
+            <AttributeFilterScript>
+                <Script>
+                    <![CDATA[
+            (function (attribute) {
+                "use strict";
+                var namespaces = ["http://shibboleth.net/ns/profiles"];
+                // check the parameter
+                if (attribute === null) { return true; }
+                for (var i in namespaces) {
+                    if (attribute.getName().startsWith(namespaces[i])) {
+                        return false;
+                    }
+                }
+                return true;
+            }(input));
+]]>
+                </Script>
+            </AttributeFilterScript>
+        </MetadataFilter>
+    </MetadataProvider>
+</MetadataProvider>
diff --git a/backend/src/test/resources/metadata/984-3-expected.xml b/backend/src/test/resources/metadata/984-3-expected.xml
new file mode 100644
index 000000000..b15921f7d
--- /dev/null
+++ b/backend/src/test/resources/metadata/984-3-expected.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                     xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+                     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+                     entityID="http://test.scaldingspoon.org/test1">
+    <md:Extensions>
+        <mdattr:EntityAttributes>
+            <saml:Attribute Name="http://scaldingspoon.org/realm"
+                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+                <saml:AttributeValue>internal</saml:AttributeValue>
+            </saml:Attribute>
+        </mdattr:EntityAttributes>
+    </md:Extensions>
+    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                                     Location="https://test.scaldingspoon.org/test1/acs"
+                                     index="1"/>
+    </md:SPSSODescriptor>
+</md:EntityDescriptor>
\ No newline at end of file
diff --git a/backend/src/test/resources/metadata/984-3.xml b/backend/src/test/resources/metadata/984-3.xml
new file mode 100644
index 000000000..87ab7d428
--- /dev/null
+++ b/backend/src/test/resources/metadata/984-3.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                     xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+                     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+                     entityID="http://test.scaldingspoon.org/test1">
+    <md:Extensions>
+        <mdattr:EntityAttributes>
+            <saml:Attribute Name="http://scaldingspoon.org/realm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+                <saml:AttributeValue>internal</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="http://shibboleth.net/ns/attributes/releaseAllValues" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+                <saml:AttributeValue>givenName</saml:AttributeValue>
+                <saml:AttributeValue>employeeNumber</saml:AttributeValue>
+            </saml:Attribute>
+        </mdattr:EntityAttributes>
+    </md:Extensions>
+    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                                     Location="https://test.scaldingspoon.org/test1/acs"
+                                     index="1" />
+    </md:SPSSODescriptor>
+</md:EntityDescriptor>
\ No newline at end of file

From 81b0fed149f2a2d477b11a1098255e64db47f721 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Fri, 7 Dec 2018 15:46:04 -0600
Subject: [PATCH 05/10] [SHIBUI-984] remove debug work

---
 .../admin/ui/service/JPAMetadataResolverServiceImplTests.groovy  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
index 7184270c3..94dde95d8 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
@@ -400,7 +400,6 @@ class JPAMetadataResolverServiceImplTests extends Specification {
         when:
         metadataResolverService.reloadFilters('testme984')
         def ed = metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion('http://test.scaldingspoon.org/test1')))
-        def x2 = openSamlObjects.marshalToXmlString(ed)
 
         then:
         !DiffBuilder.compare(Input.fromStream(this.class.getResourceAsStream('/metadata/984-3-expected.xml'))).withTest(Input.fromString(openSamlObjects.marshalToXmlString(ed))).ignoreComments().ignoreWhitespace().build().hasDifferences()

From 6cbed982edb8b0a76cbfe372287e8bcbd96fccea Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Mon, 10 Dec 2018 09:17:29 -0700
Subject: [PATCH 06/10] SHIBUI-1055 Fixed text

---
 backend/src/main/resources/i18n/messages_en.properties | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties
index 7d20536d0..5c9c78d5a 100644
--- a/backend/src/main/resources/i18n/messages_en.properties
+++ b/backend/src/main/resources/i18n/messages_en.properties
@@ -483,9 +483,9 @@ tooltip.enable-provider-upon-saving=If checkbox is clicked, the metadata provide
 tooltip.max-validity-interval=Defines the window within which the metadata is valid.
 tooltip.require-signed-root=If true, this fails to load metadata with no signature on the root XML element.
 tooltip.certificate-file=A key used to verify the signature. Conflicts with trustEngineRef and both of the child elements.
-tooltip.retained-roles=Controls whether to keep entity descriptors that contain no roles
-tooltip.remove-roleless-entity-descriptors=Controls whether to keep entity descriptors that contain no roles.
-tooltip.remove-empty-entities-descriptors=Controls whether to keep entities descriptors that contain no entity descriptors.
+tooltip.retained-roles=Note that property replacement cannot be used on this element.
+tooltip.remove-roleless-entity-descriptors=Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntityDescriptor> element must include at least one role descriptor.
+tooltip.remove-empty-entities-descriptors=Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntitiesDescriptor> element must include at least one child element, either an <md:EntityDescriptor> element or an <md:EntitiesDescriptor> element.
 
 tooltip.min-refresh-delay=Lower bound on the next refresh from the time calculated based on the metadata\u0027s expiration.
 tooltip.max-refresh-delay=Upper bound on the next refresh from the time calculated based on the metadata\u0027s expiration.

From c48572e5ba66a5c3036a20cf8ca011fe9bcc1644 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Mon, 10 Dec 2018 09:38:53 -0700
Subject: [PATCH 07/10] SHIBUI-1050 Fixed min/max refresh delay factor

---
 .../main/resources/dynamic-http-metadata-provider.schema.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/src/main/resources/dynamic-http-metadata-provider.schema.json b/backend/src/main/resources/dynamic-http-metadata-provider.schema.json
index f9dec02b8..4b8dc513f 100644
--- a/backend/src/main/resources/dynamic-http-metadata-provider.schema.json
+++ b/backend/src/main/resources/dynamic-http-metadata-provider.schema.json
@@ -152,8 +152,8 @@
                         "step": 0.01
                     },
                     "placeholder": "label.real-number",
-                    "minimum": 0,
-                    "maximum": 1,
+                    "minimum": 0.01,
+                    "maximum": 0.99,
                     "default": null
                 },
                 "minCacheDuration": {

From 0d8ac043d84485178f11d20543d3764d6e192d3d Mon Sep 17 00:00:00 2001
From: Jodie Muramoto <jmuramoto@unicon.net>
Date: Mon, 10 Dec 2018 10:26:21 -0700
Subject: [PATCH 08/10] SHIBUI-1015: Fixed issues with forms and labels
 (assigned ARIA labels);

---
 .../manager/component/provider-search.component.html        | 3 ++-
 .../resolver/container/copy-resolver.component.html         | 6 ++++--
 ui/src/app/shared/autocomplete/autocomplete.component.html  | 2 --
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ui/src/app/metadata/manager/component/provider-search.component.html b/ui/src/app/metadata/manager/component/provider-search.component.html
index bedc6ad7d..29479de5d 100644
--- a/ui/src/app/metadata/manager/component/provider-search.component.html
+++ b/ui/src/app/metadata/manager/component/provider-search.component.html
@@ -1,6 +1,6 @@
 <form [formGroup]="searchForm">
-    <label for="search" class="sr-only" translate="action.search">Search</label>
     <div class="input-group input-group-sm">
+        <label [for]="search" class="sr-only" translate="action.search">Search</label>
         <input
             id="search"
             type="text"
@@ -9,6 +9,7 @@
             [placeholder]="'label.search-files' | translate"
             aria-label="To search for a source, enter name then press enter"
             formControlName="search"
+            role="textbox"
             (keyup)="search.emit($event.target.value)">
         <div class="input-group-append">
             <button class="btn btn-light"
diff --git a/ui/src/app/metadata/resolver/container/copy-resolver.component.html b/ui/src/app/metadata/resolver/container/copy-resolver.component.html
index acbbd1908..688deb9a7 100644
--- a/ui/src/app/metadata/resolver/container/copy-resolver.component.html
+++ b/ui/src/app/metadata/resolver/container/copy-resolver.component.html
@@ -23,7 +23,7 @@ <h3 class="tag tag-primary">
             </ul>
             <fieldset class="bg-light border rounded p-4">
                 <div class="form-group">
-                    <label for="serviceProviderName">
+                    <label for="target">
                         <translate-i18n key="label.select-entity-id-to-copy">Select the Entity ID to copy</translate-i18n>
                         <i class="fa fa-fw fa-asterisk text-danger" aria-hidden="true"></i>
                     </label>
@@ -97,7 +97,9 @@ <h3 class="tag tag-primary">
                                     [id]="'section-' + i"
                                     [name]="'section-' + i"
                                     role="checkbox" />
-                                <label class="custom-control-label" for="section-{{ i }}"></label>
+                                <label class="custom-control-label"
+                                    [for]="'section-' + i"
+                                    [attr.aria-label]="item.i18nKey"></label>
                             </div>
                         </fieldset>
                     </td>
diff --git a/ui/src/app/shared/autocomplete/autocomplete.component.html b/ui/src/app/shared/autocomplete/autocomplete.component.html
index 1af9bbe9e..1f59e0ab5 100644
--- a/ui/src/app/shared/autocomplete/autocomplete.component.html
+++ b/ui/src/app/shared/autocomplete/autocomplete.component.html
@@ -1,5 +1,4 @@
 <div id="{{ id }}-container" class="dropdown form-group" (keydown)="handleKeyDown($event)" role='combobox' [attr.aria-expanded]="(menuIsVisible$ | async) ? 'true' : 'false'">
-    <label *ngIf="!fieldId" for="{{ id }}__input" attr.aria-labelledby="{{ id }}__input" class="sr-only"></label>
     <div [ngClass]="{'input-group': dropdown}">
         <input
             #inputField
@@ -9,7 +8,6 @@
             class="form-control"
             autoComplete="off"
             type="text"
-            role="textbox"
             [attr.aria-activedescendant]="activeDescendant"
             [placeholder]="placeholder"
             attr.aria-owns="{{ id }}__listbox"

From e61050b6f997c9b127cc8f5f26df042baaae89ff Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Mon, 10 Dec 2018 11:14:05 -0700
Subject: [PATCH 09/10] SHIBUI-1053 Added element

---
 ...dynamic-http-metadata-provider.schema.json | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/backend/src/main/resources/dynamic-http-metadata-provider.schema.json b/backend/src/main/resources/dynamic-http-metadata-provider.schema.json
index 4b8dc513f..887508b7f 100644
--- a/backend/src/main/resources/dynamic-http-metadata-provider.schema.json
+++ b/backend/src/main/resources/dynamic-http-metadata-provider.schema.json
@@ -222,6 +222,29 @@
                     "default": null,
                     "pattern": "^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$"
                 },
+                "removeIdleEntityData": {
+                    "title": "label.remove-idle-entity-data",
+                    "description": "tooltip.remove-idle-entity-data",
+                    "type": "boolean",
+                    "widget": {
+                        "id": "boolean-radio"
+                    },
+                    "oneOf": [
+                        {
+                            "enum": [
+                                true
+                            ],
+                            "description": "value.true"
+                        },
+                        {
+                            "enum": [
+                                false
+                            ],
+                            "description": "value.false"
+                        }
+                    ],
+                    "default": true
+                },
                 "cleanupTaskInterval": {
                     "title": "label.cleanup-task-interval",
                     "description": "tooltip.cleanup-task-interval",

From 166f86b042111303578d9cbbb474303421f8eccd Mon Sep 17 00:00:00 2001
From: Jodie Muramoto <jmuramoto@unicon.net>
Date: Tue, 11 Dec 2018 08:00:06 -0700
Subject: [PATCH 10/10] SHIBUI-1002: Fixed bugs related to
 filesystemMetadataProvider;

---
 .../file-system-metadata-provider.schema.json        |  4 ++--
 backend/src/main/resources/i18n/messages.properties  |  2 +-
 .../src/main/resources/i18n/messages_en.properties   |  2 +-
 .../provider/model/file-system.provider.form.ts      | 12 ++++++------
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/backend/src/main/resources/file-system-metadata-provider.schema.json b/backend/src/main/resources/file-system-metadata-provider.schema.json
index 8f28d3d83..95dfbf1f7 100644
--- a/backend/src/main/resources/file-system-metadata-provider.schema.json
+++ b/backend/src/main/resources/file-system-metadata-provider.schema.json
@@ -8,7 +8,7 @@
     ],
     "properties": {
         "name": {
-            "title": "label.metadata-provider-name",
+            "title": "label.service-provider-name-dashboard-display-only",
             "description": "tooltip.metadata-provider-name",
             "type": "string",
             "widget": {
@@ -135,7 +135,7 @@
                     },
                     "placeholder": "label.real-number",
                     "minimum": 0,
-                    "maximum": 1,
+                    "maximum": 0.99,
                     "default": null
                 }
             }
diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties
index 25e82fa86..5b39cb7b9 100644
--- a/backend/src/main/resources/i18n/messages.properties
+++ b/backend/src/main/resources/i18n/messages.properties
@@ -299,7 +299,7 @@ label.metadata-provider-type=Metadata Provider Type
 label.metadata-provider-name=Metadata Provider Name
 label.select-metadata-type=Select a metadata provider type
 label.metadata-provider-status=Metadata Provider Status
-label.enable-provider-upon-saving=Enable Metadata Provider?
+label.enable-provider-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP
 label.certificate-type=Type
 
 label.metadata-file=Metadata File
diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties
index 7d20536d0..3099c1b8b 100644
--- a/backend/src/main/resources/i18n/messages_en.properties
+++ b/backend/src/main/resources/i18n/messages_en.properties
@@ -299,7 +299,7 @@ label.metadata-provider-type=Metadata Provider Type
 label.metadata-provider-name=Metadata Provider Name
 label.select-metadata-type=Select a metadata provider type
 label.metadata-provider-status=Metadata Provider Status
-label.enable-provider-upon-saving=Enable Metadata Provider?
+label.enable-provider-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP
 label.certificate-type=Type
 
 label.metadata-file=Metadata File
diff --git a/ui/src/app/metadata/provider/model/file-system.provider.form.ts b/ui/src/app/metadata/provider/model/file-system.provider.form.ts
index 9c5e2536b..c42fed449 100644
--- a/ui/src/app/metadata/provider/model/file-system.provider.form.ts
+++ b/ui/src/app/metadata/provider/model/file-system.provider.form.ts
@@ -44,8 +44,8 @@ export const FileSystemMetadataProviderWizard: Wizard<FileSystemMetadataProvider
             ]
         },
         {
-            id: 'reloading',
-            label: 'label.reloading-attributes',
+            id: 'dynamic',
+            label: 'label.dynamic-attributes',
             index: 3,
             initialValues: [],
             schema: '/api/ui/MetadataResolver/FilesystemMetadataResolver',
@@ -116,14 +116,14 @@ export const FileSystemMetadataProviderEditor: Wizard<FileSystemMetadataProvider
                     class: ['mb-3'],
                     fields: [
                         'name',
-                        '@type',
-                        'enabled'
+                        '@type'
                     ]
                 },
                 {
                     type: 'group-lg',
                     class: ['col-12'],
                     fields: [
+                        'enabled',
                         'xmlId',
                         'metadataFile',
                         'doInitialization'
@@ -132,8 +132,8 @@ export const FileSystemMetadataProviderEditor: Wizard<FileSystemMetadataProvider
             ]
         },
         {
-            id: 'reloading',
-            label: 'label.reloading-attributes',
+            id: 'dynamic',
+            label: 'label.dynamic-attributes',
             index: 2,
             initialValues: [],
             schema: '/api/ui/MetadataResolver/FilesystemMetadataResolver',